Edit tour

Windows Analysis Report
FS-SZHAJCVS.msi

Overview

General Information

Sample name:	FS-SZHAJCVS.msi
Analysis ID:	1574856
MD5:	f63a9b0b142d4a0d7a9811fad82a1d39
SHA1:	65b03fe7cd544e60e4165bf8498e54e769694983
SHA256:	2c1236d62d9e47aac6495dfbcee1d0e447c8ca6032ea49d0bb61b463976e1142
Tags:	msiuser-abuse_ch
Infos:

Detection

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Hides threads from debuggers

Machine Learning detection for dropped file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Switches to a custom stack to bypass stack traces

Tries to evade analysis by execution special instruction (VM detection)

Checks for available system drives (often done to infect USB drives)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

Launches processes in debugging mode, may be used to hinder debugging

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Suricata IDS alerts with low severity for network traffic

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 7724 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\FS-SZHAJCVS.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7808 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7924 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding A95A5DA04788A2228387268B6F61DD10 MD5: 9D09DC1EDA745A5F87553048E57620CF)

chrome.exe (PID: 8024 cmdline: "C:\Users\user\Contacts\chrome.exe" MD5: DD36EA28C576FB0AD109B42D3D6C9F96)

chrome.exe (PID: 7380 cmdline: "C:\Users\user\Contacts\chrome.exe" MD5: DD36EA28C576FB0AD109B42D3D6C9F96)

chrome.exe (PID: 7468 cmdline: "C:\Users\user\Contacts\chrome.exe" MD5: DD36EA28C576FB0AD109B42D3D6C9F96)

cleanup

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Contacts\chrome.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Contacts\chrome.exe, ProcessId: 8024, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Financeiro

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-13T17:47:47.216147+0100	2803304	3	Unknown Traffic	192.168.2.9	49708	162.214.64.212	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\Contacts\chrome_elf.dll

ReversingLabs: Detection: 28%

Multi AV Scanner detection for submitted file

Source: FS-SZHAJCVS.msi

ReversingLabs: Detection: 15%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Machine Learning detection for dropped file

Source: C:\Users\user\Contacts\chrome_elf.dll

Joe Sandbox ML: detected

Source:	Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\initialexe\chrome.exe.pdb source: chrome.exe, 00000004.00000000.1513707118.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2684998422.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1771764316.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2684952702.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.1852582941.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: FS-SZHAJCVS.msi, 5db15a.msi.2.dr

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: global traffic

HTTP traffic detected: GET /dsdrk/inspecionando.php HTTP/1.1Host: e-notas.comCache-Control: no-cache

Source: Network traffic

Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.9:49708 -> 162.214.64.212:80

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /dsdrk/inspecionando.php HTTP/1.1Host: e-notas.comCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: e-notas.com

Source: chrome.exe, 00000004.00000002.2682345925.0000000000A45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://e-notas.com/dsdrk/inspecionando.php
Source: chrome.exe, 00000004.00000002.2690256186.000000006AEAB000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.2689604682.000000006AEAB000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000008.00000002.2689870499.000000006AEAB000.00000020.00000001.01000000.00000004.sdmp	String found in binary or memory: http://www.indyproject.org/
Source: chrome.exe, chrome.exe, 00000004.00000000.1513707118.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2684998422.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1771764316.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2684952702.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.1852582941.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://crashpad.chromium.org/
Source: chrome.exe, chrome.exe, 00000004.00000000.1513707118.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2684998422.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1771764316.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2684952702.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.1852582941.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: chrome.exe, 00000004.00000000.1513707118.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2684998422.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1771764316.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2684952702.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.1852582941.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new

System Summary

PE file contains section with special chars

Source: chrome_elf.dll.2.dr	Static PE information: section name: .^f&
Source: chrome_elf.dll.2.dr	Static PE information: section name: .W*?

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5db15a.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIB9F5.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBB2E.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBB6E.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBBBD.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBC0C.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBCC8.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5db15d.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5db15d.msi	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIB9F5.tmp

Jump to behavior

Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BCA770	4_2_00BCA770
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B46AD0	4_2_00B46AD0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B50A20	4_2_00B50A20
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C06D80	4_2_00C06D80
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B48030	4_2_00B48030
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BA8060	4_2_00BA8060
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C38190	4_2_00C38190
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B78100	4_2_00B78100
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C3D11C	4_2_00C3D11C
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B632E0	4_2_00B632E0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C412B0	4_2_00C412B0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BC8210	4_2_00BC8210
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C1B380	4_2_00C1B380
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C0C390	4_2_00C0C390
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C024F0	4_2_00C024F0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B9C480	4_2_00B9C480
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BC34F0	4_2_00BC34F0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B8F4C0	4_2_00B8F4C0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C07470	4_2_00C07470
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C085F0	4_2_00C085F0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C2A580	4_2_00C2A580
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B425F0	4_2_00B425F0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B64520	4_2_00B64520
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C096F0	4_2_00C096F0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C606AA	4_2_00C606AA
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B4D620	4_2_00B4D620
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BD5620	4_2_00BD5620
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BCE600	4_2_00BCE600
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B4C650	4_2_00B4C650
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C1A7C0	4_2_00C1A7C0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BCC7A0	4_2_00BCC7A0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BC27F0	4_2_00BC27F0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BC5720	4_2_00BC5720
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BC1760	4_2_00BC1760
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BDA8A0	4_2_00BDA8A0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C10860	4_2_00C10860
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BC89B0	4_2_00BC89B0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C019D0	4_2_00C019D0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C8B990	4_2_00C8B990
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BC6950	4_2_00BC6950
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C05AC0	4_2_00C05AC0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C35A50	4_2_00C35A50
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C07A30	4_2_00C07A30
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B42B30	4_2_00B42B30
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B4EB60	4_2_00B4EB60
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BC5CA0	4_2_00BC5CA0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B58C00	4_2_00B58C00
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B52C70	4_2_00B52C70
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B75C50	4_2_00B75C50
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BC2DA0	4_2_00BC2DA0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C5EDA5	4_2_00C5EDA5
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C3DDAD	4_2_00C3DDAD
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B52DC0	4_2_00B52DC0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C02D40	4_2_00C02D40
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C05ED0	4_2_00C05ED0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C08EA0	4_2_00C08EA0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B4EED0	4_2_00B4EED0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BA8EC0	4_2_00BA8EC0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C01E40	4_2_00C01E40
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BD4E10	4_2_00BD4E10
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BEBFC0	4_2_00BEBFC0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C00F50	4_2_00C00F50
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00BC8F20	4_2_00BC8F20

Source: Joe Sandbox View

Dropped File: C:\Users\user\Contacts\chrome.exe 07D849EAF8BBBCE5ABD7EC2348DFF0394F49E803C34120629AE258E62A1A32BD

Source: C:\Users\user\Contacts\chrome.exe	Code function: String function: 00C1E040 appears 43 times
Source: C:\Users\user\Contacts\chrome.exe	Code function: String function: 00BC9F70 appears 36 times
Source: C:\Users\user\Contacts\chrome.exe	Code function: String function: 00C64060 appears 215 times

Source: chrome_elf.dll.2.dr

Static PE information: Number of sections : 13 > 10

Source: FS-SZHAJCVS.msi

Binary or memory string: OriginalFilenameAICustAct.dllF vs FS-SZHAJCVS.msi

Source: classification engine

Classification label: mal88.evad.winMSI@8/157@2/1

Source: C:\Users\user\Contacts\chrome.exe

Code function: 4_2_00C815D0 FormatMessageW,GetLastError,LocalFree,

4_2_00C815D0

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\CMLBD8F.tmp

Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DFB349E6DA99E60766.TMP

Jump to behavior

Source: C:\Users\user\Contacts\chrome.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\user\Contacts\chrome.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: FS-SZHAJCVS.msi

ReversingLabs: Detection: 15%

Source: chrome.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: chrome.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: chrome.exe	String found in binary or memory: Try '%ls --help' for more information.
Source: chrome.exe	String found in binary or memory: Try '%ls --help' for more information.

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\FS-SZHAJCVS.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A95A5DA04788A2228387268B6F61DD10
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\Contacts\chrome.exe "C:\Users\user\Contacts\chrome.exe"
Source: unknown	Process created: C:\Users\user\Contacts\chrome.exe "C:\Users\user\Contacts\chrome.exe"
Source: unknown	Process created: C:\Users\user\Contacts\chrome.exe "C:\Users\user\Contacts\chrome.exe"
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding A95A5DA04788A2228387268B6F61DD10	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\Contacts\chrome.exe "C:\Users\user\Contacts\chrome.exe"	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: idndl.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: magnification.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: idndl.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: magnification.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: security.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: idndl.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: magnification.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Section loaded: winsta.dll	Jump to behavior

Source: C:\Users\user\Contacts\chrome.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: FS-SZHAJCVS.msi

Static file information: File size 26025472 > 1048576

Source:	Binary string: C:\b\s\w\ir\cache\builder\src\out\Release\initialexe\chrome.exe.pdb source: chrome.exe, 00000004.00000000.1513707118.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2684998422.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1771764316.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2684952702.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.1852582941.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: FS-SZHAJCVS.msi, 5db15a.msi.2.dr

Source: C:\Users\user\Contacts\chrome.exe

Code function: 4_2_00B49990 LoadLibraryW,GetProcAddress,

4_2_00B49990

Source: initial sample

Static PE information: section where entry point is pointing to: .bQH

Source: chrome.exe.2.dr	Static PE information: section name: CPADinfo
Source: chrome.exe.2.dr	Static PE information: section name: malloc_h
Source: chrome_elf.dll.2.dr	Static PE information: section name: .didata
Source: chrome_elf.dll.2.dr	Static PE information: section name: .^f&
Source: chrome_elf.dll.2.dr	Static PE information: section name: .W*?
Source: chrome_elf.dll.2.dr	Static PE information: section name: .bQH
Source: MSIB9F5.tmp.2.dr	Static PE information: section name: .fptable
Source: MSIBB2E.tmp.2.dr	Static PE information: section name: .fptable
Source: MSIBB6E.tmp.2.dr	Static PE information: section name: .fptable
Source: MSIBBBD.tmp.2.dr	Static PE information: section name: .fptable
Source: MSIBC0C.tmp.2.dr	Static PE information: section name: .fptable

Source: C:\Users\user\Contacts\chrome.exe

Code function: 4_2_00C39F3B push ecx; ret

4_2_00C39F4E

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIB9F5.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBB6E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBBBD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\Contacts\chrome_elf.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBB2E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBC0C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\Contacts\chrome.exe	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIB9F5.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBB6E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBBBD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBB2E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBC0C.tmp	Jump to dropped file

Source: C:\Users\user\Contacts\chrome.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Financeiro			Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Financeiro			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: A00005 value: E9 8B 2F B4 76	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 77542F90 value: E9 7A D0 4B 89	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: B20007 value: E9 EB DF A5 76	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 7757DFF0 value: E9 1E 20 5A 89	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: B30005 value: E9 2B BA 9D 76	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 7750BA30 value: E9 DA 45 62 89	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 4D90008 value: E9 8B 8E 7C 72	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 77558E90 value: E9 80 71 83 8D	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 4DA0005 value: E9 8B 4D 62 70	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 753C4D90 value: E9 7A B2 9D 8F	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 4DB0005 value: E9 EB EB 62 70	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 753DEBF0 value: E9 1A 14 9D 8F	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 4DC0005 value: E9 8B 8A 87 70	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 75638A90 value: E9 7A 75 78 8F	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 4DD0005 value: E9 2B 02 89 70	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 8024 base: 75660230 value: E9 DA FD 76 8F	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: 8C0005 value: E9 8B 2F C8 76	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: 77542F90 value: E9 7A D0 37 89	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: 8E0007 value: E9 EB DF C9 76	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: 7757DFF0 value: E9 1E 20 36 89	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: 8F0005 value: E9 2B BA C1 76	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: 7750BA30 value: E9 DA 45 3E 89	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: A10008 value: E9 8B 8E B4 76	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: 77558E90 value: E9 80 71 4B 89	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: A20005 value: E9 8B 4D 9A 74	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: 753C4D90 value: E9 7A B2 65 8B	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: A30005 value: E9 EB EB 9A 74	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: 753DEBF0 value: E9 1A 14 65 8B	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: A40005 value: E9 8B 8A BF 74	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: 75638A90 value: E9 7A 75 40 8B	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: A50005 value: E9 2B 02 C1 74	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7380 base: 75660230 value: E9 DA FD 3E 8B	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: 520005 value: E9 8B 2F 02 77	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: 77542F90 value: E9 7A D0 FD 88	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: 7A0007 value: E9 EB DF DD 76	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: 7757DFF0 value: E9 1E 20 22 89	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: 7B0005 value: E9 2B BA D5 76	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: 7750BA30 value: E9 DA 45 2A 89	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: AA0008 value: E9 8B 8E AB 76	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: 77558E90 value: E9 80 71 54 89	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: AB0005 value: E9 8B 4D 91 74	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: 753C4D90 value: E9 7A B2 6E 8B	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: AC0005 value: E9 EB EB 91 74	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: 753DEBF0 value: E9 1A 14 6E 8B	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: AD0005 value: E9 8B 8A B6 74	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: 75638A90 value: E9 7A 75 49 8B	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: AE0005 value: E9 2B 02 B8 74	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Memory written: PID: 7468 base: 75660230 value: E9 DA FD 47 8B	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Contacts\chrome.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	System information queried: FirmwareTableInformation	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	System information queried: FirmwareTableInformation	Jump to behavior

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BB1DF2F
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C813443
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BC10C75
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C7D2482
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BC8FF41
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BCEB320
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C7AD428
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BC631C5
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C7E92D6
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BC93135
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BBAC21D
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BCA7294
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BA49167
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C7D6C3D
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BC9F04D
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BDFCA55
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C76FBCB
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BB08985
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BA70B19
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BCDCA76
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C7F9A84
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BB5D14A
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BBD6693
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BBEE8A7
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BD0E5F4
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BCB42F3
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C7C8182
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BCAB8DE
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BD2A5A4
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BA49570
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BB84E63
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BBEC4F9
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C5C15C6
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C7D05B8
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C81B4E6
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BB453D1
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BC3CAF6
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C7801F7
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BAF5841
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BA635A4
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C7C1E40
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BB5C52E
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C7EE4CF
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BB6218F
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BA6FCC6
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BD4ACFE
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BE04881
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C870944
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BC29A1F
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BD719B1
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BB4DD30
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BC887A0
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BCBEBEC
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BB8960D
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C83B5F0
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BA2C70A
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C818C17
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BC2F4B1
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BCFD8F4
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BD3C932
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C7F7F73
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BD88039
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BDA5072
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6C5A9807
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BD411CC
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BB0AA8B
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BB7A51B
Source: C:\Users\user\Contacts\chrome.exe	API/Special instruction interceptor: Address: 6BB5AD1C

Tries to evade analysis by execution special instruction (VM detection)

Source: C:\Users\user\Contacts\chrome.exe	Special instruction interceptor: First address: 6BC7CB37 instructions rdtsc caused by: RDTSC with Trap Flag (TF)
Source: C:\Users\user\Contacts\chrome.exe	Special instruction interceptor: First address: 6C5B7593 instructions rdtsc caused by: RDTSC with Trap Flag (TF)

Source: C:\Users\user\Contacts\chrome.exe

Code function: 4_2_00B4CFF0 rdtsc

4_2_00B4CFF0

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIB9F5.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBB6E.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBBBD.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Users\user\Contacts\chrome_elf.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBC0C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBB2E.tmp	Jump to dropped file

Source: C:\Users\user\Contacts\chrome.exe

API coverage: 2.8 %

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\Contacts\chrome.exe

Code function: 4_2_00B48030 GetModuleHandleExW,GetLastError,SetLastError,GetLastError,SetLastError,GetCurrentProcess,K32GetModuleInformation,GetLastError,SetLastError,GetLastError,SetLastError,GetSystemInfo,GetLastError,FreeLibrary,FreeLibrary,FreeLibrary,

4_2_00B48030

Source: chrome.exe, 00000004.00000002.2682345925.0000000000A17000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000004.00000002.2682345925.0000000000A72000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: chrome.exe, 00000007.00000002.2682294049.0000000000910000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllvvee
Source: chrome.exe, 00000008.00000002.2682246305.00000000005D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllyy

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Contacts\chrome.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Thread information set: HideFromDebugger	Jump to behavior

Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Contacts\chrome.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Contacts\chrome.exe

Code function: 4_2_00B4CFF0 rdtsc

4_2_00B4CFF0

Source: C:\Users\user\Contacts\chrome.exe

Code function: 4_2_00B41F90 GetCurrentThread,IsDebuggerPresent,GetModuleHandleW,GetProcAddress,GetCurrentThreadId,

4_2_00B41F90

Source: C:\Users\user\Contacts\chrome.exe

Code function: 4_2_00B491A0 GetLastError,SetLastError,SetLastError,OutputDebugStringA,WriteFile,

4_2_00B491A0

Source: C:\Users\user\Contacts\chrome.exe

Code function: 4_2_00B49990 LoadLibraryW,GetProcAddress,

4_2_00B49990

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Users\user\Contacts\chrome.exe "C:\Users\user\Contacts\chrome.exe"

Jump to behavior

Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00B8C090 GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,AddVectoredExceptionHandler,CreateThread,	4_2_00B8C090
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C8B3B0 SetUnhandledExceptionFilter,	4_2_00C8B3B0
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C39D48 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00C39D48
Source: C:\Users\user\Contacts\chrome.exe	Code function: 4_2_00C54F36 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00C54F36

Source: C:\Users\user\Contacts\chrome.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: chrome.exe, 00000004.00000002.2686027794.0000000006884000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000007.00000002.2686061473.0000000006774000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000008.00000002.2686396172.0000000006614000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PROGRAM MANAGER
Source: chrome.exe, 00000008.00000002.2686396172.0000000006614000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Program ManagerVO
Source: chrome.exe, 00000008.00000002.2686396172.0000000006614000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: PROGRAM MANAGER1Ya

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Contacts\chrome.exe

Code function: 4_2_00B59620 VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,LocalFree,CreateNamedPipeW,SetLastError,

4_2_00B59620

Source: C:\Users\user\Contacts\chrome.exe

Code function: 4_2_00C3A255 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

4_2_00C3A255

Source: C:\Users\user\Contacts\chrome.exe

Code function: 4_2_00C03B10 GetVersionExW,GetProductInfo,GetNativeSystemInfo,

4_2_00C03B10

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	2 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	3 Process Injection	21 Masquerading	1 Credential API Hooking	1 System Time Discovery	Remote Services	1 Credential API Hooking	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	21 Virtualization/Sandbox Evasion	LSASS Memory	541 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	11 Disable or Modify Tools	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Process Injection	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	11 Peripheral Device Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Obfuscated Files or Information	Cached Domain Credentials	215 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 File Deletion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
FS-SZHAJCVS.msi	16%	ReversingLabs	Win32.Adware.RedCap

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\Contacts\chrome_elf.dll	100%	Joe Sandbox ML
C:\Users\user\Contacts\chrome.exe	0%	ReversingLabs
C:\Users\user\Contacts\chrome_elf.dll	29%	ReversingLabs	Win32.Infostealer.Tinba
C:\Windows\Installer\MSIB9F5.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIBB2E.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIBB6E.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIBBBD.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIBC0C.tmp	0%	ReversingLabs

Source	Detection	Scanner	Label
http://e-notas.com/dsdrk/inspecionando.php	0%	Avira URL Cloud	safe
https://crashpad.chromium.org/bug/new	0%	Avira URL Cloud	safe
https://crashpad.chromium.org/	0%	Avira URL Cloud	safe
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
e-notas.com	162.214.64.212	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://e-notas.com/dsdrk/inspecionando.php	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://crashpad.chromium.org/	chrome.exe, chrome.exe, 00000004.00000000.1513707118.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2684998422.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1771764316.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2684952702.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.1852582941.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
http://www.indyproject.org/	chrome.exe, 00000004.00000002.2690256186.000000006AEAB000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000007.00000002.2689604682.000000006AEAB000.00000020.00000001.01000000.00000004.sdmp, chrome.exe, 00000008.00000002.2689870499.000000006AEAB000.00000020.00000001.01000000.00000004.sdmp	false		high
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new	chrome.exe, 00000004.00000000.1513707118.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2684998422.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1771764316.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2684952702.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.1852582941.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown
https://crashpad.chromium.org/bug/new	chrome.exe, chrome.exe, 00000004.00000000.1513707118.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000002.2684998422.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000007.00000000.1771764316.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000002.2684952702.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp, chrome.exe, 00000008.00000000.1852582941.0000000000CD2000.00000002.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
162.214.64.212	e-notas.com	United States		46606	UNIFIEDLAYER-AS-1US	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1574856
Start date and time:	2024-12-13 17:46:21 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	FS-SZHAJCVS.msi
Detection:	MAL
Classification:	mal88.evad.winMSI@8/157@2/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 65% Number of executed functions: 12 Number of non-executed functions: 168
Cookbook Comments:	Found application associated with file extension: .msi

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.245.163.56, 20.109.210.53
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: FS-SZHAJCVS.msi

Simulations

Behavior and APIs

Time	Type	Description
16:47:49	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Financeiro C:\Users\user\Contacts\chrome.exe
16:47:58	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Financeiro C:\Users\user\Contacts\chrome.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.214.64.212	FS-JFDIBGWE.msi	Get hash	malicious	Unknown	Browse	e-notas.com/dsdrk/inspecionando.php
	SecuriteInfo.com.Win32.Evo-gen.22243.20256.dll	Get hash	malicious	Unknown	Browse	e-notas.com/dsdrk/inspecionando.php
	SecuriteInfo.com.Win32.Evo-gen.22243.20256.dll	Get hash	malicious	Unknown	Browse	e-notas.com/dsdrk/inspecionando.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
e-notas.com	FS-JFDIBGWE.msi	Get hash	malicious	Unknown	Browse	162.214.64.212
	SecuriteInfo.com.Win32.Evo-gen.22243.20256.dll	Get hash	malicious	Unknown	Browse	162.214.64.212
	SecuriteInfo.com.Win32.Evo-gen.22243.20256.dll	Get hash	malicious	Unknown	Browse	162.214.64.212

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
UNIFIEDLAYER-AS-1US	https://nam.dcv.ms/0CX72Iqyxf	Get hash	malicious	HTMLPhisher	Browse	162.241.252.227
	https://mvh.mjm.mybluehost.me/loopia/se/	Get hash	malicious	Unknown	Browse	50.6.155.203
	K98766700.exe	Get hash	malicious	AgentTesla	Browse	162.241.62.63
	https://grupoescobar.com.br/AA/auth.html#yk.cho@hdel.co.kr	Get hash	malicious	HTMLPhisher	Browse	108.167.151.83
	arm.nn.elf	Get hash	malicious	Mirai, Okiru	Browse	98.130.145.16
	jade.spc.elf	Get hash	malicious	Mirai	Browse	162.144.165.132
	RFQ-004282A.Teknolojileri A.S.exe	Get hash	malicious	AgentTesla	Browse	192.254.225.136
	https://analytics-prd.aws.wehaa.net/trackings?value=1&action=click&category=external&origin=detailpage&url=http://notifix.info/scales/ec49f59be146f69f3ea00c211d5cccd90524b2cf7f8aec665534fc020c910734b9e18d0945bd518a0e55b407c5bf7443cf6179/paige_williams@newyorker.com&cat=firstpage&label_item_id=9633&label_owner_id=646&label_url=http://notifix.info/scales/ec49f59be146f69f3ea00c211d5cccd90524b2cf7f8aec665534fc020c910734b9e18d0945bd518a0e55b407c5bf7443cf6179/paige_williams@newyorker.com&idle=8d15bf95831b32126e4b3bd02a20cf592eade0e3442422aeaf0db14b2e91ae186a5549c468519863594ece59910ee541&tenant=minnesotastate.jobs	Get hash	malicious	Captcha Phish	Browse	192.185.149.80
	https://analytics-prd.aws.wehaa.net/trackings?value=1&action=click&category=external&origin=detailpage&url=http://notifix.info/scales/0af634fca2eaf3a11c0597691f5616c7d16f5580d650d17201024b374ebe92a8e0c492c822b6be6f4332bb93acc2ba02298f78/christa_sgobba@condenast.com&cat=firstpage&label_item_id=9633&label_owner_id=646&label_url=http://notifix.info/scales/0af634fca2eaf3a11c0597691f5616c7d16f5580d650d17201024b374ebe92a8e0c492c822b6be6f4332bb93acc2ba02298f78/christa_sgobba@condenast.com&idle=8d15bf95831b32126e4b3bd02a20cf592eade0e3442422aeaf0db14b2e91ae186a5549c468519863594ece59910ee541&tenant=minnesotastate.jobs	Get hash	malicious	Captcha Phish, HTMLPhisher	Browse	192.185.149.80
	REMITTANCE_10023Tdcj.html	Get hash	malicious	Unknown	Browse	69.49.245.172

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\Contacts\chrome.exe	FS-JFDIBGWE.msi	Get hash	malicious	Unknown	Browse
	nf963-5d-qns6-w812.msi	Get hash	malicious	Unknown	Browse
	nf075-4d-qns0-w383.msi	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Config.Msi\5db15c.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	18563
Entropy (8bit):	5.521833919146843
Encrypted:	false
SSDEEP:	192:tKolQlg9qwm4FQG6Spm3hbuixNnDAx9CbqAZAqOEpWx9CbqAZAqOcp3a/pSk:tppm3hbuWix9COIAqqx9COIAqS
MD5:	1D195C9054C1BD9A11983E6A2569F2FF
SHA1:	00EB707715A523074D3897E882729D47C15FDD0A
SHA-256:	389A4DB4E35B5D6DAF4C398C5C56F3B7F535A4F8F90870DF6130EAE2FDBB9F5B
SHA-512:	F303F07D608401B821F0148A66B28A8FFA1434603002849B6A14C16AD9DB5FECEFF229901DB4B3D122345CA9AD71D950B2D13F2EF157CAB9A1760F7FC96A757A
Malicious:	false
Reputation:	low
Preview:	...@IXOS.@.....@.].Y.@.....@.....@.....@.....@.....@......&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}..Google Chorme Updat..FS-SZHAJCVS.msi.@.....@.....@.....@........&.{71DDB565-7BC9-40B1-ACCB-EE18F70FA1A2}.....@.....@.....@.....@.......@.....@.....@.......@......Google Chorme Updat......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]....ProcessComponents%.Atualizando o registro de componentes..&.{3B6BDBC4-2324-4D70-B1CA-94B741C61BF2}&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}.@......&.{C8D017D3-89C0-4250-9FFB-5D9684AF0A8D}&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}.@......&.{D5998543-BD40-48E5-B2B3-340A1A6BC8BF}&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}.@......&.{6C2AF152-BDD7-48E0-A2DE-D854C860F818}&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}.@......&.{9F462EE0-6F93-497C-B68E-DBA788B46E2D}&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}.@......&.{3FACF0BD-4910-45D1-9434-0161BE324E6F}&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}.@......&.{D2C73612-

C:\Users\user\Contacts\126.0.6478.183.manifest

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.96140190480482
Encrypted:	false
SSDEEP:	6:KdhlRu9TbX+A8/5RFYpe05XkZh05XX0CdiYCMfrA1G:KLuVA5cpe0qf0h07v9G
MD5:	7D70F9F08AEA7529C4A415345387F51E
SHA1:	985E221DF971ED6ED3F5A2CE3F9652C8055728F9
SHA-256:	93F47029627FCCE5CCF59779BF4D4315BBC9C96189DEA1B9D5DB62A54F017591
SHA-512:	D224084384A8B28E813D4C666B3A95D2C8C77D2262740760917D265D4626F89C6AF5F2AAE01F4CB3CD3C2236463D567D035061B44827A898D67A18A9EDEAC7DE
Malicious:	false
Reputation:	low
Preview:	<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='126.0.6478.183'.. version='126.0.6478.183'.. type='win32'/>.. <file name='chrome_elf.dll'/>..</assembly>..

C:\Users\user\Contacts\chrome.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2252904
Entropy (8bit):	6.790821016155236
Encrypted:	false
SSDEEP:	49152:tX1r/EHlIN8LAEIenc6tn8F3KhSX2sJSPLvScP+B:tXh8Hlm8LAELc6pw3KhSX2sgPLg
MD5:	DD36EA28C576FB0AD109B42D3D6C9F96
SHA1:	34DCE3F5EC37472A79CEA43959C319CF67E22D35
SHA-256:	07D849EAF8BBBCE5ABD7EC2348DFF0394F49E803C34120629AE258E62A1A32BD
SHA-512:	F8CD93CC9888A95CA47852D7B6725213C0E0B905A66E19AC41428E83A0ADE17803EAA77F3C5C7719B733E745A09D669B89554647017D4414D34ED626C69B52E5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: FS-JFDIBGWE.msi, Detection: malicious, Browse Filename: nf963-5d-qns6-w812.msi, Detection: malicious, Browse Filename: nf075-4d-qns0-w383.msi, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....o.f.........."..........(....................@...........................#.....U."...@.........................N..........d....p...C...........8".h(....".....\|v.......................u....... .....................<........................text...J........................... ..`.rdata....... ......................@..@.data....E.......8..................@....tls....]....@......................@...CPADinfo(....P......................@...malloc_h;....`...................... ..`.rsrc....C...p...D..................@..@.reloc........"......R!.............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\Contacts\chrome_elf.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	15139840
Entropy (8bit):	7.961759392700101
Encrypted:	false
SSDEEP:	196608:ojkqqHiJvJhREakjYtjmiYB2FUyItjlmDAlp2bEkkKOeUqOEECzf8nUOAL9n079H:YkbEvJh6e6iYAuX2YkROeUqmyf8e9kv
MD5:	ADCF34E275C290D039409441BEEC45CF
SHA1:	1A3DEAC249120F3261B7B3822625ADD0C35EBD3B
SHA-256:	51D7193C9F96B515E222195C72FC4D4104BBE527A8C80F3B2D9FEFCE56C0032A
SHA-512:	9C85F0520E42D743C6E8911D4E9C1C9610B585A2F8EB0D9C76E687C098A1B98925B5E2203D9810ED5CA5F0EFCA4C2A7C3E5CB65319D3429C2B754CE91C8B0E17
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 29%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........PE..L....)Xg...........!....../.................../...@.......................................@.........................xe......\a.................................X......................................................l...._.......................text...8m/......................... ..`.itext.. -..../..................... ..`.data........./.....................@....bss.....z....0..........................idata..67... 1.....................@....didata......`1.....................@....edata.......p1.....................@..@.rdata..E.....1.....................@..@.^f&.....P....1..................... ..`.W*?...............................@....bQH.... ........................... ..`.rsrc..............................@..@.reloc..X...........................@..B.....................0:......r9.............@..@........................................................

C:\Users\user\Contacts\file.cur

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	MS Windows cursor resource - 1 icon, 32x32, hotspot @0x0
Category:	dropped
Size (bytes):	326
Entropy (8bit):	1.2807478913655284
Encrypted:	false
SSDEEP:	3:GlFFXlGFllfl/t+lklel/e/hRD:Gl/Nls62bD
MD5:	DBD44C4AC444D2E0448EC0AD24EC0698
SHA1:	371D786818F0A4242D2FCED0C83412CAA6C17A28
SHA-256:	BF79BFFDBA70F456CB406FD1ECE8652750363B94188510B5D73F36C8EA6E7AE9
SHA-512:	E8025CEB6ECB76B480F279D7E42DEEC8B96C0C1D64CFA3B7AF1E68320281F0F2A9B886AFC16AADE4E2178878970C4909FD650C1DC3C37594D040141ED0AB113F
Malicious:	false
Preview:	...... ......0.......(... ...@.......................................................................................................................................................................................................................................................................................................

C:\Users\user\Contacts\iframe\rolloutfile.tv0.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	57347
Entropy (8bit):	7.996758830363174
Encrypted:	true
SSDEEP:	1536:zKN5WPlWSx3OQBxcuz6s19zhLvA0b3gZRApJcdkSjhR:Uwld3HxBz64zhLIq3QRAbKkSj/
MD5:	5297CF1015ABDA948140165C9281288E
SHA1:	640DB260B9D02A1F1018BFB046374528AE2C78EA
SHA-256:	B1AA1DF684313638E43DAC5A61E58F5B30F6D05C7E7306EFCD0FD18FFA67F9F7
SHA-512:	8834D89480EE0790C2AA120A29C58E9A3DAAFF5AA0F0259773D447B9BC61A152E9335A0C0C601066D03232B4D5E15804EF120B78094D5A56B2CBB0A6B5B2C517
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;..{.E]e.?...O....S.E]L#...)....7a.;..`.U.....r\|..~.....8'..3s.4..\H...%..CLi.u........+....T.................K.....>.....8.W."V. :\...jj....W...,.{FH...O...oT....t......-Y..qB.4.... .....nI.X.O.d..H.k....D>......J......w..vJ$FA..!..... 1.............].O.."..WB.?.{...1.E...L.d..tXQ.X.6n..........9.-...7.G..\.K.KDU..+K/.~].X..ak..&.F.y...?e~N+?qy.I.. G..&...x.r~.......Bk<..T..M.eh..n...)S{.J...-.X.....6.....d..g.]..2.$.0.O./..\|D!.....oe.Da.=..{.....P.L~..%.."......&m6....J!.O.S..9.h....X9~..r...0.Y.....w...A....u:{... ......L...c...=.i.Yt}tdp..X&.F_CV.....Q..9...?[..u_(..7..wj.>.^...{...31..P..7.E.90.f.L7..c.j....a.....nN.km.i.....V&.AXF..`@..L\.....atj.k...;.:......_...;y4..G..8...)....^C.1q.[..C....T/.W......[.{.Xa.....-:..x...i.......wi......$;....0....0.ia..W.p3.`..........b\|a.T....2B.j..<.zM{.-..6 .j..(.0..7H/.....+..51\(Y?.gY.(..W.....qUma...[.a0........#4..Yj.<....c.~7....6P_.-....a.^...[ZR\........

C:\Users\user\Contacts\iframe\rolloutfile.tv0.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	41884
Entropy (8bit):	7.99572522591119
Encrypted:	true
SSDEEP:	768:NPjCzTBF6lqKSle3fo8wBs9tFPFqAOwbDQgFObKr374qUoCT2XkroPX5:ByoqJevo3stRF1NbD/gmrAoDXkMX5
MD5:	9195D393018B1976DCE57B114D630DA9
SHA1:	9B649B0C0FEE0A2BF3602619401C9289AB26146B
SHA-256:	0C50CE717ADFFDB86CD2A034409E9B8BECF9B779AEA2CF7042F3EB007D04445E
SHA-512:	945AD44629F6CD723BC5ECD0E5457BBE1FA7EFC1CA2073E440F2F209C6E2D1B3CA2B342F9026E99C4B63355432F449956068ABFB8B08F1B120410F5C49733338
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;..{.E]e.?...O....S.E]L#..b.6.......}...). m/.Kb......vP.:..}.k"..`N....%L.k.....B.<h8s!H`..(......`q...:.j.z3.X.O..TEVM.fAZ...v..O...._...._....;e........V2..\....R~0..#4%.B.!$........<AMe{..C.Ls.a..T..D.8.6...K.N..d..z.N>..q.U...\|.~d......&hO8H...x..s.n.8.,Q..!.:...0t..Z.M...;............)a.....Z.\......-..j.w.:..p>.......@.\8..;...&d.7..k..+...........*..svw..dY.o.(...g..6.../~\|i...0...D;....t.u.i.........1ux..\|......}.mg[%`......A.[.+.I0....VV.h9.}.^_..@.....F....1a..6..D..7....C..d..D..,...@....VM.cx.7S/.....!d.w..Z........q..85/".n.v..s.4=H?.'o.6mXR.u.<..._v..W..z.....Q...b?..........l7..s..W......9.[.j.......s....$...i..8...B..+.1R......t..=S#.9...0]......-Vo'...x..;M.fK6..~....+i.g..E<83'.,.m.y....a.....@\.P....z7B....wF...E..kq..^.....j..WY........7......)....9...y...:.Q7B.C..}........i...p.b.....?.o5.x.({..m...C...B..e2.C.'. .[{.z.qwc..{..~.yJ.....:..$3.z....F.$`...r.....$..).T..).w.w...r."..W\.....

C:\Users\user\Contacts\iframe\rolloutfile.tv0.2.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	42864
Entropy (8bit):	7.9958162175760235
Encrypted:	true
SSDEEP:	768:4/Yk4mI/CYk9eg6h7aGKYWcGprhGz71eVGPlgbV2eqhYpF:0YkvI/O9F6h70YWbpMRSGtgbV2eqhq
MD5:	3AF0C5BA784FAB071C6033494C4C6F49
SHA1:	801F5377EC4675CDB26ABD06CB7895A933DA2115
SHA-256:	85FC2B295C5004E4D346728DD5EBE5BA10EE05DFEDD196EC730417A2B39FC86A
SHA-512:	3BD00D61C7879CEE05CB5EA8DE46378C66475B0043B724110A8CFD4003941FC0C936E4FEA37034C75DA186D726030CF21D056C82085FE6DA4C36AF484B1EB776
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;..{.E]e.?...O....S.E]L#.....G....GlJ0..t.J{..).B4..!.PG..../.I.A..]X#,LR.......g..c-.0%.!.R.8..$../7k.....%.....R.-...-.YP..R..K....'.....C..........j9..Y."-..NJ..T.,..6[.V.Mo\.....D..._..=&S.'@...f!Tt.}........Js.s...+.......[..pQ.B....._<..._.9+.r..........%....C..w.F..Q........PR..e.n.1..ls.&.,.q.@.-......W....&.d..o'....f.B..qT..;.".8f\|N....Tr...p.P...Y.^j...1M.K.Aht..rw..2...\|...}....2.Y...61-..R..>.I..3..DC..0..1..WnzX.....hvsF1.#.#%F..;..n9.5B....=.E(.../....z.?.;S..o.#.-..$IB....E.2....?D2...(:PN.c.vt........-.{..Rt..;..L.F.+.6.6A9JaO....KD.~?o.D#..j...#...,(.0...Y:..z.@.{.m...Hb..B.....I.....'...S....<9].U.8......<m( ?..W...Z.Q...Y.W..6...'...&<lb.........:^...+4....e....-..B.?eNt..7.8p..'.Y.Wyb...?..d.._cc....`[P..?.~..,....9+.q..A.> N.Q...;..#....&..k&X.&..h..W.)...Bu....+c..{.V.....l.wA&...Q.3x`.........`..u.{x...X...4~T.~Y..}-\....T.-...Z.h....].$.k.L...4.1tE.B....,_.mq..z.syG.@.......X...$

C:\Users\user\Contacts\iframe\rolloutfile.tv0101.3.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	71130
Entropy (8bit):	7.997395950602131
Encrypted:	true
SSDEEP:	1536:6uav+BjNtujQNPUiSuGk/WVUg+CKu1ioii1Za5liS05XLiT:6u/BjvziiSaOVYvoii1ZWb05mT
MD5:	60B76D2FA62DEF9CC37D33F320136CFC
SHA1:	F7EDD174CD7FBBAD5A1E6C29933B49905456E90D
SHA-256:	2628D0C86F18CC722C75AA9D9EEF5329C7DB674FF1D2460775B473CB30D58008
SHA-512:	AB719CF3BAE92BBC6CB4EB04B041604CF426D1E7C242ADCF8E0C94CAF3DA502080A9C63CC60DB6237117E5B293FA8477D536ED3E6E5BC64A64CB5359ED265F19
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...(R=.m.w9..J...D.....iD..aFp(..M]w......o/l.}.+5!.".............<.Z8.@..D.@c.u.g..\...2.op]....HZU.\....EWh,}A.X......PqPd.....H...T1t..,.~.....S..m3\,........p...t...D....v.....X. .Z`d...1.s-...'.R.....C........W/.....y...^..?..4..Z..osIC...j........v2l........~.c.fN}.DQ.;7{[.R.....w....D.......CQj!+%J...../3..+r]..)...L.....s.E7..C........e.......E.Y0.'..yC.[,..{..o....m.y`...._.-z....#.}.r..1DC:....Ft...O.....<L9...3.3.w..8.I...:...~...n.K...&R..R..s7../1{g......s....e..I..b...e\8N...v..H'.5..Z.KU...i.s.g<"......*.9p.j....n...6c._^?e[....Q-..!zB.H.BO?;.?R9...A...+.....I>

C:\Users\user\Contacts\iframe\rolloutfile.tv1.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	90741
Entropy (8bit):	7.99772780022569
Encrypted:	true
SSDEEP:	1536:BW68pTu/DzylC/KrWuo2kqy/31NftiQZs/Ye4Y0oD65WxEw9HNDE7:oJpTQz6C/KKpz58Ks/f44G5WxEIJy
MD5:	31BE227EBD00EB32E0D97C03547953AA
SHA1:	29B9357D45D7B9417E8D701562DF4ECF029AA235
SHA-256:	2ABD44444B428A8438980C23290653818567A1C52A6F6E28CD582F02ED7A1997
SHA-512:	8962F0F3D09CE5FCEC54C4C311593A53BF8C5510E9558D1D2AA17539F55CD9362DD44FEBAFDE2FA9FA2DF92FFC7FBB4AACC54971829ECE6F0A368E237D59F5FD
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv1.2.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	23014
Entropy (8bit):	7.993330995993904
Encrypted:	true
SSDEEP:	384:BW6Npc2cLZYGT+bJP89WYiJJbfSvNUUi9++4qEiEyJ8B0ih/n2:BW6Npchus+bJP8wLf7U8F2iR40Y/n2
MD5:	3F07A14138725B4FEA87018778E99C9D
SHA1:	E9476B1F97D68E4B041CE45B3AC8B367FDA9AE73
SHA-256:	884AF08E980F32A5D857AEF65E94D692CC5179F0298151CB3EEE28307D5294C3
SHA-512:	5621FB39A236BB634E8E2C99237592532B914DC532D23922410615FA7D4D41B7A8452AB2BA318DEF99910FF72C9BF212BE463EB0C34D91DF85900F37136C059E
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv1.200.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	350024
Entropy (8bit):	7.999332112422404
Encrypted:	true
SSDEEP:	6144:SVjwYdom2WUKHsqdV5wIiHsDHT1CH4cZvrPCJjCiNnQcurJ7W5v1qKswpkxAmXms:SVs2om2WUKVdVTis1CH46vepCBW11xsJ
MD5:	A1D4F0985249B5996726C81DC9E90FCC
SHA1:	E1B81B820ADFAA229FCC6B93A82DB00E6C1D2BE7
SHA-256:	A09EA9840853B6DB7848CA8A6181D74E2B60D68E34D56351A1930D321C3BB17E
SHA-512:	0700C51690F3817B3F97BC7B5EEBD2F1A158CDC12DE20BB2598819EF70DCF97B8817BFA5F224815AE14536C0E3D08E51CD72F299BA26E05A11AC164840D4E8FA
Malicious:	false
Preview:	.#D...e..,....=s...[7..!]....\&)>..............&..Gw.fx..h.KGJi...W.....5"qK..B~.pV....{.....J....Y%.....t.r(...!..PN.K....P.....a..K.....Xm...y......S.x.wO...]...LX.Vf.ot6...T.8..Fl..n...V....?.k.. ....j<.;..4.R9h.......T.-4...SG...V...3Oo...h...q...{L.r...]......U..6....@6..&...:@l..."....._.7K.A..,e.............G}b.....b....\.z.L.FUj.aW..7..\.A.]L16.r!...n..#.4.+...D9.zj....g..*.L.? ~..+..y....d.Q...<o]}..8.....\|.$3mv].....].U.(.m..\..?P.....u.?..Q..4,...T.6.......U.....LI.Z^4...Ok.@!.).........&^...>M......W...&]S..V%c0.3.qt......J'..^B..\|..Q.F.a.1...._...I.D..o.. a.~7..~.......D.;.$n..8.\|.yuyN....Hxc.9.?.Ay.(....fG....;/G.4.@ip...s`/.;.c.V....-7.\|...x.{.R...F.4]..K...9.Y.V........-.q;..J\|..X...~..);.C...{........$.".....n..@..#..........E...O/..e.y3.".....o.....N.....<...n..Q..Q.\=H...T..... .[8...5)..Y..jr...'.....Z.:..te..AQJ.-7....~..^..`.O...>.'.N...b.Z....Au....3.o.....a...2t..i..R.W.....B.Y....1.....Q#...M..!..T.L

C:\Users\user\Contacts\iframe\rolloutfile.tv1.3.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	64412
Entropy (8bit):	7.997009584668567
Encrypted:	true
SSDEEP:	1536:BW6+yg8Lks0LNMax67S2fSMxkTo+Oh/GFjlC1f4CO8RkY7H2JUkgGiXPwbj4:op8gsg5xYS2q9TzOHOCO8RNH2JUPGiXx
MD5:	C5A27652BFEF12D580F8C7D9278BFB56
SHA1:	B8FA94A092969B00A2CA49AADE501F86C7D05124
SHA-256:	84239C96D1A3EEA8F4A1131EE859C70863D2D2FF981DB955A204D06FB3E399F9
SHA-512:	93485D1AAFFD03E2B9BDF8AC519B4A1B2F9504B7DECE5A72E93BD78D7C1EAF287D347D6B0088CB665395B2099C9DE8285444986DAF6955C984B4BD0447679C99
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv10.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	53999
Entropy (8bit):	7.996770426163462
Encrypted:	true
SSDEEP:	1536:BW6XYLT5F0YEIefnYXpZZ878ZUqvsLj+LCGHiGP:o1H5JEIefIp7U8V0Lj+LCA
MD5:	21A9EE4A323D30EBF01E909E0D2458DD
SHA1:	B1FF6EF537D741A21DE4C9940711E5403CB95154
SHA-256:	84FF014DDE709723B41574356866AE44A9C31FBE172719091AF2F7C211F515C5
SHA-512:	8376BE074DDCCD81B0B512F45D22C96D4DF2CB2BC28051977B489784E9A96BE195BC451BA34D010EC006817843525090B99323B2FA171396E0554F5752F15A47
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv10.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32176
Entropy (8bit):	7.995349694654279
Encrypted:	true
SSDEEP:	768:BW6N0QSaME0UDtQrJ06y1AdWkYnAC67Ho77gDtUcJydY7AxG8OGY1kbJ7:BW6PSaMc5Qr+Oul77gpUckoOOBCbB
MD5:	0F47D734176C343CF3FBE700D08D0062
SHA1:	5D33092BE18F4EA93B82B852B806436AB9AAE103
SHA-256:	61D82DE1D9F5DF0B5F96C7F4E1CB249E3A41A49A3225FA2C58E781E0AA8AC351
SHA-512:	CB602DAAD0CC177BAA032389842F9D47D4D3085363875FAD9947FC735E8DD883C558EB35F4C944B340A25A3F15768FF3084ACB3622224516DA3D046E0E6ADE68
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv11.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	103698
Entropy (8bit):	7.997954975179584
Encrypted:	true
SSDEEP:	3072:onCjBvz5FE815qPXpDm/1pJUEOYMKzxhqZRgSgfXU5:TjBvzrEY5qPXpD4TJLM6NU5
MD5:	D5607B6BF989EF431346619F0D81D09F
SHA1:	7C9606C08F7EE8176948A694BF36ED7BEF058571
SHA-256:	C8E14FDE2559E6F71CA0CF023D2CC51636E171B206CAEFC11DEF6045D98E66A1
SHA-512:	E92948490B261A222FD26237CC3A94E68EC561EE42B0ED2D54267EB0A17CB1A8B4BFB0DC2474E6945D6BB6E6A3062B55A875A445CCF265A225390C3537F6BDE1
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv11.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	36816
Entropy (8bit):	7.995057511765618
Encrypted:	true
SSDEEP:	768:BW6NKcj+tNNn72mIuTvBvWG4q8hQP7eW5QJsdU9Q9qRpK8vP1O9:BW6yfB7nFvaQTeaBUQqDK8u
MD5:	8912777F68DD57322A21A454A3038289
SHA1:	F7373B9BF2C1BE2542144873D904D3205514F13E
SHA-256:	26F01B5F8468B8E78D88232717D2785C9EAEC35F239820AFB0DDA382297A0830
SHA-512:	B5D0AC28F90B07F4C02CC1CE80351970767E77962C1E6065240D3224E9AA42F7DD8BC016029459E3837912BEDD40DF63A1A5513E17BC45DF1F9AACE133F2F7F2
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv12.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	89867
Entropy (8bit):	7.997920440624809
Encrypted:	true
SSDEEP:	1536:BW6/ECkXeC2oyI7arfNZ9kst46VHoxTlC3Vvz+/1ELZiK5Y1NvJMFF7JLwqyrnVQ:ocrkos7Wpt46VHoxTcVq/1ELZikUvJMr
MD5:	5056454E25D9DA771B1927ED97BFAF0D
SHA1:	1A7E91BE971E815071A58C54BA57B9FB613DFDDB
SHA-256:	EDCAF92F597D225DB49C4DF56300BF4962177B689409758571790DAF262575CA
SHA-512:	67A0322E0E9C1C6D06235C43C57BB85BCB20156B292989A963D598D4801B36AF9A255427D6A3891347BAB88614FD1E1556C44FD143D2D7131A713C025ED8E202
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv12.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	30981
Entropy (8bit):	7.994864854434588
Encrypted:	true
SSDEEP:	768:BW6NgZIbV8Eyzb56mJ/dc7F1Jc+rtiStdtL:BW6m+xVyn5lldSF1JpDtL
MD5:	56D17C7CB534DD8290971648EAEF4B84
SHA1:	AA757929675926B17D02078C69F0F3B4972C6E18
SHA-256:	7860C45AB4056B141C9031E95F2E93E852531D1AA03B4E5FD6164C6C4E812C64
SHA-512:	6340A31150A45DEA1E367319F18BD2FE6C6BEB7CB975638935B28D95514091BF6E48DB8B8E9060F96A621BC00EF5F57237BD0F13549EFA0024298CF069A02D0F
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv13.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	100846
Entropy (8bit):	7.998158896251984
Encrypted:	true
SSDEEP:	3072:odWE3d6L0GenMnlMkDVZI8+NOqKzazG5zsPfeT5yw:YVrhA1DVZIhkN1zseTx
MD5:	91EC970B7C15E11680F47A1413B72962
SHA1:	339B0A308CD1F5B4174F7F43999A4281C205503B
SHA-256:	6BF4C19E221830BD5BABCAC9F92089A656882E3793FC69879D804788960FD223
SHA-512:	4226E840940163B0525EEAA9D372C8247F9CBC2D84068E0EFB9A01D2D8B118D50C9351BF077F5C865BD3A9359F560792A3483933806583602CFA79731E118834
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv13.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	33480
Entropy (8bit):	7.995378671824126
Encrypted:	true
SSDEEP:	768:BW6N286l4XkLghjeSo6+pEVf4J1wAJ/G7mRlgW6WsvV0YYQ:BW6zhilLD11e7fWBsvVpYQ
MD5:	76865ECCE4C30C2536236ED171A0D76E
SHA1:	B5E5C62D55D317D1D7F77915C5738A8635C82C9C
SHA-256:	C7B799B3DEE229B709AD9DAE5E029FA5A7D7BE8BE0454F49527B632C07D9F625
SHA-512:	B585721BE72E8BE50CB13C2EB0F3A80AA85A17FC49C542E95BFBFCBC898F09E6BC370388FB583F1CC2D216A37834CC3F7C7BEBFACE45F68F037133ACE812A90D
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv14.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	101922
Entropy (8bit):	7.997980089704199
Encrypted:	true
SSDEEP:	3072:ozGLP4gGk7MqyFe+v5FSXq8vymH3AhLBvVu53s:c2Mqy00FSVbXAhK53s
MD5:	3D8772A6F26F6BAAD2715A514D7A419D
SHA1:	5062988072F8CC660EAD6BB5BC7767EBD68705E3
SHA-256:	8FA4E1AF5CBF40A9A52A718BD43EF4C089632E732B1EAC5299E73994E947B219
SHA-512:	C96969F7A0F509B39DF3378600A1F83AA1E72B62FD2CA7AB23880A10A60D1D05D368500E385E31EFDA7D6B21E4F038F0F55AB88AD8ABD4966568F0DA78711BCD
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv14.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	34450
Entropy (8bit):	7.993568193715657
Encrypted:	true
SSDEEP:	768:BW6NxQk/u3KCN5PkV12Ms5n9wclxmgWwiApAQAgnus5lUZgsqK:BW6sk/uNN5Pkf2fnnNi0FAgnusrmSK
MD5:	20354B294A886DE9EED65C05B8B4E0EA
SHA1:	FDB0C9C8E67DC389C3D33BFEAA45B11EADE89B37
SHA-256:	3B01077CB6F2B33E1FD4B44D6F8FCB2144840AB59E819665B331CBB753E1DD1D
SHA-512:	6AFC0716FD5CA327A20E1B91138D7840F741943552C72D4BED4F91D97E685F245D3085848C548A0875455C54646A95B085C49737A8820F71C4D2AF87519C760A
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv15.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	94880
Entropy (8bit):	7.998273684433496
Encrypted:	true
SSDEEP:	1536:BW6ki9VOORyBJuKi8oWqJB9DTEhIr9i854OjWihTenAmM6EUKUT+hH9FtqsaQD1:oq9VOTBJuKi8oWqJB9DTECQ9OjWihgwL
MD5:	D7901A0FB829DB040107D2C02943A4D6
SHA1:	18A852B5DA7A2B57A6154C83C80F62ED67570791
SHA-256:	E2F925AA3AF7174F26E96571038AB83FC1D1D8F4F5A2EB1C48C654EDA1E6A2D1
SHA-512:	BE831DCD06567A2F9A23988086BEB16880847879626ACE28208F0BF2EC99883C26C326F708D6BDDFB5BD97D476AE119135682B2FC9571B990376B74260CD0725
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv15.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	34480
Entropy (8bit):	7.9953759299235685
Encrypted:	true
SSDEEP:	768:BW6Naojf7WVL3er0d3esbt78wNXg6w1E0xLmPSpJW5aBG:BW6wojDM3er0dRuaQ9XbDG
MD5:	490064B278F31F395A1D93488FE7417C
SHA1:	85F0BAEABE880AEC6324E2D994BAA37235C8F260
SHA-256:	30DEFE60FF9390B8B828759FBF90B152A8F8BE7423258897E31712E27AA18463
SHA-512:	A0001C53159AD3A033D53FCC86A7DF622C4313938674DBE58951915D212058829C031EBE7AAAFE06EE998A4037FBADE880FAA9957EEE6F6AC4CED272D7162971
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv16.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	97471
Entropy (8bit):	7.997963841827689
Encrypted:	true
SSDEEP:	1536:BW6XaXXzu+S2cEfzIaUU4EHvAQq5xoJOzift1Y//H7PzqmsKW+pQEtrJookIbC:oLu+SPKES4EHvA15OEuf2Dns4pQEYok3
MD5:	7E93CE1B4A288A0764CAB1A866932F7D
SHA1:	1EEE7FCFA3EDACB29875BCA791855FE5327ECA0B
SHA-256:	F6D10BF1489717408DC6F215A3996AE1C666D50FEC1AB4D80D84C0BF0D8F28A6
SHA-512:	7BC1C0130184686025A6E367E56C74848778C27C166A815FE25D410D1C2B1F75616DB95E6596072242B0C3CF431938E4D339292DEA515D3214D6CC8C9A1A87A6
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv16.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	37147
Entropy (8bit):	7.994941099826608
Encrypted:	true
SSDEEP:	768:BW6NWTnwyRRds+R5aAqqp7E0m5CZkpmyWj8AQtOjY/Eob0xqucr0ULBnT:BW6unx/6+R59qqn9tj8AQoY/EdAhr0QT
MD5:	3E9FF1A1C7D11B406196267E0C1FE54B
SHA1:	539E9238F09C47E907E428B3F9C993A74E3A89F2
SHA-256:	B87FD006B7A4B7CA41B0C0C836636CDC46A1B87AB8BB0C17C0380FA42BC40E05
SHA-512:	D3071B70A00F40927EF048DE939E35BD22234F41CF6069196DF967326835EED9FFD77F5964008EE3906A439DEE7FEE9C0E6A1C6061D1332BC1C32A6B592AEA3E
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv17.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	108523
Entropy (8bit):	7.998242819406155
Encrypted:	true
SSDEEP:	3072:onFeB6AcOWd374OzOHlh6Hy00+GJTNo/y:4STDvMChJBOy
MD5:	B954EE1D0DDBD6917660F9C3BD90703A
SHA1:	D21DFBB906266FCB3569968A706DAEE6BC399176
SHA-256:	AA5EFEE8E48E66DDF491A2F253ABE81E304E36A8F9A2A45B54F0C7F415D70582
SHA-512:	70E00C351D8AC5215C4865C6ED196008D6267CF0CFA463524814B6761E807A6A07850749334594E13F98FD6D2A8706DA7EFCEE6421A49CA699234F9770D38856
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv17.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	41834
Entropy (8bit):	7.995867858033007
Encrypted:	true
SSDEEP:	768:BW6NwIdvCYp/JggXqA+ymRuElNDsCDD7KZblz1rs:BW6a+CKJgbru8XDD7KLzW
MD5:	199C9F4ACDC95653F0741CD7BBED72E7
SHA1:	872E1E241DA7FAB037DB2C8C855B02C25CF29C94
SHA-256:	E77435E9B11AE1A2A014EE878F069BDD9198ED746CBACA50AD334020125858EC
SHA-512:	4C458E9E6B8C10EBE868BF6FA8CF62EB8F8EB8BE664BC9F2DEB61E5AE371891BB6554407D6DE158796420F7EC67A24E05D244E181D64835922586511BA81C2F3
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv18.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	91207
Entropy (8bit):	7.998041486799748
Encrypted:	true
SSDEEP:	1536:AohPjAwtlx9NE0xivxzsyvfVZq2vJbKRypOHsDEO1TDnjsX12j:A+PsWl7NhCWy1BqMDJ1noXsj
MD5:	55023E704F32EB3F068C673D0FEA18CB
SHA1:	D20D01F61ACA12CB38E9C62737A895FFDDCF6A4E
SHA-256:	96C294875C7A8068301FB076CFC5DEFD26DF7B47AD875F6804886D0E374DD725
SHA-512:	1D8E2326C19FC3818AB0860ED0665F870550CD6E83DDE9856A344407484FFDA919E8FF63549F0EFDF1D0BCA2ADAA5E86A3D70735C52767E860DE191D391DBE19
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7Zc..\|..9."....V.<{%....x......J....l...u..a...lt49O.B8.k. .Y.&\..P..b..V..!..!"..f..5......F/n..<q.l....y:..t.qc...ng.,..............8."....7.H...B....i..V........m4..C!.\|-[.J<.f...#p.rTW.....N.t......GbT...Tc.Vk..`.....+........m.VM3....Ij.,.{e..)0.l..\9.....Z.`.....u.........-v.k.Cc.a.p.....SZ8.....= ..:..<.NO....;.0i.A~.C....[V..\|0.m#R.k.8..D....m..(Gk...,...'.nY4~..+z.......<ih..C....C.u.;&.00"....w...4..d.!f..._..Y+!0......u.\|.S.....9.......e=[....s....U..@.A...q.*.k1...b,p@..L..O.....O^>.AC...4zu...c:..6.....U%:_.b\/.....>.l..T.w..~.....`...E.J...`.}.`..wt_qQ..T/.a......Fl6..MV.U.5f#C.......`.E%.l......W....RB+.>+%.2/t.+.f....x....A...b.A....?7.....2............U.RD...\I..Vga...}...JF%....hN=...;........?....n:$...$S.P............{....F8..#...f...3.:Gc.X.....bg..b.ZL.....= 9.1p.)...d..W.Hq}.FmxP.s.t.....7......bkr.P.....O...W....:,...t...&.+..i.,/..w...d.......!..{/..Q.Q...._

C:\Users\user\Contacts\iframe\rolloutfile.tv18.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	70067
Entropy (8bit):	7.997558546255013
Encrypted:	true
SSDEEP:	1536:LEdkDhpUE4wxgU8wrLdymUCTWUMcLYJ5npJ:Yulp8wFgmUCKPcL8P
MD5:	26E1D8BF489FA30F98149CF812E0A1D2
SHA1:	3C063A89D5D9E18CAF21E35C398FD50E09D9426A
SHA-256:	340B5EA15AAC2496C69567327F34EB33E1AF6FC4BD8201B81E32A3816B475826
SHA-512:	BACB0C82B889AFC2DDC001D38CEAE7067204802F03A4AB7818888509007B1E70028BFC5A9C1C3C657C56BD6E0CE12DA7EE306B21D277D6B83F4FA05A93829963
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7Y...y+.....e.'...v).....5..'.{.?.K...+E.u........f/. \....$..@.......O.4..5......V..j&....A..I..Qx..Q..u...v.....4...k.B."=..}A....... \|^bU-._.4z..D.8......Q..wk....e....i..D.:COK..}'\|@...a!rr..I..=P....Y...A+k..........Y...5...%Dk.ch+X.._.\|rU..P.`....LU7(0=..A.:....{.8.kJ.;.~.p...]]....2....R.'..b.;6}7r....q......\|.../.9..k.u..!s....u....6.....v....o`.l.8........wJ:H.a`..hG./......?...}..#Q[.s..x.`. .(.M...B...:...^.z2.Oki....J.=r.....%....L1....m6.d....r...a.y..s.O......n...4..\|Uf......Q.k..9.,...4...J.n.j.......w.....sM.MCGNg....~....ZFM.K..U...}o....DF..Z.aI.`e.V}............0?.l.....>l.(....N...\|.O.{.H..7....}#Rr.A(vie.......o...y.,...xlG`...=...f.Xw.c..[8%.<..cF.aa7.....4....8:......6#.B.(..9^..g...S....).".....W....6.^.f....#......v..1;.ha,...>.5!1.7ruW0...._.>.N...$E..$..\|..+...'.)C>...KS...'..).!.k...'.....y.:..s...D. +CF.dz.,7vS.7....7.M-.....L.`....d<6.......,..H.u

C:\Users\user\Contacts\iframe\rolloutfile.tv19.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	100400
Entropy (8bit):	7.998110943531547
Encrypted:	true
SSDEEP:	1536:BW62nhG8AQQBT53JFN+5TpbPZVBGhxZi1Ka1UxtunyibE/A7H+RyMtcNltuFTJ5N:oFyQQFJFA5TFAu9nyizaRbtcNl2uo
MD5:	D0EA1D0ABDB8F217D26A0CC27116268C
SHA1:	74F9A8FDCD8A5279C6458A37B75C38A09A4C921B
SHA-256:	DC51F45745036F0A6F9F902BDC57412B928DB386BF0393497DEDF53D183833E2
SHA-512:	6555BE4B95F5C175527209C7C570E72A84EADE8484ADD399A1BE63EB3E80963DFF5EB72DFFFA33FEFC1946AAD340DD0E45DC63F793BE5FCC1F51A1B5757CC819
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv19.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	40466
Entropy (8bit):	7.995475681302088
Encrypted:	true
SSDEEP:	768:BW6Ng6eiZHToV4q3BzoK6hMB2gFuDkVk/xacKtpoLvzp5VTspL3hF/CnV7:BW6OvWToVT3BE1S0gQkgTKtp2v9n2B6
MD5:	F71B653B55720C08816297D442F005FF
SHA1:	EC97519842F03D1A7834565DFFE1A0A795FF03FE
SHA-256:	547CEE01D9AC02641550287145E9A8B33FAA10CF9D26EA53432924F0804EC4B0
SHA-512:	3CB0C4903C27F713FFFDE1B185895DF1DEA8EB7D1B34F87472F855B5AD6976333702CEA220793EDC7B25782BE872C5659AF5AB4974E1636BCD7D5BD734216DBB
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv2.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	98733
Entropy (8bit):	7.9984000423576855
Encrypted:	true
SSDEEP:	3072:oEHFcD+q5L9vgXaQc+DUY1yRibb3gw7+BJP:bFcKo9vgKf+DUYwRAjgw7+BR
MD5:	7AFF247D52FE6468A6E06E206616A83D
SHA1:	0965687E40619574263356EC26AB66DB93334A06
SHA-256:	67D33D3FF9384867E6175C75EF916F01EBF68DDD3C463371A537678866196690
SHA-512:	BCFE14A7C0C94CD30D62E3C8DED0A85E1AFF9062B0BD1CF9415E2673DC054B931FF7837387920C7F3CAF884721F967272534CC652BBAD41080C5517621F90CE2
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv2.2.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	78854
Entropy (8bit):	7.997783115871903
Encrypted:	true
SSDEEP:	1536:BW6NHF4xDpEHRBOuTsLQ4vXQKe5WQtNuTu7fM01vlPs1VQ5SKgK3xqxoYIMiALtG:oEHFcD+q5L9vgXWQCu7fBvmBKgK3xJ2E
MD5:	43CB62B23805F38DF000C7B9D0227402
SHA1:	00CFC3FB4D1292E824A76563E81078D2894B928B
SHA-256:	C5AD8B348F0C81F93FC6C5573FC6252E5D1F6FAC2A9810834B0222C41175CF0D
SHA-512:	8A04FA349BF29D2571915494DAD697DA2C55812A1A2BB4D38FEED36659E1809E5BC84F328CC857A12E15B3110327A3E264F236F7AA132345629F482307579F79
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv2.3.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	78869
Entropy (8bit):	7.997741561782965
Encrypted:	true
SSDEEP:	1536:BW6NHF4xDpEHRBOuTsLQ4vXQKe5iSzOyXAOV23EiYqZSQWvBOgdXySw4SUGyyW1X:oEHFcD+q5L9vgXiuAArpqpWQgO4SUhy0
MD5:	306A37CCC16E48CD582D0AA8E2643C6B
SHA1:	1DA98DA8E420081FC1C66737F42C4DBFE679DE65
SHA-256:	875CEC1FC380D90F8E4F0405A35AD8B370F30B3C4FCEC33150CF31D7EE650EA6
SHA-512:	FFD0EFDB82DE109715A1965B511FA92D3755AEB79BC0400A9DE7E3B175DB554F699F63F53A2F6F1D50431B9C1782238F1FE3AB78F7F2285C71480521154A28E9
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv2.4.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	62087
Entropy (8bit):	7.997256717321158
Encrypted:	true
SSDEEP:	1536:BW6L7jPEVdlmZuDSjp6r2mb79JEfwf6I0kZ0calY:o07jPqQeSjUrfJZ0calY
MD5:	068530597136C000D573D2CBF07DCA45
SHA1:	2D80345B8550146498393A3DC533EE8EF21D48B0
SHA-256:	D122CAB4C0DD68F062F3ECA1831521456916655D90AD728CF37E9BC2E18B0B1F
SHA-512:	314631DF622F5F104FA0325F7F4CA3246E9013489B12A15302A224F2D026077AC3C48C2B3E770EEB232841CAE01E92E1527DCBBBB89D1AD69A06885E869F58D9
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv2.5.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	70895
Entropy (8bit):	7.9976539954309205
Encrypted:	true
SSDEEP:	1536:BW6NHF4xDpEHRBOuTsLQ4vXQKe56b/H854Ys+9T1OM4FXNB+xwVvhzSmLhEPbOke:oEHFcD+q5L9vgXFKmT+zEK1zhEPC24
MD5:	62BD966FFC5049BF7EB18A93FCA491B0
SHA1:	3C4BB0234E229219E5F346A2007082F780BE1C0D
SHA-256:	14CA1F80674F606C54925B3B6862C7751BCD75B0C15C22002E954B0D33ED0F85
SHA-512:	CA1AE12DF982CBC242237A0BA50DD21A16A24281745DE9AEF0B2CE8E92179119CA38605FA26B2559C1055CA18E2577A073A2FCF9F5D5CE733778569EB91F9271
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv2.6.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	31651
Entropy (8bit):	7.994928165465702
Encrypted:	true
SSDEEP:	768:BW6NuYrJzFZdFjqpB/yTzryiNGB7S44Gork1d+34PMO9GTgr:BW6gYrJroyvNiz4GoY1db9e6
MD5:	D5A0EC5D290F02C4D03068DD57ECF672
SHA1:	4243FB0146728E2D5566ED7D771156DCE1A2FCA3
SHA-256:	6DF1BC6AB82B91079D9372B28E30CBCFDCB0168A36480A47BE76C73F3F49FAF7
SHA-512:	9D383AB71F87FC155E57DB2BD23C6EAADE5EBA87E0684CA9DEF92F6CDA46F29E306FFDC597C84780A4CE48D82207AABE7C4584CE9A357E5D24F33BBAD44C7162
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv20.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	58143
Entropy (8bit):	7.996907279683717
Encrypted:	true
SSDEEP:	1536:BW68TO2X/i2z79oufxd9UELdfqShtnwjpMR7h34ZsG7c:orTOI/Tf9ouZde+/76pJD7c
MD5:	24B707FD8F1EA5BE94980DB03F9A4974
SHA1:	8A43A69E524AA1C3DFCDB9733B6F24FBF494A983
SHA-256:	D40D84E9BF8832D4E07C6F20B94E3C65779F5676250AB5CA2339B3DCBF0EC84D
SHA-512:	0811F17839C30C6E375D29A41D1B0F973A988F73D0E3433C70E96D71210E98EAED82AB0FFB9932F804F946F322F3EF05BB97B3A345BCB80648906F61C675ECEF
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv20.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	36741
Entropy (8bit):	7.99573234379355
Encrypted:	true
SSDEEP:	768:BW6NdIsjO+mlsN5Eju86k+lC3KI1T2xshPQZpjmz6+psQtHml:BW68/lsNCjuT5MKI1K+BY06Oel
MD5:	C4A315EC291DE2F3F060B1EFF06F822C
SHA1:	0AC931648653F07C6853E0BA0DA03369AF79B228
SHA-256:	5514E5CDA485D604D5D175050276EB54BC537AC3EDBB7FA9BE6BDF14922F995A
SHA-512:	CEB7EB6FC34073C090C4DB6B3AAEAD2A52BCC8339903B7EA9458B65E63B77B002734E10270C2140DE9813C98CE7F7F7D5738BEAD2047D603934A5FBE130CCC1A
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv21.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	99457
Entropy (8bit):	7.998216605387722
Encrypted:	true
SSDEEP:	3072:oevBHKusW1xg1krVLPOuzHUg28+U9NdaXUHro:bBHKusMW1tujUrUXdaXUHE
MD5:	8BACDD58461F723850227630FEA68F61
SHA1:	33C75A0B8BD260F260090ABF8F25BF94A11ADA73
SHA-256:	79DF17693D9C2475D709983ABE3B900E751BD1E58964EE34BBE8EA916FA07CBB
SHA-512:	69D1D1E4563A8DE7E597249F5490517807A89CBA0E72AB07C70A75800A41CDF5B54923E0C0FAB27CCEBEA3B20999C09A0E0BEDD40218473E8C07D637EADEB5D8
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv21.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32168
Entropy (8bit):	7.994435253905921
Encrypted:	true
SSDEEP:	768:BW6NE6olB/BmXzITGVePTRquaTG1vjNFKaVtKJWs08:BW6+RmD8rrjKqtKJWsx
MD5:	6C692AE84BE3FE987C5FC52FD5AEB9B1
SHA1:	FA422785D76A48DA99F731A0DB17478D7D142824
SHA-256:	16CFB08F9CC69C1ACDCE702214720F818686CFA9A42F3FF05526694564FFB431
SHA-512:	8D9C011936519483B04D6D1336D9BEA2272633BD550BF0DDB6033D06635EBF19DBA581D9FA8455A41BFA5DFC53D0171BFF7B692EC3750C21EF50D4C1F50B5A7C
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv22.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	100759
Entropy (8bit):	7.998386882859617
Encrypted:	true
SSDEEP:	1536:BW60OQKK6Rq8xEwZUzfHcm2bcKctvSRPCA0a9YdoB01M6mIRY59SkT8WNSQfUmfT:oJ8RqLrOwFdG/aeB01yIRIjoWgkVb
MD5:	A93213451F57225C3051FDC3A9A54D33
SHA1:	26642DDC5DEFDA68EE2E9C9048718FD09300A004
SHA-256:	685DD381523288E76ABE931E340D79A9A79AC66A0CFD1B320AB4273B856401E1
SHA-512:	E44E074ABED6EB5263BFC43A0DF6A9CD1738AB6B1D1A9E47157A32CE951C6BF5153FA3F253C1A7900FECA1F398F4C78A93B3D143E9CA2A243C88B2F0F566F8CD
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv22.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	40041
Entropy (8bit):	7.995642545194862
Encrypted:	true
SSDEEP:	768:BW6NnnkxCV72G3/1QpBiVDe0q6v3NcQd8DHGIL2Zak50f8r7ix:BW6xqa/2B+ev6vS9SbakeL
MD5:	6B13FB595DF0775BD7DAB5C4EF1CF33F
SHA1:	87695667DEBEDEA6F532DE90211A139E43061DBB
SHA-256:	DF4BBEAF14D89508FCBFA0E5CC50513B07230AC9956F9B2EA0B03A815DDA6B3B
SHA-512:	1CF8B936012CE8B810109D0B346574BF7CE2B39554D2961DEB82B7AF0A4BCCACE3E88CFDFFAFFCDD75B2B58524B17CD8A9D865048ADA0A739F57EECDE61978E5
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv23.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	93286
Entropy (8bit):	7.998129703606323
Encrypted:	true
SSDEEP:	1536:BW6Yq0PMa088aar1sa5V7Ps9xFtpPd+FdTHxjEf6xWwOJM11yZlbLAn:orq0PM4ar1saL7sxFtFdUZxQf60wOJMj
MD5:	1102C549BF4ACBE4400788190D6FAFE7
SHA1:	1625A297A43DBAFFB10C3F608D79E964C86039F8
SHA-256:	DAA3E8880F7B5A880F77D81700A439A5A64F59FF3E6B879BAD5CAA497AE3262B
SHA-512:	25537A6AC18D883FDB6A55E8B4BF08EE21C3E31006F618EF1B5FAB3042CF3B5CD234FBFA0D99E20B6713A5A441CD033B4F7C28C874288BD256DE016C6B8335B2
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv23.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32829
Entropy (8bit):	7.994035272067815
Encrypted:	true
SSDEEP:	768:BW6NBXvNQv2HVaVV93algtK1sOFSbFhSTEMKT:BW67VBVaD93algtK1nFXS
MD5:	5A706F42F9089D7AA5E568D189BD1BCF
SHA1:	F03514F3496ADA198C372E2322F832F3FA177473
SHA-256:	DCA0BF36CA8F7107FDB544AB5EC0B0DBE0368EE867AA49C5DA83EFF03A8E1502
SHA-512:	C6B1D36BF229980B605B4253C87A4AC1F36D40F857FF13E08978C764606696D2F05F99B5D5471DA71111B046611E796076C49B4510C4D69D904CB2BC652BB345
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv24.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	63980
Entropy (8bit):	7.997454343210385
Encrypted:	true
SSDEEP:	1536:BW6uQa7kqzEk9NIgRdJQxSdbRiLiW9RoLyCWjkL5YKG:oDQvqzEk9NIuRbRi2a8kGG
MD5:	1CA74733AE8ABBD526A623D582E90A86
SHA1:	260FEF5EF8B976E4F4AFC691A68F234042B4CD9A
SHA-256:	F717F00037738CA385C9AE1B3E037E0625E85FC98C8DE173DBF7AB7022890D2F
SHA-512:	B1AA1F49CD32BE6D3F7BBE786A58B784EC12F04A80723542A9C4BE8E46D7CCE3A71E5D680739B799786B2E29623CD81440697A2DFEBA9E84216B796342EF4AE3
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv24.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	42326
Entropy (8bit):	7.9961938809961035
Encrypted:	true
SSDEEP:	768:BW6NLQQa7c7qzEkQF2N2HxkNfRdcni5QNFVw5yv5aB2YsjpSU2/y5JMTPQokRgmi:BW6uQa7kqzEk9NIgRdJQxwQv5sMjp4yw
MD5:	E9FC5502E223B097FA82863E38696042
SHA1:	E9080049C173BFE988B52BFB2B282FF0ADB31653
SHA-256:	3EFD7525C6E1C07381ADC32A22B66EF88C64FF2E435685017E2496E6DE679537
SHA-512:	E34A02590B00F8E0D0B752C8915AF3EA8C3977CF5D7649B13EB905E17CE1BCA8BC4A0B8BCF0D638C1A87574967CA911FE644321A2A5F930CF320240193EF235A
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv25.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	98017
Entropy (8bit):	7.9982280992744155
Encrypted:	true
SSDEEP:	1536:BW6bKwZty86+ddw8GtnmjXy5UXfrVwuhLnT7vsyH7019PlMmX8N6z0WNumZKnzrN:oivpbGBPCV3jT70yH7019dMK8N6zrug2
MD5:	521EA1C6299FE47C3B8F46983A5F5F98
SHA1:	0CB2134FDFF277C7E673C7AAC0776DF32B81315A
SHA-256:	96DE6B919F013279A734B5227AE3338C63E18EF48C9C5994F9BA4856A53C52EC
SHA-512:	B3247B01D56B42DE678617C6B034FB28D753BD11BE374161ACFC85A8D407C898D57DFE72CAB97CD1E0DFD6728732D71358B8B8E1F7F022F1507F75618EA0C157
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv25.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	37706
Entropy (8bit):	7.995482814550673
Encrypted:	true
SSDEEP:	768:BW6N6Sm2VBZlYuqrq08AqILNc9asm3sAdnRlyPIHH/DMP:BW6Jm8HlYuqm0e2NTsosAdnJr6
MD5:	7BD0788C2A434C64645AB556C23A14BF
SHA1:	457BF437B71E509C067F9CA989F06507B36C7D41
SHA-256:	64074ED1669C55D065ACC85368F2BD1CEE2CC99A0DEF52DED9FEE6AF4B03E9A1
SHA-512:	535CABFB8E76FC86CE01E0C7AF284C49CC906C8C2C20FDCB567C8F198D913B41980C528E8C12B1AE18D76DB65E4353D76FBD7B260544539197D35CE7161631AD
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv26.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	53037
Entropy (8bit):	7.996873678733814
Encrypted:	true
SSDEEP:	768:BW6NA4KWz3oik5y3UcX52+LgquI5dv/Hxg+kzQqkq9qIrk/wXjmvkMcrbDGOh8c:BW6nKaoJy3352+p5dSHpqojmvNwZ8c
MD5:	7DC228BB1FB3CCFC2A310127002336EB
SHA1:	D8B6ECD339DC0286DEC5CD9EF5211849AF3B56AC
SHA-256:	4C3198AB4B08000E629C09B7C8CF396477C67136156FB0335D6BD09749D1AF0C
SHA-512:	711A83B7B03D07131D1500B8941A7DF06695186AA7871D461C01160EC55B7BDD5B9C80A9175B59CB1E89CBD2CDB59CFE8C45B45F1D12F3AA44AF7812F755F154
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv26.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	31189
Entropy (8bit):	7.994281553790379
Encrypted:	true
SSDEEP:	768:BW6N6GF0a5kjHtVUFLBwiFwBsfmV6dV2e29OQoQnx:BW6FF95kj/UpfejQdV2e2YQ1nx
MD5:	45DBEEB0F96E14C59F803893BD7746E7
SHA1:	A02C2C8B1394E30B8D22B1A7941D510EF17CC7D3
SHA-256:	4D8E74DD8F673A15AE145743B068776EA448DB5C5BA3998AA52284EE7CA0E49E
SHA-512:	7D6B2CB69F7B8177410D415DA23F9187DC8BA9E4710847A77799249221A7E61A30F1A07E5971B6D6FE1506DC7CB8A2E46D4FAC338905A3F129A7D2514F9DF67C
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv27.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	98416
Entropy (8bit):	7.99821113686373
Encrypted:	true
SSDEEP:	1536:BW6r3JOrGfAQmGi8dFZNWZhY20Qn88JROOmjjGuiXbRq2+FEHNSijyUi3Jh5dQZj:ok3JpcOWZjHXkuuMRq2+Ojy93sx
MD5:	C0D13EA141E94E3B4C3B46379BC86F2D
SHA1:	D2F48AE05CBB726F2428E4ED7B3524954745932B
SHA-256:	AB6FD893CFA08AD52384D6EE973A065BFEF0A9031B166B776CFEA50E82BEF86E
SHA-512:	DD1F2E8A6277DE2358CAA109504C696576A70E01A04E447D7FD720CD19D83EAF6B39D1DA0F1542697AF7D0AC9046A3D09E1E00BA0A33F4C85F1EFF230421C1CC
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv27.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32641
Entropy (8bit):	7.994716793370817
Encrypted:	true
SSDEEP:	768:BW6NCOggLFFiSgWEJEFkM84MP6zbHqIdrlPtBskaz0Qo8ME:BW6TKAxOGOIhllBsXGk
MD5:	E88B3293685B5BD4921F00B41181F2B0
SHA1:	465E6B6356B6DEBE9AEFD74AF6EF2E482D1A7459
SHA-256:	C215E0660D9D639C4815C9E21033CAE69A2B3640F713FBD131983E049AC12B0D
SHA-512:	F3ACAA0D303CC7F16FF83DA358AC905E6E8545D59097216CB9C9749F4BF6D3C6BD10731EA381CF2EA48A280EA48CB387629E19248C1E4927CAFD33799B5BC1EA
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv28.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	107963
Entropy (8bit):	7.998383266675414
Encrypted:	true
SSDEEP:	3072:orlF3F4IMAjjWsL6V2RpsNDJ33lblD7a+dDZWQVxztybt:glb4IMAfb6V+EDJFbN7jrx2t
MD5:	2C0C638204B7B944014072E9BD661C2E
SHA1:	0DB79474902F51D17F4B759ECC9B8832D010C95E
SHA-256:	152C8CEBCE73C59ADFF0CB6AF008E4FACF0645F48A23BB39284A322789515C4C
SHA-512:	5FED045ACC6798F22303475600F0A8A14232EE1A1B16A6A08A1AE02BCB1B51A1EE98F49563196289C90F6CE08F18453473BA974A7B5E0DB67B676447E4F4706A
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv28.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	40990
Entropy (8bit):	7.995348789067283
Encrypted:	true
SSDEEP:	768:BW6NYJjINNX/HWigAIDxhD18g20LVLDFyvWLeRkJxa7WdqNFnKbYl45ZHQ9:BW6QjIvX/j+DxhDL0vWqR4uWtEl4LHg
MD5:	543591DCBA79B507C11B753FDD53D763
SHA1:	2857BC187AE459798602C1934DD5CB8D0AD1A38C
SHA-256:	836B6F24C024DB7707C7305AA84A15B2225E6ADB4470D26B3112FA8FA87197A0
SHA-512:	45597AD2995C6279145EABC6720AA36ED5288FDA7C09DFAE160EDADDF6EF40A895415E9E9515469A228CEB12DF5E01614C078D57A10D47E62FAA4D8685FCDB19
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv29.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	96113
Entropy (8bit):	7.998130790714943
Encrypted:	true
SSDEEP:	1536:BW6HF9pfWVCSg8i3ClEmOZ5B5rDTIxJl0vyJcTdsOfX9pwnk3OLrh5:o8F9p8CSghSlfsB5XTkJFir/L8k3O3
MD5:	7C68CFB5F5AF152F8D9C45C83968F9E5
SHA1:	CF14E3B400F43071E3611D692E50B43B5E7FB0BA
SHA-256:	68A83A6DEFE3F339E116965863EF4C536D61503DD87F6ACB3C1ECB18B716821B
SHA-512:	CE30831FC5C2280BE067D6F1C51CC739B9E1CC152C8296E439C055E817C408C8CABB621A6B0E1D86858C9214E6929C5EF39A910663FABEC5199B81297A9587C9
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv29.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	35504
Entropy (8bit):	7.995373807133793
Encrypted:	true
SSDEEP:	768:BW6Nb1X9c/jyps46MdwPtxJBAwLGDIJIvQiDHqyAYL7sH5f7duO38Tbz02PZ:BW6F1Nc/jyCfMdCxJTLG8IvQ4HH9If5Q
MD5:	737A1374A5503F702CD7BEFFB402D3D2
SHA1:	1A780B0A10595593080718EE112922ADFD48F6D9
SHA-256:	9B18FDD03F15144E86DF6AE41BF04793AC713BCE12155D2AE55274CAC80093CA
SHA-512:	E47A9153566D17BC20E6E69DEB7702AECC8D6BDE75674616AB00F64B43F363E8ADDA42B09B663E398FAED5CF6920D18F5BDF9D757A5F438C39C6CC87D353E215
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv3.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	103242
Entropy (8bit):	7.998070019674833
Encrypted:	true
SSDEEP:	3072:obI5molIWlq0BxiLaYx78MBN90hU7gPqarJL7A:/soKWlHB3sgMl0hU7qqarJA
MD5:	C0300FC156DB04F541F7ED73F9FDBF8D
SHA1:	5F832818E0F6B3FB867132B3029DF65846D2DA7B
SHA-256:	363F0AC6CBCA8A470E1974AB22630E5CEA1862260136681E890D9DB5FAF8F6CD
SHA-512:	08F3E05C60680BFA8E2F9A01C10DDB1BC8A811022FA30E8E4F85288C630384737DF2A50F431725142D7E6C3CEB379CB8098E0C7E53BDB510A2C2F01A229284C3
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv3.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	51985
Entropy (8bit):	7.996722146000946
Encrypted:	true
SSDEEP:	1536:BW6JL+upCfhsjQCT+k8aXj5wnH4P4Yb2PNr9PDKNSc5A:oG+xfhfC6EtAZYb8NFDjcO
MD5:	6F3F2AB7AFE7A02426C29B531A1E2059
SHA1:	4DC70B7C61290ACDA9018EB6CC232B5FF1489B90
SHA-256:	BAE2F04E13BF7FC6E3E17C37B5DB13A227A9F4FA715E1B4A854A836FF549DDE2
SHA-512:	D4D1FBE47907FAE1A9E8B574D8024BCF447BDD40AD31C59044A9DB1E76A66694674FF8CC2941610F70A2ED8B856CBC8F2C58F287F6EEB7204DF6212F3D3305E3
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv3.2.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	35504
Entropy (8bit):	7.9954059317529005
Encrypted:	true
SSDEEP:	768:BW6NQoNJKDsIp65+iKvPZhaUnSgIt+Gng9DuwX1cpsrh3RqfXacIS:BW6+oXTHeTaUnSFDn09X1CuRqfXau
MD5:	BCC3E81F72C645434C9481A2116C60C0
SHA1:	292C7B2855A68CD0D73A1463E2BB813D35545828
SHA-256:	D9F8F7214FBAB1A34E05A598294A8334D349805E6769055BE2156A9DD0B6DABC
SHA-512:	E7C33B0A9A1241831B16AE67852077F3B33B7981606BE961D8468426F6B74C3CB0350E714DA3FD9648F17F679049E6E55AD7C50D28AD1B466E3395B914E660A0
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv30.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	105116
Entropy (8bit):	7.998285268709793
Encrypted:	true
SSDEEP:	1536:BW6xUV3Pu+H8iG2VSSR46tZRW4paQXjxOSbIdzsEJ2D+BE9SlIUry3Hrs2lf0UJY:oYUVJG2nDTIIaD2kzrE+BDn+Xrs2HBK
MD5:	FCFC417613F8478F23B9C140BB23F4A7
SHA1:	E7E01B23F7676D2C0800010306E7361532B9B71A
SHA-256:	C97DEC1EC391C52D9A46BBB89E5930E9AE550D7052C143C5FB682ED713DE2211
SHA-512:	EDE0D546287D8EAAF4BC12A094F568B3B9DBDE21C29729A387F6DBE482EDF013A7C9757DAD7B71B392A0BF3342C0DFD134AF01F36D9B02DBAB292A05FACB7EAB
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv30.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	37229
Entropy (8bit):	7.994543928422013
Encrypted:	true
SSDEEP:	768:BW6NJKtpB5oVnsUMBcDf3fRZV6ioyxr1nThx+B0LZssfebqc:BW6Xs5EsFcjV6Ny/hDLZssBc
MD5:	6C2BC1DA0BBABB0DF6F041BA937A20B5
SHA1:	CF937FE32F3547B7DC36BB5CAA1A6935F6EBF96D
SHA-256:	123F6347C23DB951962166C5FAC65FA4807E2A1167143608A9701E8485CD903E
SHA-512:	E1A805EC88FCD9AC15F420E3A766A9ED41D57D8BFD104C9D4326D3C4EF91D56B5985A7971FAA36879C5315F1060E301609D2E217FF6AEEF1CF27E5EC51D08D12
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv31.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	100022
Entropy (8bit):	7.9981863880802235
Encrypted:	true
SSDEEP:	3072:okH6QTNR1VHEgWRq521huDxmFscVDWzsO:WKrNW71WTcVDA5
MD5:	6E48EF4B588D5002062771F83B511CA0
SHA1:	F62D62F9EA643704E4265A5765157743FCE5B794
SHA-256:	CADB718A410A980F1AF13CA8A1036CB2F39D7D4FC9950C87835C4EA52096AB0B
SHA-512:	DEAED369CC05F5B4AE8890D9900F1A5F20501EF53B3938C32E9EACEA943C7F30AD544642D07BAE679B8E842595EB4C2F20ECE442075A77024CFCAF00740CF117
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv31.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	31714
Entropy (8bit):	7.993413464931367
Encrypted:	true
SSDEEP:	768:BW6NmHGlxxDckhL+OHikgd6UsbsZf9VD4+1BvnZYr4zN:BW6oGlgCL+msPZfo+bZYra
MD5:	49B41606048FB6579B5C827AD76BEFA0
SHA1:	3F7576EEB4DF5F05CEEF96F4987B94D3BB539A5D
SHA-256:	973FA4E3E481F20E7EC967C2E187BBC36190855B23863395672AB3BA273E2619
SHA-512:	96206542B22540982A0A9B485140541B9A5368CEC77FBA126C5BDF8FBA223015C44157E1A77E15D936C4B86E94CC9017D1A58682F73EDBFB5C438FB496416321
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv32.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	100086
Entropy (8bit):	7.9982240430769815
Encrypted:	true
SSDEEP:	3072:onIwmSjknvnvYoANpvMQ1gM9zvMsPxZxBV56r:mmSjqnH0v/gM1M07V56r
MD5:	ED55D55ACBF2BC589FF4137F91BA917B
SHA1:	1DD3FF5BB16B506456E25715D3DC3AA46DDB1794
SHA-256:	B45B6C087B04A99B7E0B08ACA4D8A3669E195670F9EBE3B8296EAF06D54EBCB4
SHA-512:	5FED35382747A4C24766338C8E976C656F407DBC24BFBFE8AD18780598E64AA1D2793C21282ECA0535A14DF2F993C4090D54789B018C0449E1E7BC5373B2F935
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv32.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32338
Entropy (8bit):	7.994565423368479
Encrypted:	true
SSDEEP:	768:BW6Nz95veaYU+eg/V6ohlSRbwqxXofCVY4akXEr1hCpF19ed:BW6XpeG7uY8qxXsAXdpUd
MD5:	DC6D00260945F7978A7BBB54898ABDE8
SHA1:	27626BCB0CD95894877A0F8EAC9F4849AD9A0C08
SHA-256:	5973EA970E87174BE790CF7920EF106E8826927C68A3932176EC83D9FC845BE2
SHA-512:	344AD352CA33C033AA50E14C6266DA2BED5C2DCD3E021B0C443C0309480D8AD976584C0A6645B37DAD5A32FADB978638D80ECEFA2ABDFDDCDC4CBE820175810B
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv33.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	79783
Entropy (8bit):	7.997670760162676
Encrypted:	true
SSDEEP:	1536:WBQAJjVqofoqwPb0C+loboSvZZcDZ7RPwvj25ED1I8qgUdlo8nyJTz1VxRH5IXm:W28xlwPICbhvTEUJ1K1nyhbH5cm
MD5:	FC6CB03ADBADE81946405E3B8CD984ED
SHA1:	E3F9564E9022B7BA796E8459E37EAEE3093E4FA2
SHA-256:	BBCBDFB17B6F8A56A676C6AAEE166C8826EBE29AC602D40797A8D8584567FB2F
SHA-512:	A94E2B53283E8FF4F9FE55606FB1566952927AC09A8FFCA62AA42576FDA20753C6D69E3E74CDF4EF1A0C2A8C891F433252C1397FBD098F60E9CECB1DA1A69CA9
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..74M.a".@...K.=..hnv.\|.oU..}#..c...5.c.o....o...RT...o.-(.#.-.D.^.v.LK...0/.O..Q.n_...].\g.:..jJ.5.+...W....F+....l...,x.."...!m.e...=....nUX5S....<.....o..cX..X....<...v........C....+%.Q...+.)..f....R..9.@.cr........Wh+..%..:n.i.{`%#.p..m....lwKae.l,..`....N..B#..!u.b...N.?2.+...3+..X....../....e<...L,....!..}F."...GB....\|...o0........5.u.H.......F..@..t..b...X4K...(%.,S.q.............K.Dw..."......n ..?;-Z.2/./O.a.h'.ji..s.s.dC..(R.&[..[.W......h..C..{...7".....h$..;...=.Z.<.].1ZpJ......[K..;.W...u..e..yM.s.E.r......;..K....K0n....J.,....Gr).".jy.3 S.,1l..D.>.,......!.(9ibe*....E.v......)..\|..w....wU....q.;.2.H..I/.99\E.C....$.1..?.%...... ...-.C..........#\|..N.B.SY)...d=.w}.y+]..<}.K.v..xu._..M...r..X.;..G~>...q}.i..B.g.(K&Q....g!n.&.G...e.=.\..\|:3..,4.X. .C.i..SE%.XQ==u.]..$.......d........l..).Y....!Y.<...[.......3..2..( ..X....X.I.\|N...:..m(z.....`.{=..N..0.T(....

C:\Users\user\Contacts\iframe\rolloutfile.tv33.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	43734
Entropy (8bit):	7.995729472063912
Encrypted:	true
SSDEEP:	768:bPsad8CFhXLcC2PgGAPaxVRO1zc333+U7LIy2EvnodBd3Yakf2oVqgm0iLI8591q:tO8hXLcC24PasG+KJodBlkuZb5jq
MD5:	B8CB9F8CFE0B2CF1D2A3DB4BCBE3877B
SHA1:	57E4BF0B0525A2E3D65402662D26739972CBD754
SHA-256:	DFC17DA79A4411615DA5A92EA9038BAAC4061C2A200BCD98BB7BF325DDC2BB50
SHA-512:	404188F0AF8F0105BDF7C265A46ECD142DD5A05F2956EE13402740981FE9E5652A755126EBF4F89D036EDF763B11D86DCBE9E64FCEFCE83DCEE7E59954053432
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7O....E..G.. .^.B].....T....r.....A`..4. ..q.kA%5.cB.z$..v.w..+..0....H<.....g...H..l......_..T.C..`'.b._Q.n.h.-...._A;....sJ.......A0^..{B.8.........H{..Km...1..F...2..t....0.mVk..o..L.2J.b.L..Nlk...I).v.j.v.Z<..S.].U-...~..,.w...o..>......4..r..:~>..\....Q....J$?.\|.87......TH..N..^.....9c.'.[.:.{........8.t......x+.>p.....6i............y..I..U.k...I.z..J.H..U..P..+y . .!.....U.\.. ..3...Cn~... .....L.W.t10..*..bNn....Y......%h.z.A..=...4m.-M.M..<....!.!5'.p.IN.&.)].Q.Sur....6V....4.Rx...k..}j....-.......f....}.<P........h.i{0.W.f.M....,..../?..6.....;..m;.o...$........}UcA'..no....O...O.W..6.Q.....+.F...g.._....y{0&=.).8n......EZls!wbP......uL/;..$.H....^..:..Yq....k."9,.zL..#.`.p..ih{O.....^Gt...]..........\|...l...&.z.P..}..t..\.k..:...>4b....y..q...\..7.-UQ.....:.S.3..6d+L.E....xg..C..}A ..KpA....,.\.Z...\o.y.4.g...d.........J..o.0...,y.S....{.[y9../...Fc.lE...k.t..E.Q.5.$Ns

C:\Users\user\Contacts\iframe\rolloutfile.tv34.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	99037
Entropy (8bit):	7.997888245921803
Encrypted:	true
SSDEEP:	1536:BW69IScAcb+rCsJoAQvm7LLsIw3o1QAyd5mp9aVWzABY/rkdeUmVgjpjpau/KGrd:oi3W+rCi2csFKm/VtBYAd70u/9wJF52
MD5:	9DDC5E19AFDF801947E63E9F1A4CB172
SHA1:	20A2A279E7E619FBB293500559F5485FCCD8101B
SHA-256:	3209106CEAC1D911D2B5BEF0EF2441E9285AB933701BE9E4B9749C773B83FDAA
SHA-512:	8D07AF43F5AC27ED332C8AA8B1F6D9AF92E4025D233124E77C1B433C5AEC8958AD31A4B618B066DE6AB62165134315EF949C6A2BB10BE31CA797ECBA528C5DAB
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv34.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	38199
Entropy (8bit):	7.994828083625625
Encrypted:	true
SSDEEP:	768:BW6NMP+zF9wefol+psQuQa3h+IVbL3Z+qOMy5EKxAR:BW6lFykna+SXZ+qOMtKWR
MD5:	BA63FE08745649EF7409FB4B46CCC9A4
SHA1:	41183AF44A3F948952D72E609934D58F6AE7C77F
SHA-256:	BAE33927C53C629FBAECB3A6578C128FEB37A9F49FBB6AC8BDF8CC6386BE6FA0
SHA-512:	9D9E4AD92A96D3160F8392231021316659B791031E78BAD7A87E7722FAA50A8A704322B1D2C1E716B975C2FE45E904CA7B6BEA249C67E9E5F7984E079FC51579
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv35.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	99251
Entropy (8bit):	7.998066777711538
Encrypted:	true
SSDEEP:	3072:oDEhVsfQNllK8auRX075JV1vu4fO7HmER5:GEhVxjAwK5J3uiO7Hl5
MD5:	C9AC9354B7E5BF16E8A02D8912BE5B25
SHA1:	830CAE5E71F17FBA34DE2EB0A78EDAF21B09741B
SHA-256:	7BFC65C85AE5FBBDD681F92A3901A17BA9D7E5F55B705967812E53D2855C4244
SHA-512:	C5C96F652EDE2946B24C74DF6548DE72D29796BA3A66DF06138B898EEAEE1B5ECCF6CF84D31184792B7664F9BEB3021E357F5802906A0964AACE19E76F0AE5DD
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv35.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	33097
Entropy (8bit):	7.994609982490262
Encrypted:	true
SSDEEP:	768:BW6NOh3fCcFSodnPvIsFLBhTWFVrXRRDtlBwyHyWqQ:BW6EhvCgtdHBPEVXjHyWqQ
MD5:	B885A0966AF37D3A1C28EB16B505A751
SHA1:	B51E6526C987935FBDE80CE039FDDC3E0460AB2A
SHA-256:	6A9A038A54D95860E3011F93391DBEC99FCCED9ED7A1A6615F5F8A1FE50A3157
SHA-512:	68F2896F74D6DCF3DE4A6BC13B9F378E2428B26907AF14D5B99CE335F52835B01B97A56160A81D8725D0F023057D1F5E4CE0BD8DF0816E0F38D2510B09687B8E
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv36.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	102051
Entropy (8bit):	7.998156418187762
Encrypted:	true
SSDEEP:	3072:ogGkjn/WTIWJEKAYvZfd9DSPToJuewpv9e:ECKIWJLBbSLswpvM
MD5:	95A6D0ED38A760F66FB112A5DE59A007
SHA1:	B8ED6F61A7C517CD823F6D5CE0E9217967BEF890
SHA-256:	1917C0F40A87CAD58D49123CE2C7626943504C0F1B3FB8A4826958DE2FD9CBEF
SHA-512:	C0741E8EFA86F4432817CE679CBBD7A74EE7D67891E5FE23826A8AF8E114C911854480E9762FD937D0E4DEBD4CF82E33B2F19A7DCCC0F9128B6A9DEF8AAC4D6C
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv36.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	34219
Entropy (8bit):	7.995028541539741
Encrypted:	true
SSDEEP:	768:BW6Na79PrmgozVd79x9H4l22VjNHVda4G:BW6W9Dfohd79kl22n1PG
MD5:	946B26FFB476A97FE2151D1EBC46CB15
SHA1:	7C9E829F00161D1C314FFD35AD56C87788102DA2
SHA-256:	9593E3D3D284E900189B6F8E5E473B0CC83C817D7E58C649E10AE9672B005E36
SHA-512:	D0F5FAA8FB7AC11B6C0C5F5599D991B8073DE7B314D48903C3536EDFCB0B73C4241A121A8F47DF6C67F23EBF63918418AEF945F5C17F99231B82B5026C60F43C
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv37.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	102368
Entropy (8bit):	7.998287814737377
Encrypted:	true
SSDEEP:	1536:BW697ZjN7E9eeTnfPLqxi1p7/p0A50FjiSyvNeLweTOv8rWEFhCtRthTkJ:o27NNQkQHLqg1N+rFt5OEaEFSTY
MD5:	27F06D436A9F1D9CFE5331BB820C5886
SHA1:	E1E7C6A9DB93EB16537CA3E55FBFF36AA03F6837
SHA-256:	871C8926B79A0BAE43A035E00C030AE79713A6B2B15116D25A9D0DD967D433FB
SHA-512:	7CE1F14E46ABD85210DF7E3AD957542532AD22A77E3B5D111EDE0C6B8912A94A0845E52E37BA2206B4816054AE824DCFE9438E212CFBB37B4C1955EA5B7DC72D
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv37.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	34956
Entropy (8bit):	7.99390210191762
Encrypted:	true
SSDEEP:	768:BW6N+314uNtmdalgFjuCUoMZ5Lp2idgAAuY5moUl6fKL:BW6sWuNplg1uHjXHAuYkl6fKL
MD5:	59277C66CA0C3F137749B2F0CB6E5C10
SHA1:	7EBA4A7CC9AFCCF75DE58D365749295A8969CD42
SHA-256:	5F98CE2635A33388E7E3D7793873D6304AD31BBB7D33362999D418E1297515AE
SHA-512:	F127BFF4423F9D072D29E35D2C3CB0587D777ACEC9DB16ED1B762D4B972755DD7D9FBC737F6D0A9369EC033F76DE3F4B9C5D23890C98D102CC86F6D4DC3C739A
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv38.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	100625
Entropy (8bit):	7.998258836304681
Encrypted:	true
SSDEEP:	3072:ojxobAh8Z/SFNO6swJ21ekvIhdmeDRjqcTb5NB:yCTZ/4NO8Q1e+Ih7xqcPl
MD5:	C607F49179483B4A4FC6D510E225E5A7
SHA1:	424BF0A62051C28C3E3872E5F78320E2F66E8F29
SHA-256:	E00BCDDC005391C50994D8C32487BD8218CAAF3D1D05CC6925BF810A240EC852
SHA-512:	6A6A907DFC581C92B205781CAA9D7788506BCF66103A790159546D06E00E9EE3DC3512E8F8D6370577D781AB7C13A106896EB39238D302CE3830E47A43A39C6C
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv38.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	33039
Entropy (8bit):	7.994125857127421
Encrypted:	true
SSDEEP:	768:BW6NDBqY1ZYCXu5bgCU/IIynDlmDPOxeUXjWx:BW6p1Z7u5bJsIXokjWx
MD5:	341724703E215BD6C8B1CC913B43C760
SHA1:	A348E7BEC48CC02A89C81B96ADDB5F72547BAD1C
SHA-256:	21F9220D1393695A01ED52B0BA713832AB84686ED71AEEFA5576ACB04FE961E4
SHA-512:	BD6A8E7AC01FDF7B3EE41E624AD5F5569ABC41B77EB83381A8E4082C222BB5F5433F60A8CB33898DE3E029BBB6812610369D9C118AB0CE1C012DCF97D31A8737
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv39.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	98042
Entropy (8bit):	7.998232771168422
Encrypted:	true
SSDEEP:	1536:BW6XQPIX4GVmnGevnpNxj/tvYWvOfaYTm0ZjWZVwkss/k3/9Okm+DJqziTGt4jzH:oNUVmnGev9tvYW1pUWXwkxyN96mRlNzp
MD5:	5FF15A57BC129B5997E1ED33B59FD859
SHA1:	D9748C94D6986C5914C7ABAF7F941234ACFE3657
SHA-256:	EA50E8F3C7A99AE4A918A9E123F598056877022BBD2A9952538FC11D917C7D9B
SHA-512:	6D124768092CC59ABE911C60A1E17CAF7876C0B449318A912EB892CAD1E3A267E33B03C812D135F56D514D041DC7D3E0780DE5FB46285C386518B057901B64DE
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv39.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	30982
Entropy (8bit):	7.9936602257846285
Encrypted:	true
SSDEEP:	768:BW6Nw89x7jFGYusgi9XnetODMhBs1PWsGef2/1X1PCr5n:BW6F9x3TuGk01PWsGpl1PCr5n
MD5:	06A392C6ED644F5EB544528F0F943CAF
SHA1:	F355C8E5D3FC6A45E451EA716F576DA2DF8C585C
SHA-256:	C6979DD2F845F6CBED19FD786A169D1B7E0F2B769912A0E7F31076870559C499
SHA-512:	5B205F29E9ED454018621B3D95031B7A27B3D807A4556F4561BA2A8A6268505FD3280EF109DB44CF4005D3C2DD1DC64393540975451DC45944C3230F459B635E
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv4.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	100840
Entropy (8bit):	7.998100994292755
Encrypted:	true
SSDEEP:	1536:BW6O+IYxyqQ9b0WMBCWjOsRFv8NCbY6aGtgVxkpLDZBDYbSm9gFnq+Tahj6rru:oAgMsWjD5FbYRLkpfnDY2VqRhj1
MD5:	69233711359E955EF620804A89773A01
SHA1:	31BDFA90CAF80D82C6ED0AD96F5AEC3E76894438
SHA-256:	4F2D662F51F476511B875EEA8D545B3B398D5D636955565EA7582A5170AE5942
SHA-512:	D625A81C8B2CA91366276BDB60CF9EFB291AFCF10105BB1950605E0BE284E2A09CBDE283CE5CFF1C5D889BCD2B0C8E20CA1A9D205E9B11D0762C38F5CF0C339C
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv4.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	33061
Entropy (8bit):	7.994303843711856
Encrypted:	true
SSDEEP:	768:BW6NC4JFpvJfPSG1OCkkF749AgxhDGLKVUNqr6W:BW6XjTfF1AkF7cDGL126W
MD5:	85FA11E8E404ACB68CC0E94112DE4EAC
SHA1:	9726564F9B236EFE6A97647AAE5CD33D221780A7
SHA-256:	4B889FDB958AF334996955C1D16CD0E8C2D8CA32B0D7E6C1D48CB7F88C74E503
SHA-512:	0F3B1B2BBD8E6CD60F1B6923192AC3AB5BEEE5FE044827D929BBF0A32AE3AE46160A73EE572878AF84178096C947D3D779DCE7ED92DF2DD0A1F490B68FF7807B
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv40.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	101881
Entropy (8bit):	7.99851186478424
Encrypted:	true
SSDEEP:	1536:BW694jBnxeUrwTeoxi51T2o/IgODbDnexQOH1mehLxun3wbfwRFsWW1BL/tzyoL2:oD8ThZ6IgUbqxQODxu3wb3/zzErP
MD5:	5650BB8A3AFB95778C068056EA82F1AF
SHA1:	3862B30011875537FD471AD3EEC60436E151B8F4
SHA-256:	3D6BCABE68EE6DD6CF5B1CB75674C71A4AD44EA1DF2EEF5B9247E6832367F104
SHA-512:	EAC304C3775604D0369336750F343CA2292F348FA9FDBEC3D80610D609DE0795668A9235223F70FCD46E8D6BC59CB8C0EB5762ECE3AFC08F7B867B0686AF28F1
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv40.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	36152
Entropy (8bit):	7.994665199756768
Encrypted:	true
SSDEEP:	768:BW6NyS+X3jDMzxYUUo1o6ySohxIl1RUY91xOpcSsUPrJmMWLjlQmmwB:BW6MJXvOxY/o1h7ohGlTUdpfserk9hQs
MD5:	136E5B4E8CC6E1A10CD31A82271FD432
SHA1:	CC75803F4A294AA7E5043C924C5564E11BDB01A1
SHA-256:	541A4CB4AC89DC976197A2A355237633E615DEE30A717C1F822FB0387BB998F0
SHA-512:	CED73B5453D8A73FB9EA953659A3D6D57F39843354D3E18388D2D6926B3917082F98C8573B32C58D1F6040B0E9E6BB791F7A5C21C0BE85D6CD579F51205F8461
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv41.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	106388
Entropy (8bit):	7.998355984294275
Encrypted:	true
SSDEEP:	3072:oeXeOmEBIb9CWErJZcZGYL3DRg6egHEBKC/K1:Gu49CWE9OZG0SNgk/0
MD5:	EE38E0CD908F86BB34C79806EF14B1EB
SHA1:	09AE883AC80691697BA410143814877F174C5DCF
SHA-256:	2F062581D9EC9D7ABFE8661AC22B933AFC54BE7389C61C5DF0DD96046BF83497
SHA-512:	8A854C366554381F645FBC75EC7E7D7D2E647F949738B1C8B67C3DC05BDCBED46E26AB9D76F30F56DBCDAA523C090338A10E6DCEBA9158B5F281885C5FF1DA4B
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv41.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	39585
Entropy (8bit):	7.9960939395156245
Encrypted:	true
SSDEEP:	768:BW6NFGFd4QWyWse5zIJX/0Na7USo10TT4Od6lGD9raH5L1sPklLfoN+C:BW6SFdlIzMP0NfSsGTrd60prm5L1L2Nh
MD5:	C2E464DDD469ED66377B1D87DAF374E9
SHA1:	872D185AC8B901066A18363671F5CF82577D343D
SHA-256:	B8B6885914A26B0783B641F8FBCAAF2B9AB77DA95052ADCA3D72AC8A2D85275A
SHA-512:	C95D062EB5A071342911C5A9DC504054FD449AD1DF0E12A7407A88829D2A8CC66D552536E3185A4627B1A6BDD2F3ED9718653C67874791E27D9DDD5A8EA7F6C9
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv42.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	100537
Entropy (8bit):	7.9980900812264775
Encrypted:	true
SSDEEP:	1536:BW6jkgvEOKgj31aCxB7AgOUNEBaBAFdl52UD9uVwwIZpxtYeoyMIvWZLdy:oW3tKgtxBM8jAFdO+9uVwwIptYoM7Hy
MD5:	F073FEC496AC5960CD531E513B582CC9
SHA1:	452E711982ED3EEFC4DAC87D35168FB71BAE072B
SHA-256:	C0177D09026E291B5D9AB07270EB11AF84E803035EF40AB3E049C5A6222B608A
SHA-512:	F817FDCA3208C4C0773F4AA85607B0CA8EC17DDEA8669CDE8DB791A156E2D8FA0E2948B7CDF9AB50D2CCCB0013C59B4EA289A284199F084B95F5F361C33A9FC6
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv42.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	33474
Entropy (8bit):	7.993793390704863
Encrypted:	true
SSDEEP:	768:BW6NulOXTDacv8T8j9H89dag3n6/xbqYWtdtOBvSt2UHQ+NZAk:BW66OXHLU8jV89LUPWBt2UHbNZj
MD5:	CC1DF6047E4681437B87702D383BBD98
SHA1:	D92EE9749E6A0ADCA26B5BE52995528159BD153F
SHA-256:	21F765962B28615E8AC9FA0E54D71B14E85A44726B2EF67D8A2C8B0B1D800A34
SHA-512:	F40F9D13125CB716A92172DF40DDAC2D0296C80701B25115E79E07E1F9157343ECBB981264D63CDA2C53555F661F4EF4350250D9768760F05339D1D48E2AB42D
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv43.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	94068
Entropy (8bit):	7.997730230347179
Encrypted:	true
SSDEEP:	1536:BW6avOkNbLnegxT6Qa8DWEFkBFRHZPAkvWCeIqmoFM2wVLKcThJ:o+k4gcGioe5Pzv1eIqm21QLKcFJ
MD5:	52DBFE44F46C542099A53306A1E20721
SHA1:	6AD3B8DE484520F4B35AFAEF79380BA16038EDC2
SHA-256:	E828D0D534098273B0F77F37A95A07F1451D0F594902F34768337AD2C381EB17
SHA-512:	88E1ACB045F826CC7D94197D52CEF676A6B52AAB8CC4FF814867C329D8FB0158DCF0C855B1ADAC4E9E44C7A62D27431B94A1E6BC58086C0144F7C1816C6BD71B
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv43.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	27801
Entropy (8bit):	7.993413795984102
Encrypted:	true
SSDEEP:	768:BW6Nw/Q/zvpl32Cp/vaiQLt4YCfocDu0jlVCNMQm2KUPQOknsx:BW6uyzvpl3BJQR+focTlcNXmh5OCI
MD5:	87AF00A1137B5F8D1E68C3BF739A5BC1
SHA1:	0B46C8C6819134DEC64A985278517738F89856AE
SHA-256:	86D5C6999F042D4ED076DB76B6F24FD94B462A88AB146922CAD236DFC6DD1C8B
SHA-512:	9397360C7A294CC9DB1D84266F90F6E81E42FBAF93B1531203385637DF53DC9696CE7EA024D690C5D09D025C964210EBE91D8CDFD70C34A87944E5B6DC3D3044
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv44.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	99074
Entropy (8bit):	7.998093404053396
Encrypted:	true
SSDEEP:	3072:ouvF/yBobA2DKdpveu2SzyIH7FU7yNAZC:oWbApdpmY9WXZC
MD5:	AA3B049417B78B1453B7F83A8840704D
SHA1:	D51ED06C114F7C6DDF4EB95BEC14BF84631DBE41
SHA-256:	5DE3E13B34DD3AAF6B4732C189D9AA396EA672A53B6D39638D7B13BFB25A11FD
SHA-512:	4ECA3C30079B880DD4A41E28836E14EDD316AF69F8DBBF3680702933F57B461B2164C1DC11395D28F81B56507BCA49A2119D8A61DA18966CD685E36E489951EF
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv44.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	31845
Entropy (8bit):	7.994830977471325
Encrypted:	true
SSDEEP:	768:BW6NXTsdEv2rxnAUAJYb/Kqj8JZjbZsLbBn:BW6ds/rKUUSCqjmZjbeLN
MD5:	AE721CD59DF67789B72FE5FEBC3903F3
SHA1:	A1AC6F678715E98E6DC412E3B06BF9556181B4D3
SHA-256:	929295B2FDDF474A277B72791FDAE5F9E606C37C6EA553B45ADDF0558A0F89F7
SHA-512:	EBFA7BDE6E57B6FB5BF114E92E2CCB71963D8B5520F386350F2C576B0A5F6A70F7CE477341852BD79140A0BD07969DF91FC02834FD837A64DD08510F4F1752A1
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv45.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	53792
Entropy (8bit):	7.996398865809003
Encrypted:	true
SSDEEP:	1536:BW63wQHGB+Ee6ignaq2v0MZe+/OjwqHhWDNuy:oOwQHw7e6ba/HBWjxQhn
MD5:	E5BE9FE9FC69D4CA4FAE3E164BEEF8F7
SHA1:	4240C824C6D42D0E2804BEFE78B12FF6DD441E31
SHA-256:	B8058CB5EB9C0B765F5A278B8CBF144536150FACF37BD79E4837BA2AD0DEA629
SHA-512:	6F01667CEF0BD072A72B07217B21E5BF6A14AFD3212A17BB106F69F3F479D3788CF928A0A87A71975945B78D9C8B6A2D423B31DC1EDC28B68AABC62F4562F713
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv45.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	31813
Entropy (8bit):	7.994070863700724
Encrypted:	true
SSDEEP:	768:BW6NC8gc37E+Q7Ia3g5fzgXwcMrcgFcKeMLlwWExwP/BC:BW6jzrQEaQ5f8grI3KeQlwWuwP/Q
MD5:	48CA22EB8386290DFD54E8C474879B52
SHA1:	311CE04FD8D3C5ACD3BFA13BB3024116F653249C
SHA-256:	3C52B3127BDCF7C2AF11243F0A51DD46FC4A8BF458C8C6FA109EA3F92A60534C
SHA-512:	7EB4E12727F50E75410F9986238B69274C2091E30BFC49459738D93B3CC19E54432C934E121A4656DB114D021BC8DF3A3E388D5755A3D0D583FBF77081E49F7A
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv45.2.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	103785
Entropy (8bit):	7.998154804983971
Encrypted:	true
SSDEEP:	1536:Z3LmKk9efPMQ8014sMlerA6hmOGcpx9/jz8Uf3OxCOurgcrPZ5lBWz1ZWEb5:Z3bFMQ8eMSx9vVuCNkMzBG7Wy5
MD5:	FDCDBBBAEE3059F45AFE1563E6CBBFA1
SHA1:	070C618BD94A68CBBEF90A7881613374B10188D0
SHA-256:	14B18605E1084E969EB0FD796C07FD885ADA907947291AF17997DC91513E4DD5
SHA-512:	97DD90D5317B04B825BA3D47F2083155441DE41F23B077D64DD98871C55EDF01C9BCA64F593DC1CB54B7A956551C76E6BF35A0167BE061B9E5B0781BFF22BC84
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7.....".L.:.M4r.v.t..b..tO..~.....&.G.....;.....,}..E<..23!...\i]...n.!...I7}(.V.'...x. .......nDB..P.^.1..A.l.-..h.r.BC.Y........7d.......\..Uel^.....^y./...?.W..0.(....K..tg..l.......4.yYQ...HJ.:T-]!U.=TB..=?..s..'.< #yE<..`FY.g...t...X........c..]!b6...+....NrX...&.I.v.J.d._..{.]k<q..?......<-.......u.7.Q...*v..#.V..G.A...?.u.{.,..%\0L%Q...$M1+.'...=}....S....w.....0.~.BQ....S7A.A"TL.4..]..=.....}...lJ..".o.w.........9.N.fKN......D.}.........uE.f..(#../....gw..._o9..!Mz....A...;\|...tn.#.<.f..q...:. .F+K.......X....^....C..../.Pi..a.{=[.r........VG....G....W(SY......:.u$.z,X.j... ..e......Q.AFs...(.h'........M_9WU.....5B<.....>....pE..7....Y.!,.2U...YKx.#&Y.<+.f.0~.R.E..J.Q..##..;IW\=..P...Vt.......hm....<..p.<...D.D..X..1..2.i04yzo%+CN._..MH..a.%....I.F......1...i...u.I.>+.G.n..<F,y.@6.iC..S..@>T3..Nv....;..^N\|}../ihys.?..2.\..KB.ln ...2.m/..R...Y.mp...m.7<\.ax....H..I0Y...

C:\Users\user\Contacts\iframe\rolloutfile.tv45.3.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	33413
Entropy (8bit):	7.994738128765888
Encrypted:	true
SSDEEP:	768:byWV4zwDjLTC/6c32Cew4cflNwBEm+AnBLB3TO3Kxj:YwD3TC/JGNw4MlNwDNBVC6h
MD5:	CEC8262AEAE454048A13FCEF64416666
SHA1:	48BF36FE244FC7300195796678D8D560032B718A
SHA-256:	BAD738A7A5E22A0B4DD9C6A440FF722D75B562F0D7E3052427EDE9F57BBC9EF6
SHA-512:	077E68C3C5EA91CAF3DA8EB91BF0A117CF83BB76CB57E4F54106D87A18D320478E4643CDC96C03CD9B94C6D10E7F79C87500DCBB0C639EF51959FFB38A7A2D0D
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7...7,X. 3g..XT..B...0.RQ\|!..<.s.y..o.).....}=jW.........0.....A..4.x..9E.]..../9...9..q..t....o....... ..H{.......y3...CA......9....FF...?...F.C..e.}..B?.;...P3.NY......o.F.M....$.bn.]R...6...A.l.$..n. ....!...is.6'. Y.m...G.rSB-t......<E..2S..;../.L..H.....'Bc}f.A.HIw..a...fc.c:.^K.c......t...`...q..p.D.Q...Kv4...4.9\..@......x.g4d...S1....6.6D...?.J.H.)...;.iQ... ..C.......\|5...oD.c._....b..'....z..2..\..cc.\|R.yCU#..N./.v..@.\'..H\f...eo.6.}..].......'Z....?"c..FH+.A.....#..X..u..,....Q..>gB{\. G...b.=.....Z\....i".>?.....X\..\|J79..,...6..I/..[..,..g.....".;...C.m.....(...U../...&?..2...!.......\t*...~...8e;;:A.....`z.%....8.Hk.>hl......-L....Lyi.p.j...q }z\..=.;..=r/.1....m.....Y..3.K.[..<.....].0..S/.d.t.WYn.,Y..%.M......cYpL.`.C.<&.,.....h..&.Yf8R^..?.h.z...)..h.5h.'..@...W2.n..a.....l.WIT.4.Z..sk..g.V.k.Axs....a..&...a.....b..'.o...6Fdw.;...!....^D..2P^...a].L..^..Q.

C:\Users\user\Contacts\iframe\rolloutfile.tv45.4.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	65702
Entropy (8bit):	7.997244020702617
Encrypted:	true
SSDEEP:	1536:QayRKcGIakNwN56RcUfoZHhn0t9fAIH8TBOg:oRKEak+N56RZoZNu7H81Og
MD5:	C6607EDBDDFB082E9BA6689D3AEA1E53
SHA1:	68FED24E716D40BBE87B8A0A34B19F6D8A78D151
SHA-256:	F082CAC36BBBA6DE1C63C117C7088EF6467471358ABCF0941686CDD7A87BFD3B
SHA-512:	6EEF8E376A5E21E4F0750D0849CA2C0AB76D77DCB69E21908F5B2A4BAB9911F4E2CC504C4CEE0DB2696F21B236712D3DF13DC74CD01522AE01C0677C497FD3A9
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7.9x.R8......N....@DiJ.MHYD.f9..:..y.r....a.Np.V..bQ#......."l.....4,P."pe...>...>..x+.....yC..)A./P..\|..E...V....(G.m\|...s.m.h/..q..yP..\...64.;..sZ-Y..4"..0+m..........4...oO.cb.....M..........,..Q...=8.E..pm.9.......6..s.].......BZ..{I<f)h.....\|.~..-.y!...Pn..%.R.......\|............kF..z....nZ\q.i{...$...jV.\y.Bw....,o!,..\.....8.....K+..O.^...Ia....dI.?rK.Dp8f.Qs..&...8...#=1.<.....0..(....Z.thXq\|....4Z3t.....kY...h..?..._.Uw./......3 .........}..H....U...%.Rs...p.:...8HK@...m...OgW#(.F..(L...dI.~0M.....(.q..J..8S.....)..t.6......>h.5.5 ...N-....3 .Ky}X..C-....]...+..Lyk....?....u.F;Y...D.....?.L_..qT....:y(r.].I.r\|...;._=."$.0.\|.....sS......N..../S.,...[..S...O...".B...,...jV..Z.T.n.F~b.R...=.x...\.Cf.e..``.:8..$...&.4.....C..l.R...X.lLF.`yZ..\\V._...\|5...V.....A..O....\|.;v..D47).%."Cdw..]...K#.+I.......;hEC......8..8.l.6.i.+.G.n;...Y.-aO5..N......S...Z...z.X..*.y.&$

C:\Users\user\Contacts\iframe\rolloutfile.tv46.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	87089
Entropy (8bit):	7.997443715084655
Encrypted:	true
SSDEEP:	1536:k8LUgVYfcS3/AvCcvyQ8FZPXYjkdzrMTfOEvXcc/KjRqVGeS5owgq1O:bxccSPmv/8FeodzAz+cCjRqfatgL
MD5:	9FB28A483FE0F6E313424ADC933F2018
SHA1:	D9A04488876058281DDB52E8CBCEE17E65FD38CD
SHA-256:	844CAE30A329226B37557F2A4F5E3EC39B9BA5668F0FD85535121D17EB05D051
SHA-512:	EF21FBAA9F5DA834F2A0996A2CDDE8E94CD061A25B11BA75A3FBD57A04BC01B6F315043058D4878FE0B7E751877D93A84441B7162ADA4B99AB93322FEE8B51DB
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...!........Ay.(P..k.........w.bE...?.L...W......z.fe......I2...d..y.n..N..F.T=...[....Bzm.8.cD.YV....Y.NR.....pS..=.G..7.Q.k.bHH.....~sv5gC.$..ns69+..i..........a.]..Z0..O...T...2.\.......Z....?.....E.0./..e+.?hDV..5H..`..B`Y.3T...........TS.dE+..1y..C.9.<...f..E.K:...R.a.....q.......ga..X....!"..BW.B../.2A.661....y..C.....r,.Y.V+..U}Z..j.2R......P....[`y.>s?.w.....N4..z.jDKc..#.X.q.(<;..h.p>#9.Y.V\|......X.m.:^..(.F.m.R.....{.K..........KY.c...e^..A]SN,1.S....ow......P.c..}...d.`59V.E\|.D.(....6.gmi..$..}..Bv!.d"Q.......m.HR$w!.....;...X{s.b!.;...VV......6.1...c...8...z..0.zke..K..2K.

C:\Users\user\Contacts\iframe\rolloutfile.tv46.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	19144
Entropy (8bit):	7.989739913507628
Encrypted:	false
SSDEEP:	384:1Fr1b+1SUYj7Jb4sSC/bydlgqaSMBYRy8dhzRuI27y8OYRMHfw:1/GSUYeH4qa7Yx27y8Yfw
MD5:	0CF5444E3F86C21B31BDE867F575EEAB
SHA1:	D81B7FB4178FDBD274DC36713A95B85F7B2CF260
SHA-256:	7C9437E6BCA2A03FB75E5EE49F4215BC96FC295FB0C2CA3311FB61559763B5EF
SHA-512:	D0F1DD79EF572E3BB3B01F454914957D7E2D80494FECC025286CE2A87AA8E370337D47EB8CDB85E7CDEA9D841C46BC4A9E1AC831B0DF1B32512B689EBC429F09
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...!........Ay.(P..k.........w.bE...?.L...W......z.fe......I2...d..y.n..N..F.T=...[....Bzm.8.cD.YV....Y.NR.....pS..=.G..7.Q.k.bHH.....~sv5gC.$..ns69+..i..........a.]..Z0..O...T...2.\.......Z....?.....E.0./..e+.?hDV..5H..`..B`Y.3T...........TS.dE+..1y..C.9.<...f..E.K:...R.a.....q.......ga..X....!"..BW.B../.2A.661....y..C.....r,.Y.V+..U}Z..j.2R......P....[`y.>s?.w.....N4..z.jDKc..#.X.q.(<;..h.p>#9.Y.V\|......X.m.:^..(.F.m.R.....{.K..........KY.c...e^..A]SN,1.S....ow......P.c..}...d.`59V.E\|.D.(....6.gmi..$..}..Bv!.d"Q.......m.HR$w!.....;...X{s.b!.;...VV......6.1...c...8...z..0.zke..K..2K.

C:\Users\user\Contacts\iframe\rolloutfile.tv47.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	89125
Entropy (8bit):	7.998059583264308
Encrypted:	true
SSDEEP:	1536:3VbDgMEb5eSQUmNQnPmYBbU5/VqU1H1X1/1wenEm0IHEbd3pzDqBOot/8MVnW0YZ:3V5IjQnNiPmYxm/L1Z1wenEEEbj0p58F
MD5:	80D5F631C0C99F56A4F95A4398D5753F
SHA1:	A05A2BACCB9C0C2C412D83246FE2E8BAB03AE801
SHA-256:	9C67AABD5894663D4A71D7605753681861C4807A113E554ED5EFE3A6637B57F2
SHA-512:	D1E07976B24BF196E90CCA67178734EB01C704F40562FF62B735C4CFDA2606CB106345041876C7625ADE4737123DDD966FE4C7122A1033B08FC856F299B2C787
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...!........Ay.(P..k.........w.bE...?.L...W......z.fe......I2...d..y.n..N..F.T=...[....Bzm.8.cD.YV....Y.NR.....pS..=.G..7.Q.k.bHH.....~sv5gC.$..ns69+..i..........a.]..Z0..O...T...2.\.......Z....?.....E.0./..e+.?hDV..5H..`..B`Y.3T...........TS.dE+..1y..C.9.<...f..E.K:...R.a.....q.......ga..X....!"..BW.B../.2A.661....y..C.....r,.Y.V+..U}Z..j.2R......P....[`y.>s?.w.....N4..z.jDKc..#.X.q.(<;..h.p>#9.Y.V\|......X.m.:^..(.F.m.R.....{.K..........KY.c...e^..A]SN,1.S....ow......P.c..}...d.`59V.E\|.D.(....6.gmi..$..}..Bv!.d"Q.......m.HR$w!.....;...X{s.b!.;...VV......6.1...c...8...z..0.zke..K..2K.

C:\Users\user\Contacts\iframe\rolloutfile.tv47.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	21103
Entropy (8bit):	7.99184395160347
Encrypted:	true
SSDEEP:	384:1FAWMNOXM3Le0eDPfrlvKhNHvbysE05FT2jBgf5HFzB5+gcJGaIlK2cN:1FMrLULlcHOiFTeKf4WM20
MD5:	7A962A158FAC54BEFD5EA4277A549457
SHA1:	414925688F195194FC8BF8363F75395EBFB6638E
SHA-256:	76EA5441F6A6D54B07B269CFEDB92802AE31C66ABDB1AF4FB9ADC822A5C56BB3
SHA-512:	626DB8B51CAF686AD08AE061E6AFD940A9B8304C5248E546D0425ED333673D1DA63897C75B68E06F015FC00DB0AD754364767FDF655EADA36C262D4DC0818E4C
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U......U._..(...&...l.F4.@..R ........~.....Q....P{.cM...K4..\|o.C....jQ..y.)..p.......J..a......j}.A$:......<.z&.?!u].h...E9.n....v.=.....X ..q.i.....#../"~...?5;....LK.(.&:b..n.<......ev.i.)>.4.....EU.^...%b .....aG..%..\|1ql..'O.M..:cs..w...P...tgkF....3.Dp@..z6$.9r..M:.";?..'>QQ.s.. ........C.)+<...!"/.._....}w.q.O..E.+....u.8r.wE.I.9.?.b.....e.a.....DHR..z..+y..-7O.5'...6...c...=v......X..C....m...........V....m..l..VZ"...8.Z...=.Q{z.v.i ....;&.Q....0x....7K.{Y.....M.M'r...,.....,....:3_.].qx..^.bm.[.a8.......7;.Y2..Y....lx.............\....=.1..u.Y.H.....m..."..aZg.Z.n..t.\|l..O .

C:\Users\user\Contacts\iframe\rolloutfile.tv48.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	88703
Entropy (8bit):	7.997973191364328
Encrypted:	true
SSDEEP:	1536:X2F5d7zxnNLy771lej3gojuTSHXs0UlkBUkPk6pmP09dUJThvHSxsSM2el5uy5e2:GF/u1+3godXs0HMh09oYtOlCpc
MD5:	09A2E721F5EA3CBFCFF22795F16F2993
SHA1:	7355CEE712AAC2950EE8C053102397850D45D344
SHA-256:	5C3DE99CE2F7268683E4F0EEFB09D99A9AAE5706E9256423B699CDCE09E61AD1
SHA-512:	1813CDC3DFA2D3C9927F54A627269BC1917C043D3375D5FFFA4D3BF0885B25EE3273E0EF44B4EEB4437D59FA668EBFB6DF774E877F2B6ABB8EF0AE31F3FD48C8
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U....)....W..\|]AzS3.7.).F.D........-.Z./&.}..+.E...."..'.I....6.......e?.M."i.`......N..>....&...?.n3.3.....a.7{.t...C... 2.R.j...c[].6.L^s.b.7..8Uy}...g.....wr.njA.....l...Z....A.FS...._......A..}I.i/.{i.4...z....^........<.{.<c.......ee..9. .C...Q...o.kN.."!.. .......[5..-I..%3......m..H....,..Q..A.;.....4G...`...$....r..4.K...#A.S.$..ca.....L.........;AU....P...9.....M.e....C...C.QE......jX.s...q*g....._...B......g....^.K@......R.o.......u,....UP.z.L.\|>..{.b<.......-....+.{.S..].`...Ux..x..........[.}l\Z&.a.CH.>...Q..-(.1...X.....c..6`.j..0fX..y....J...0a.s.W..v@...J.....Hj... x.5.v.

C:\Users\user\Contacts\iframe\rolloutfile.tv48.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	48402
Entropy (8bit):	7.996540920540757
Encrypted:	true
SSDEEP:	768:1E2I87KDVm7NIsqZONbp3jB0N4hu5/kXB2JuD5a3nPd6P94CTpb9Z0ITGcfRhl:mvqHqZoBjB0NBhAguDY3VS5Tpb91vZ
MD5:	A7D2B8EE72372223E3999DA4CB9CDE32
SHA1:	D52DD07B4A6172DC7F9F7DA46202431741D7C18F
SHA-256:	E79DE67FF0BF12E2D0AD1282A083FCB1A1DC2C71B8BE6773A70FA24F2BA79813
SHA-512:	163DF98E196B5565E5A1E7DB3EE40CB94BFFCF6110D17DE97E3B1CE4D818C99545FAD906E44EDFFCD6C7327E10952F01DF75EC90BE1971E9AD228077858AB5C7
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U....^..z.{...ia.!}.#.cJ......H...~$.H.&-.....J....O...e.O..........3.{.. sVM..../a..8..._..'A2..B.a8.d..y......j\|vG.fl..._.>'....K.M....S...q/(..?.n,.9.u..3..F.W..........5..\|@]<...:..Le4\..G..E.;..^.\"E..6.5.!.?.;.3...E..7..`.......M....<.r9...g.~j.p0.S.o.M.....D. _S!.!.B..k`.t...N.n.~P.d.R...J.../.c.e..0..ir.....hI.tzS..v.F..R.. :......%."!.n-....[\.i..{..\|.8..6.KSN...3..&.0t.#.5..erHsD...E....B..}.~........+7t.....T#`dF...e.&.r......Au..-y..i$).7.".!..>bl.v....~.zM.$.k.Q\..X..&94.c......2.=.:.82...?GH\|.Eb.....&Z.BZ].&V.d..o$z....r9N!{.G..h..UTy./YHT.<..>S}f...hz..so..U....^.

C:\Users\user\Contacts\iframe\rolloutfile.tv48.3.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	85952
Entropy (8bit):	7.997723746290305
Encrypted:	true
SSDEEP:	1536:C+uxy76lXk9ZBFLYZmJuPx8u6nkVj20LobXHK0xwrhXC89cQ5iIxloOXZMnwN6:C+mg6leZBJuPyu6nkVjzobaZSQFoOXZc
MD5:	1AB21C5CE52A3B96BDD9CEAD9FDF91F2
SHA1:	C9DFD5ED7BE1A3FBEC25E571A2DDA485661DC50C
SHA-256:	7A41283A414F42D601DBCC159237BAB46053F34E54617E5B5C46F71DEC29D35E
SHA-512:	A8E2EB103DCA9B0BFD293C84D7E8B13C610BD28ABE697327AF4C6FF1FE5D5B693DED1D2D5AC8F853F96A527903E9D77B021C0844418044125A06EF2CDBDD32A7
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...{w...<0.......N.r4..T..yZ..U..G.....r`?.}..A....'as..a....D..-W...!.A..P=..M.L........TY........[,..u...z`....4.T....2...j....aj.yy>....B...a.l.'..r#J..q.7&...9;!....V..>u...nA.-..:...69.=+U........i....h...K..s#..k@..VL.U....,.n.6S..}......`...e.}....G...?..%.w.M..9:..... ....-.^'+.t...........4/...<.....0G!..X.b._5.....Y3...NHf..d.G..M..7.b....8T.prgS...DK.erP..A...e.....d..I.V&rz9.}.'......W8Ij.-....l9.....#G.t(..&,....ytNoz...]2..k64+Z..M.........mOPX.;]...h.N.C&Q.V.....X.#.O.B\$..q....Cq.MgE..2.j9u.......r..r...U.k....1..8.b0.jW]!.UHN.....8.7..m.Pg~e..e..+X...{..1>~...FJV

C:\Users\user\Contacts\iframe\rolloutfile.tv48.4.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	66675
Entropy (8bit):	7.997200345251726
Encrypted:	true
SSDEEP:	1536:Zb5PfGKN+w1JgYWhXqYnMYsrhkLaLZjtGbEBd0sea5otHQqGrXi:ZNfGK7gFN2rhkLejqEB+ae6Xi
MD5:	BFF1266CB467298E1BF77139D09345E1
SHA1:	1FDD52F261E8A9B5FD57AF4EE2B8B7BB4EC99B7E
SHA-256:	A35D6A6DF0B4A1D66438B48317D31DF0926500CF03A439413B76C691559DD232
SHA-512:	ABD217D6A0FD94F20209CEDD9A0AF561CAD71DDEBC3B2D7BBB82BF0F9799D143489C9D312565871F29BD7DF54983F52A17F3F27562EAE7AAC8CCD487796C9D91
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U.....5.[.....Pf..V.z......L.#.z.`-I..!.N..u....pM.&..sDYX)U{ t.v_U.ML.w..eg.a.1......R.q...."..K.m..z...{.....`......uG...:...[.....`#....&p...2...x._-....!C...o..o.\..l ...Q.H..h9%.a..'.8.........S4=..Y..d...b...._.. .'..7.5...`@..0..@......cP.0E.....9....g...7\|n.%!a.&.Y`b.8.....A .....L...r...Q...R~..zZ[.3.....H@.c........K..<\|^...Q.0/[..@.<[..#....`?'gn.x..".....7.Z9z9..z.Q.o.....0..:7.O@.......2.gcb.Z0@.&.&..fH?.~...5.`a...s.B...J"B......q.t...!.#......".G......t.`..t..u...3.i.,..#Dz4...\|\|t...".Ll..Z..*..b.f.....`.c..H.K........'..B.k7..sd-O..j-..)Oe#.80#....;.Q..Cb'..r.Y..Smb..{

C:\Users\user\Contacts\iframe\rolloutfile.tv48.5.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	92378
Entropy (8bit):	7.99814110360773
Encrypted:	true
SSDEEP:	1536:tgnDfdhbCSGXIyETXN5YYY0JLgpaXw6Ued5488BBccIHkBrjAzcvO+z2onUmGa:tWXbCSGXtE9gpaXf4nB+HIrjAzcm+5UY
MD5:	2A8322657D20CCC866150BEBC9630AEB
SHA1:	083C0665D5F92BA9B9C0FA8ABD886FFDE99EA508
SHA-256:	BEF7BC80ADA71D2AD28950C5B2B291513E913B2A65A802CA0384E40759942274
SHA-512:	62B6E106F9E9C55FEB2A706C307005AD13B3C2D15A388088BECC34AEC3EF82D9F9E17E6AF75B5EBBCD3DAFF6EC22EAAAC240CE995B07495F251AFDEC13073A69
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...!........Ay.(P..k.........w.bE...?.L...W......z.fe......I2...d..y.n..N..F.T=...[....Bzm.8.cD.YV....Y.NR.....pS..=.G..7.Q.k.bHH.....~sv5gC.$..ns69+..i..........a.]..Z0..O...T...2.\.......Z....?.....E.0./..e+.?hDV..5H..`..B`Y.3T...........TS.dE+..1y..C.9.<...f..E.K:...R.a.....q.......ga..X....!"..BW.B../.2A.661....y..C.....r,.Y.V+..U}Z..j.2R......P....[`y.>s?.w.....N4..z.jDKc..#.X.q.(<;..h.p>#9.Y.V\|......X.m.:^..(.F.m.R.....{.K..........KY.c...e^..A]SN,1.S....ow......P.c..}...d.`59V.E\|.D.(....6.gmi..$..}..Bv!.d"Q.......m.HR$w!.....;...X{s.b!.;...VV......6.1...c...8...z..0.zke..K..2K.

C:\Users\user\Contacts\iframe\rolloutfile.tv48.6.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	38466
Entropy (8bit):	7.995165443733207
Encrypted:	true
SSDEEP:	768:1/7cEIBwv+fMziSAhjeNhW5iJgAGXykYEZAA0vea6rosyz3sL36/:udfWA0Nhe4NA0veaBz8ru
MD5:	35EF6B79DA388875331B47C2EBC2F47E
SHA1:	C2600F156D2D9CB3A8B951A3C25D5C18BEE3B8B1
SHA-256:	3CBE601BE6588C29EC451529BA99FA9288EA2B9F06FAC2D9EA9FD2ABA17F8D2C
SHA-512:	86E6C72C1B197F91ADE214A0513936C1A46FB8FA26EDB03E2DA8967902EC76401BB613B3D2D987F77CF0692087AFCB01465BE5C1ACF67716757D69F4842A0DF2
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...!........Ay.(P..k.........w.bE...?.L...W......z.fe......I2...d..y.n..N..F.T=...[....Bzm.8.cD.YV....Y.NR.....pS..=.G..7.Q.k.bHH.....~sv5gC.$..ns69+..i..........a.]..Z0..O...T...2.\.......Z....?.....E.0./..e+.?hDV..5H..`..B`Y.3T...........TS.dE+..1y..C.9.<...f..E.K:...R.a.....q.......ga..X....!"..BW.B../.2A.661....y..C.....r,.Y.V+..U}Z..j.2R......P....[`y.>s?.w.....N4..z.jDKc..#.X.q.(<;..h.p>#9.Y.V\|......X.m.:^..(.F.m.R.....{.K..........KY.c...e^..A]SN,1.S....ow......P.c..}...d.`59V.E\|.D.(....6.gmi..$..}..Bv!.d"Q.......m.HR$w!.....;...X{s.b!.;...VV......6.1...c...8....y/}.7.o........

C:\Users\user\Contacts\iframe\rolloutfile.tv48.7.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	89262
Entropy (8bit):	7.99808539753097
Encrypted:	true
SSDEEP:	1536:SBDbRlbqNtRyZzp9wPK2yZEpbykFf1hyM272MsOvupyNi4DsuuYh9sG:QX2dCx2yZYbXFf1w1vfBDwe+G
MD5:	AB299939F803241F523C0CB4D6B4D0C4
SHA1:	1D76A8DE56E56BADD3488B9DE1C6FCB58FC65074
SHA-256:	A5433FC2217D43866965AC1DD3400E09C43E69CA465DF4CE11AF778E77DA24E0
SHA-512:	1338BE1CCC39312928A8048F3D813A90F521E10FE01DE2141F80894F4413E2A026C8981F5A896132D6A6592313C3166C5E4628D3681258AAE3499B5E2344C9B0
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U.......j..:...].._.~h...H[2.W..H.(....<.Xo2.........!.=.7`..r..}..Z..y..T...N.[0...{kT.k....U@.\|.....<...U..[.2..iD..l#..X..Q..I.".Q..0fP...opoC..._nag..G...H.H...J.<..j..5.$,...U..IO..a...........q..m.....y=.oq...]e.{.t.......P...8q..yT{......@L....sq.$`..c3~.\....^.?r....W.+.A.;.Tu.`s..w&@e.i=.}.......C1b.....[w.s..X..7...0$b.....B.]...&N.../.t'l\yC.*k_.V.....\|..u.......T.R9.dUk..3j..I.6.L.c...I..r.x...+.>.!..-j....;.}...Cov..[mi&....R.vy7........k.fG)lJ...:..../ni.{....L1.M.."z.G.."f...40...`...w.ge.^..7..k...Q_..k.7..<K...P...gK....&p.9.u..z./...l.......^Q...q.n..A.F.......`.j......B.mr..;

C:\Users\user\Contacts\iframe\rolloutfile.tv48.8.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	33470
Entropy (8bit):	7.993865224775696
Encrypted:	true
SSDEEP:	768:1xo/WOGzsaLDQvG62vPagGSteIjjdGq1tYY2LsLpEZ+i:eWOGzsaLDQO6WFtjMsRu
MD5:	A95E284BBDCDCC82138270A29DE31376
SHA1:	FB4EB3AF050A86CF27A27B092EA086BB52F5BE07
SHA-256:	F9A5A71B000D9057942813FC2A61D8D5CD2415F5B60E75A1928D4D38EFEDE15F
SHA-512:	4AC1E3354F5FC2596D39B9E1887F06193795214D569A178AE3B3E35CEB706D2BCC10615FC92F7629DE0763F9B6C79B2479444C37388504CBFF37882421699AE5
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U.....'p..~AS.tR.W..o..?ug.....7....p.@..:D....k\$,l2^..I.{.;<.q"[Y..v..r?f.....:#....F.0...;..\|...U..&.t.>.........q.......4.)M..R.la.=....U\.uR&..K...L.D9_....D..?.].h{}.<.......z...&C.]y.;F./.N..T..bq..,..r.".#x6".......&...!..9Rd.k.i.W........D=..d........$....k(...%@..Y.(......tY..;.?>.cq....]6N......d...HJ..GS.x..T.......(.Z.DY!....C..C.pb..Q{..HE ......."..p.h...k....fTas.C..5k.3i4NC... .e:...j"Y7.x.k...4......as08.J...n....\H.....W.j;7-v..D....1o.E..../+..TQI..K.'..694....ze..'.gR....I.q\|..j.1....:y...u.....&M..s.j..{.>....,.5.-.r.f>L.^OZ..g......P..+...q...n.3:;I>fs.Y..>.b..1.

C:\Users\user\Contacts\iframe\rolloutfile.tv5.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	90055
Entropy (8bit):	7.99800317558275
Encrypted:	true
SSDEEP:	1536:BW6/qkkUUtEvO438Xq3tgPDnDfNScYDrcjO5H/kNMPE7AEbFAtqWuV7y33:oykUUtEvMqCnfUcYDrf/Qv/8qWEq
MD5:	44ECC1328F59A8E238B7CC0875D8676B
SHA1:	B8E208314A05A58B4C634B65786EAB5396E0A163
SHA-256:	ADA56B7CA45E461C08E8B3DAF1D3B0139ABC31B05DAAC06655FA8A4064D8667C
SHA-512:	E45EF02ECE30F63442A37D8E118C8EA2173B007526F1A8A59EBEFBA73098DA0EB2E3672478FCA75B929EB1D93E91932E5BF9E5275E5F656CD1CCF1BB9B8DEE15
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv5.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	22440
Entropy (8bit):	7.991781976298273
Encrypted:	true
SSDEEP:	384:BW6NhjvQ1XoKt/0bGVsZ7aq5u2DGqEb/LBphHZn4pQgYuxAgdzBnw:BW6NhrQ1Xoq1sgxLqEbLBD3gz1dq
MD5:	B0972A8D56CC2BC157A681D59FB35966
SHA1:	A0D9AC2EABBC73D8F157C7E1468DFF204AED7F02
SHA-256:	B04C2BB17C93C9D202514E8E83FB557F7CDA9197D916A9E786EF3C0D517DC412
SHA-512:	9A1E42597A89728B842CEC70CAF81194BC4CCA368A97BA22EAA31F6AD4DE9EC24911839050D1369D5A270F45355CD4AFEDE8430C0FE74E486759524779052A04
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv50.2.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	67220
Entropy (8bit):	7.997347335105439
Encrypted:	true
SSDEEP:	768:/GvmDkgV28aGVFzQj5Cv9+AK56fF6rXil2n7twgeKw34bC3JfbuUv+nunPqEBXW1:bDJ2ifN1Wi2+bIbIJfbkAiCWoW+Vo
MD5:	96A7F4A0127F63C3C0E92CAE004872BB
SHA1:	2A29D093D630A89197C970238343FE059A21DA0E
SHA-256:	D4F25D5560A87CFA41C7024CA9D83837C96849DC5358DDF32506AA83BD8DBADB
SHA-512:	04705D238E5A40598690690DD0A3AC116A9202E9681BC06A15F0DD4E78F992C5B51DC429C9DC41845F5F0060213CB4742132C0E2F11A0CDE50FCD9C49C394B63
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;..{.E]e.?...O....S.E]L#..\.=..!....v.y=.G;`..{.._.`.VE.Sa..[.....5...2/D/..l.`...S.a^t.....M.VsZ._.\h.k8.s.....8..[..i..Y~..a....aKp.;...%5.{...,.y...tE.b.....EvmX\|%[.4..t.D... H..^xq...>.....\".wY..Pj.q..p.ckub.:.L2.(2.?....u.}`[...q-...?.B........V...@qv.....x...F..~.....U.?.....@[K......'.q.....[C3.f.Fe...s...F....H.G".....W.g....=\.f.b.I....tv.,......GfB.....,.`9.Y.W^...@:M$..X..t.....p")...6"5.....f.<z..G..B;.ip4........a .y..,My.j..}. ....%1.zy.o..DW.J.......{.\..=.....^...5y...a./+?..-.p...p.'V..w\4_....^....~g......._.].J..{TK...4(...:c...f6.V.m.@=.."..c.>.%.;...Ci.o.-.;..!..d....p..h!..U.?...\.n....[..){.,.QF...I<O....b..Ns.UJ...\...... C.r^..o....)..m......VSM..`..%...!...W.pt....tW.....x.9..v..M.Z.w...#X....4...0..?.&...;......5G......w.&.F....j%h...TSm.izw....2~~..r...%.?.~QTs.f...e~..JBc.............r....$...>m....a.$...AU.x.%..9.zf)(.5...^.wz...c........s.Sd.h....>s..T.[0.B.$.U.E.....vhQ....2

C:\Users\user\Contacts\iframe\rolloutfile.tv50.3.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	69227
Entropy (8bit):	7.9974693696866845
Encrypted:	true
SSDEEP:	1536:1hEm+ibgL9TUn0MBKAHof45Vcb20WOCCq9lTd+TXCX8:fP+ibgL9TQzBKAV5ybLWN9lTdee8
MD5:	1D2122AF5F67CBCAFBF8F79802E35D71
SHA1:	319750A85F6D0B2ECF72D811371558ABEA9966DA
SHA-256:	0315F9DE29ED2B40C9018E9444C6F3673DA980E5830A6D0198DCE76C1EC6B097
SHA-512:	A2072DE9C52FAF84F5A52DB3BA5E810B4A76D8A07AD07ABB7442B2881D9929A70FA2DD4AEEA04B765965A38BB6BDFE0499749AF1FB20DBB6CE9C0C733C871018
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;..{.E]e.dPD..='........5~(.. i.Ef..s.x...3Cb.<<.fkPn6.s.h..P.".Cr..X..\ ............'f..5/..8..g?..._.ALj.#..\..oT..6/X...2.o..u..R.w.f..L.j.f.O............F....<....D.#.....4)../......C..\|z..m.,/...........7[..G.E~.j.....v.......r"..yG...`..@.......{~. e_.9...(..AD.^4.....e_....8...}..`-..t.....<%W.=.U.@......g./..3....O.F.q3ac....0.47....'.n..u...>1...\|\|'../...3./....MyV..#.W..Y...t.0....lx...w.!.t.;+-`..v...9.)..z.Y.Gh$ Y.qi...&..&.x.xr.?Q.......6..S..h.i..H...[5w....V.n\WZQ.D..o]"..k._..v....W.....O......W.iy+y..2...4.....\cCp....y...K.ht^g...Y{....T.BE.M....UwT.t`.$\|5..9%..+.~.w.P../Bw.....+3..4..[..J...c...."..k..D.............q]/M......OLog...a..Z:...B.,'..j.B..;...}O..u..G.y..~..q#./..G.I.r..i.;..w......!.....e.e.{....[...\..... ..V...I....R...i....W....F..kp...7_.(q..V.p..NO..6q..{gm.....q.%<.....3Q.,x..:.*...G.(..J[.\..(...L........o.<.u.]...6...D...7..=.7Z&...7I9.yb....l....U.]...

C:\Users\user\Contacts\iframe\rolloutfile.tv6.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	99229
Entropy (8bit):	7.998172009274098
Encrypted:	true
SSDEEP:	3072:oB70QLzwr4HrXnZZkbBYb3MBPBaqALCGUtJJ:i7PLzweXnZCm3MFwqMWJ
MD5:	C02DCB97546872D163EFF9D291CDBFD3
SHA1:	0BDA89EA75167768D9A08A1FA6ED6E1CC686EFEB
SHA-256:	03D9526D1AEF606B1FA43C127E7B1141AA568FADE454C1C0060BB9C732E0B626
SHA-512:	66E748A8560A8A2AFEFFB5A176E463B6B0A3E45152E97ED6B2C3E72C616AEC3746D7B5AEB8F87EA97E657C47914680171D7F12FC2221D6D2173533EEB2B45AA3
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv6.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	31788
Entropy (8bit):	7.994731967225481
Encrypted:	true
SSDEEP:	768:BW6N6D8t1j8MyZVPL7+dbD1VZMufi2LGxwxt7tno4moX:BW64YtBy21UQisGxwxtRGS
MD5:	7ACBE69D3B767E94BD59B48104364992
SHA1:	647C91290222513C2AB94FFB8A36F70FEFF265B6
SHA-256:	593CD5BA79A489C4388809E17EBCB32AF9B10EBC33C895955E13A06CE8F48C43
SHA-512:	EE5D2EF06A22F741167A5BEB219678BE65B9BFF4F258F0BDEC587DD9A1ACEDED199485B4664C9B870775B105AAB08916DD8FB36912C978030E55EE5A66B38648
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv7.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	97511
Entropy (8bit):	7.998029934840964
Encrypted:	true
SSDEEP:	1536:BW6YRAslfDTP4mykxKthRKjv4UCAnhfIMHsIeIVmwRXuZBDej5l7ahUn70N2x9Ro:oesl77DAhBzmRIGsWR8FejX4i9ib
MD5:	53BFA45DC4DF8F99473480A954EF3981
SHA1:	53A74C7CF7AD41FABB4609C7EEB5BC3428B55B1F
SHA-256:	A0F2039554A03DB416709C08D36012CBF5A8EA313C258A58B7EF43DC947A1AAA
SHA-512:	86E390863EF48232BE511B1035A0B58888EE25FF708C659DB94562DEF0EF6B4A1907EDB00287612DF4F91A13647D9471FC0ACF092E225A009EB9ABC38D4B0A44
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv7.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	30258
Entropy (8bit):	7.994163063127342
Encrypted:	true
SSDEEP:	768:BW6NiqLRJ1pIsEine4QTOvc8k2VIx3b+mUZhFs/eZ:BW6gqHjEjavc/ZsFh
MD5:	F2320A86A314A2B869E484BE85AA6DA2
SHA1:	E4DD98178CC70A9C3861BE10539DD9EE44797F0E
SHA-256:	C0908DBA50A0B348646C7D12E7C2E247EFB76807C7DDB8911E9D4A354ECFD320
SHA-512:	D9C5D20CFC30A1C476B7C75549CE328A8E0DB273BE7D95AAA3682EE9B2B9D5F99FFF38D0B1DEA610B39B22B4B6AD76ADE47E164536D13BB12DAF6D0316BB8C57
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv7.2.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	43405
Entropy (8bit):	7.995486194210034
Encrypted:	true
SSDEEP:	768:BW6N6duWjixltgJ/YtP0CFdNOek7IsT/KsQc7T5sFYBGdqxWMl6NPjAu:BW6UdAxltw0TNOt1T5kNdQWMENPj5
MD5:	038BD3AFC1C645309EA2AC8241FAEA4E
SHA1:	5994BCD83A0FFC73AC95C04E72A760E0CDE69AAA
SHA-256:	62EA1884D2CA67157D5B5706EA9ECB04CEAC87EE43C6F776849075D6EF77558C
SHA-512:	4EE4834975DCB18F0752FF82FE22E0E72BB658FA210088F8D29C7AE6BB0DDFC4D3CE624CD4CAE777429B32CA63997EFBAED87457A599D315C2314B6360E3C2B4
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv7.3.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	59084
Entropy (8bit):	7.997061813185959
Encrypted:	true
SSDEEP:	1536:BW6sdKNDauCui6bsn6ueXzMDGMw5AuOGt1K2qyuqdMUgOlKSo:oFdA+uzbTWwoGt1Hv3o
MD5:	EA95C5772F569691D94170C70962F47F
SHA1:	BC6FE7868B681FF643C78F7B02B2C79A7FF6D53E
SHA-256:	2F47E1C26AD874F6D7DB789195A379A6C48F0FD6C29CFE074A1B5EC5ECE975D5
SHA-512:	6475BDA81B9E27E6873794DDDF6118E36F7B7F5E47CECD682C078746B9ADDA5BDDBE8CAC63E794A0E63B3F1E53D946B70B0128795AD1B134D26D2246F19BCC41
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv7.4.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	81522
Entropy (8bit):	7.997658728209986
Encrypted:	true
SSDEEP:	1536:b3X4cXIoB/iOrydkB5xlW5mYiUBse73BnDPO/tGVI0zfJrNcO:zX4cJ7ydkB5mS8sm3BDG/0I0xcO
MD5:	C73202DDFB9FFDD67A33F1DACAB45698
SHA1:	64A4CF5CF5F44FEDA94DC39598D72A87E822AA90
SHA-256:	4605673AD3A8E30731A88C0AC09350B4691D6FFA035F7780213AA43A52625B1D
SHA-512:	A2FBAB8F0EF496286D83C915427021D393E5709C00244B051AD9785B028919FE8EC5A96E40597A94C95A79658F90229E59379FCDF4255AAE8C22706033D0BD2E
Malicious:	false
Preview:	.#D...e..,....<....`......./\.r49FHl#.:...\.2,....W_.{.Z..E.#.L..B[.z....S.N.....Z.On..eT-.m..t.%..K....Gc.y...r....FnD..a.....r.`.@.I...e91Y.bh.......F...~#..........Y.>.]X.O....d.d........3.FN.O.9a....[39.xdw..........C...h~..\|..Q...i.[...w.8.w.xz.....H....v.......e.OO.3..ul...y..3...`.C.,.1.P%.cw@...v..\ .......O&.M.....+..NI.0......5...y}..V...b..(_.l.).q{.in...dRL...mm...?[..Qjx."f"..]>..P.b..zl$?.f'h#z1...?..c.\|.0....... .>?.j..`<.o.S...+.\...U.l:._U.-.."c.#..g[.W.V)?<......&....kzR.2.....N....;-K...<aS.....1.Y....w..7k/y.MS.S..\|....W.9...q.U..d.0T.......;.l.......%..... %.T...l<...7.i(2]?......Y.....Ni...j..R...@....3....z...%..[.,..f..9].....B..'..jGN../.3....tF2.....4...I....C:Q6.....B.1Y..K..P@..J....:!....H......Z<..iC....l.p....\25].Se.A..#.D......i..........G[......)..I ..#[....Ln.O.W.']9..ht.p-...O.F.BAcK..Z......^.....K..`..-..1,.....j...e.v.>.l.{D.1"&..RV...0....M.X..0...~./...]..J.w...;.d....".....d6E..s.R<f.

C:\Users\user\Contacts\iframe\rolloutfile.tv70.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	54271
Entropy (8bit):	7.996154467203659
Encrypted:	true
SSDEEP:	1536:Fx0Avzenzqjc78VS55Sd5qd8S+OGQW6ilB:7FLezqjcAGoFL9
MD5:	4FC8540FBF4E3AFA2840D25A9DF316B8
SHA1:	7ADBF3A7037653B3637F71D5A69F70FA70472F75
SHA-256:	CADFBABCC733FADE8DE7BDC91873D8239FC277DA329E367347F6698DB7E7084D
SHA-512:	A2273FF865274AF535E6688DA69DB520E85EC60BD02036E8C1E278F33F85F093764B20A41C478B4E794A5D958155420B8D8DB55A80D0D9E754EA1835BB16AF09
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7./..@.c]w..`.(-../.......L..hY..e....L...9..z...S...=..3..(.>..?..l...#.I.C.Y.D.C^.F>.z.......K..>1.I..@....4.q..+.e..jb.^@V...a.&...;.Q.c.B.Vb..Y%Y...>..fRR.....1.JFq.j{....9.:x..E...Wi.xYa.>.Y9........i. ?.......5..$.G.V{LG@..!...od.^..9.Y..'<...`}..[az..R...ZP.(.+.N....!.E..].r..N...x.......h....(.......]..fV.{...X.6.z....o..F(.y.....5On1Y.......uh..Jp.7P.L......Bc..c.xZ..V.g.L.....6..S].0...S.K7...U..iT...@$./F.@..wSg....O.....F.......&...=.s......Y.._.T.#@}..z.v...........JR..\|*/...L....[e.m.J.{c.O..=j........S....=..b.m....`....E...i.......\...$a...;.t...y..o. _?.-...2U@..Fh.t.[q.L..H..}..N.iMyN.;.o.....^..X3k.....Q.!..,.%..N...<.v....s.z..%..U.\|#P..dDUj.C.X.Lnp\pc..%:...U.m......\.]w.5.)x....[.C...Ab..!..3.ef..;..zu...CT......."L ..z...N..$....W\|c..yDAiD\|JX...Bp_.5\..9'4.t.....$...K}...0!w'...I.s.A..0H\..P....yJ.. .......I...."@.\|8R.w.@\/.........Q.O"3...J.....B..E1...A.......(.

C:\Users\user\Contacts\iframe\rolloutfile.tv70.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	54267
Entropy (8bit):	7.996157207621053
Encrypted:	true
SSDEEP:	768:bIf4jUAYMjFYChfd7ERG6ZFKdq/ZCX3O043AQHECC7hqTK1NPFeWiL5x2hFAKie:tFjKCxeRG6bD43OTAQHilLg350hFANe
MD5:	977B7241DC4505AA0224E7E23DB7AD0F
SHA1:	71AAF95C01074C05FF28AD55E6DEC9AEFAC927AD
SHA-256:	B3CBDF11FFB6631B9802E22F4B2E17561CD791AC09051F46638461928A3F79FF
SHA-512:	1A9057C0EC791B51AD8DF6CC73E4EAE892EC80FAE05CA8B96D8C0CCA36DAD56BA4107CAA8FF68AFB63055FA92CB22F893C1830C3CBCB093EC1D041A7FA86398B
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7.bZ8.7..9..L......{t./Ho....S.I....h.?..>W..rO..vh....>l.K.Y&.\....r.V.b.&..2..r.N7r..1'..3..@U..&gV(.+.N@.{ ..u.ZN.t.`.$........).+.Y.~."..8T^I......%.^g.V....[q..i.AJn.=...B4N......?k..#....%..7~5t}.E...iq...W.~d...^..pQ.s.g.n...$!A..B.celm...q<$.m.[.bi..IB]T5(..<..r...}_.?.K.......,;.a...LK.......f..tZ.^.h`..v.....H...K....<.'e\|.et....<.?.3...t.K...<.Q..n..o......+YG.d..O....nC.k.P.ri..`....._.B...N..[....e.{_.{.2idV ...J...=9%..........z..Z.'.....7......=....r6..s.Vg:..df.a.t...G..P}D....{.F.....].........q.E.e.o..mu..Q......s.a........~...e.(...D.n.!4....hvW.F"f#]v.....>L.,o~.=P@..O....Q.......9l...Q.........."#.......g`......{U.z..n..h..M}..(.c..z..$.>. w.d..=...fC.$...x..5.....DL...d.....+....^!N..F#)....z`.i.#.?#...Xl..N..+[.......&..&P.....{&.x....=..3/..C5.Y..".T.W....6...cP..S.bPy,S..7.....cr...<...)....I..+O..*....$..w.H/....<?+.....p.._.2..E..R.F.x0./.}.9.&B...

C:\Users\user\Contacts\iframe\rolloutfile.tv70.2.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	54542
Entropy (8bit):	7.996777934930877
Encrypted:	true
SSDEEP:	768:bqj2+l75MvHJIFoJfR308eSm8af8/+IN7CH/XhihgG9arO4ahEsYfbChfa0j4kw:5+fMhrfB0pvjf8mIpKhid3NhEsY9yw
MD5:	C4BA70A7D3EA200058CEA9425C8F9FD6
SHA1:	802FE4B912389CBBF8B5A3A94237F8C3FEC6B2B2
SHA-256:	FD0D33BBDF0AC8BB55233DC33EB2B080EAFD8086DCD50EE474097182B4979C4E
SHA-512:	390F4A09D4E0D2861A682A75B8CA7327FA31B362633D0474F5D7C25218337E4580CF5F0B882C9BBF5EAE58E10E1D8EAFD0537BB18DB1B48A6D89B7935381A270
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7c....,2<...#.n..e7....a.z&.KQ.U.\.w#.......~.G`$.0;.....!r.........7.F]...2.N..%"._o.Z.Zf44....9......0M8O~.D.'....E.?YE_#80sX.hL...6..$.........+.....l=.......u...6..1......r.zY.Z...d....k..2.k.........q.......j.L.l..{P....M.9.E.........^N......E..2...hu.C.Ub...D..}...?.~.<.t.{.......y....:....6t wP,H.8.u.e...U..{..f..z..`..=..oR`)cU.wl......o....)?..-..a.b.j.k4%q...B+......pf.l._.r:...s8..<.]`......*.B..f...>.2..Bp.:.p.....$.....D.."..%.i:....@.[..q..#.....-;...z$.f.R..3....(..+..M=D.p.#...v.}\..y.2..8.v..o.3+].....x......5ql]TCI.X..........?...k...V.....{.p......Z.dl3....XHF...d/_..4..bG.wQ.}..........&K. .^SR.]$2.V.B.........h....eF3...[g..L...B...]..XS..S"N{;)..X...d.8.3.'...H.K..n.R>y...w.B.]J.&.e8.jy..2.......q2u.N3^..h..{...wp.kdN.D....-.Pc..........K.v.6.6..6....Y9......J{.@......`...F...+;{.... E^c....AL.bu$..m`.ikf.9..S\|.{.gYv...gi..E....VLD.l=...?....B..:...

C:\Users\user\Contacts\iframe\rolloutfile.tv70.3.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	48465
Entropy (8bit):	7.996023522099269
Encrypted:	true
SSDEEP:	768:126RcSQdZF2Bin2D72NR5UmDyVepDiGfmVObjDSlhv5QSu0abU0LBmGg5m6q8iTd:I4QIBVf+UmvpuKmVOXDGFm/wcQ15eTXN
MD5:	52F6652D8FC5AFA4E44E4DED5C684BD5
SHA1:	CB0E7C4325C3480A1B2E6EA03714E9ED69AC5276
SHA-256:	857FAAAF078DDDE7200CCBC35CED29C032A9EA9B4651875044A3B96FAD8CC757
SHA-512:	C8201372D6CB128D77384CDB612ED9BEE92209FCCF857F2151B50781B5FFBC414148BB2D954255651A7CBCE8F5BC5EFDD430AFC6B0989B682D7A6D3A504F638E
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U...........P..i.Q...\.,8...;...W..I.Etu..M..~...(.{'?.../GjT..~u...........N.=?}..?.;.]...t@.?...wv.~1...+....X..~..W......&.$..Wv.u..\.r?.\|...`..9<....j@...-.B.>U./..H..h5z]H(\|......&...e..e......a#-.$.).(.oQ..^.`./.X................d....1$PZ}.^.].H.l\ .K....o.)c..R.O.Pd..8..)...U.;..6\|..h.Q.p,.%-...yD..2.+.VF..x.........J...4.I,`......6..)T.\|o.gA`..+....hh...yK..c[U....)}R,.BI..t.g<H....K...D....i.l..8....\|.}.[.R4.Y".pNK8.{..0.K...:.x...V<.......m..+.......z.e......#.........m}.}Ex.9m&."..j..=.w..X~~..z.....(2!.*.....%......D W.w......\4....Ee..v.eo(/.B.s..\|.E.^QU..]..{/..8..<r......v.

C:\Users\user\Contacts\iframe\rolloutfile.tv70.4.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	48379
Entropy (8bit):	7.995855149348939
Encrypted:	true
SSDEEP:	768:1ZkEYbYjX81mnAjovvj7NWZO5DUs4j49l2OcWlh/1dmMOCpk1Sj3v+9XowlWp:3Bn6o3j7NUORUzOpPOOki3v+9Xomu
MD5:	883A1B91F14B697F0AF91EA816D1FEF6
SHA1:	5601CA6A75306BAC8FEFFAF085BF6F34B6EB95E4
SHA-256:	4307418BC0AC74ABC4D3AE26110C2BBF46844B9022A6236916960E596DA60254
SHA-512:	E2295E7474AADF3C303489C04537FB7A25D342035F9E803FB61007E2FEB79D24A3499D7145BE1CF42D31B64A1B9EBE7CA1628CF4064A4DAB394A04D7B2421CAE
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U.....k....~...S.Jk.....M......}k$.....v .. -.,{......Y........c....+X.~..v8.....:{..-..(........?.70...<......!.0/.R...Fl.Jj...l...z..t....Y..7.......w..6.W....Xt..Hm..ILoF8>..w(....SF...&...^.6~....t..VR.\I..7....+I:..jgg._K.p.c>P...z\..u4.\.\|s...-0..HM7kh.9...FqZ..Z.X..`1........r.y<.i...d.....s..S..........a...=Ap..3...{dh %h~..Y.B@;8....ny.X..H..`....f..8\4.P....F-..x...e..E`.QLO..1D....-u.q>.[..){y.OKT...*qT....hx..._.Un.7.H.i.(t]..v.o..J.....c..Gn...#.P...{T>u.....b.2.0..?..hvf.w..1..4g.}.4..M..M.)........._..O1.{.~J....b/V..D....N.X!l.\>.L.@..8..#...f~ .z)^.)+.0..... .$..4Q..N...<0...F

C:\Users\user\Contacts\iframe\rolloutfile.tv70.5.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	49000
Entropy (8bit):	7.996377025790321
Encrypted:	true
SSDEEP:	768:1xUQop/bswKGwfBescCIzHG7KeTAzKstO4e2zwP0ZP1D8N0FmZn8PlnEsVd0rZC7:bU3FoFfBesezHY1AOmrzwc/88mupEsVf
MD5:	4E2E528EE46DB6EB13D72A6D274E6839
SHA1:	4E9850E75A56184739D75E3160DE2A86DDB559B4
SHA-256:	93DD43ABE92455F75759DBFA0C38365A7CA30F717EB89C9509DD808061CEC2B9
SHA-512:	4A27F9AC43DE0F29624A684771AC54602E7D733EA7D336E6A3EF447C3F53E1250AF39F0F32F39E06A4D7A70262CC5CCD1F91ED27FD648E24F2F0AE2BFAA7BAB7
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..P..(.i:..V&..o$5..f...`#'..F.....+..y\|qN......Y.l@..._..E. ...N.;D@.2.5..l._....n.k.U.).E....1.R..l6..m..u...!.ZJ.......ZUb._...'.......g....];.I.-.Z#..G..oU`.-.!/..`.\)7.,z.~/...K......l...7.....@.,s@.T.@] 4#..[..b.F..5h$t......O.D.......NC..w...(.mC.G....^}.J.#."7:.......9..^..G\.6....W..U.Z.<.wI.../\&C].....H....!;.-U.....V.cvB...7{...5.t....q.Mc...%.{..}.'...T..v...b....Q.c.3.>.6...D.9.g....vfu............$]. ....lR....&.A.....f'PNLD.....^.#..e.Ea#...ri(..L.."..,iy...Y{...5.. ..a.Zdo .0#..)4?L..S4.u....>..[.e..7.(. Ez...5#~l..w-j.d.."...{.........;Kt.~9<.L..FL..K..9]...m.;=...6...sH.f2ch....g. .\|...o5...0.j.......{::.A$?..\|.3....Kn..p. H.........P~vE.%7...>....w.!"[Ib.G.-Z5m.-.1R.h..g........V.tu..)....y..#.P....$..^.........)..0......v....A.#3..b...u...l.&=h..^...:../,.N.......0.Q..Z'.#Q.:..c..\.....a..B.<....<3.nd. A......z...y...-...fm.bQ..,...4...h...jV.L.EW.~.p.f-...w..n4..Isz...a..&RE.E.. .h.=.

C:\Users\user\Contacts\iframe\rolloutfile.tv70.6.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	53663
Entropy (8bit):	7.996034465161992
Encrypted:	true
SSDEEP:	1536:xGDXleIDEpnglofA6/90JVsGr3E7i4ycu:0DXMbpsOA6/SVsGbgu
MD5:	BEDC02665EFF5FA7CFF9F921AB0D7A82
SHA1:	C1582EBC610812E7F12590A9CF8BEB7B4C40C927
SHA-256:	E6DEFD1686F93FB5958FCAC25ACB72709D314134E7068716352C547EDC3498F5
SHA-512:	25D1AEE4828647251456FAC001F2D18178C80C9E55A16900BA4BB2AB04FFE7B04BE5CCAD967EAC2B9BB6ED9A2EEAED7A9E1758AC06820126554FE1AAFCA11E41
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7>..[..-x..+J>...q.M.-.......G.kF7..g[..j.(T.....N6.4.v...Iw9...}...f..3.....}.C.4gS1d.,...A.dQ.b..._.zAg....#.....4^.@m..B.i......)..zfi..........r..c`..I.....&.........o...,.utZ.. -j....o...J..\|...K6...t.?"....C..^.f.r}g.-..v..O.L....F....5b.........~.h.QE<..z......I.'.{2....F.U4.Psy.WZ.4....g.X.pK....?.h..>....%;.._........%p.}Y.OX.....MC....g.H._...b3.GQZ....z#8....K...9Eb{.....*......;N...rf<..:...+..9'!..T..\..1.q+......Nc..fy..5...v\.5....Aa....]....{.N.y...J..6....&p...b.Z..E._V+m.%.G.h7$9\.g.V....c..].nUck"..k.q....48.\|.;A..N....to}.h.......e..g=..Cw.5.(G.j^.g...X...,fH...g#O.).WG......._q...\|...:....:...r!?.._d.....:..S...._.Z...Y;.e.8m.x.\3....G}h......u..RM.95$\.}.K.2....E..r...%.i..._M..!3 9.\._...(.....1...9..j......Z..Ok.P.O.>.<n.........n3.Ef.e$~.Go.YJ..:.x...>..w.mE.%...w....4.Wg@d..\|Y..I..P?T.zX...U..?..Y..]......qC.hi.. ~...R.....f.. .n.............'...{H..3...

C:\Users\user\Contacts\iframe\rolloutfile.tv70.7.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	42610
Entropy (8bit):	7.996074590123248
Encrypted:	true
SSDEEP:	768:b8xwcl1SFhMI/+LU1WwMlPEtMKCQ2GA43mUZRiaPVUHUtOeT50:oxwSaF/+Q1WFdYMKXClNiVUCOw0
MD5:	2B47BE1B7CBC7A36085102092F7A324B
SHA1:	E2C9C49CD3455AFF87FF6F72EAC3EE43F7F9D413
SHA-256:	8A19BFEE1246E1559565ABDFC07C50F1E11341431C17EB82D0FC972B4CD21D00
SHA-512:	6CDA948DB320D9418FE7FF0B931B73E8B90788FD1350E70F49292B7E93364CDB99C3D6E62BF138803232767C5467C43312DCA8257597FADFE703ED92A8B19A9D
Malicious:	false
Preview:	.#D...e..,...!G...A..Z\.Zs..s.....n...H.n..]...f..7.}2b..?7<Kt..0..t..[.Q..b....!..]..@X&......I.M..V.w...<..H....)mD..n.....D.<.\|.N.}..U.....^..K."...h).W..9..D.S....E..c..k..Wi..V...P.....b.T.K.%.hX!)..Y.L....=.z.8...#..p.'+ .....S......./..............p!.....eG.i..\.....r.%:..^+$..#g3...b....wE .$...C..n.....W..9..!..N...Q..E..<..Se....B.Z.^"..c..p...2ac)..qw...h,..>.....`F8."...G(\]..B<...p.=irK.X...%.6...9..\d....I......b.X....zM.BJ....Ku.X^....;z..]..77.,....8x...w6..s)...L...Z...h.L..5X..w.q2......hG.v..o.$L..@r...iH. b\|B.^..=+.DCTp.:.@..^..'..$...s...y..@0..0q.1......./...U...O....d...H.7.....I.7.Z..3x:i.}.y}yf...&.g..h...y.`=X... [..t.??H=. .Q.f.\.5..;.M...V........k.^..._.../.]s5.........i...9..+(.........D.p.H....Mp...C.[..C..[F.....[.. }~...9......H!/v3.^...k....:Y...l..8..^'..H..ih......#.J...]....[.lu.\.!.....P.Z8.A.....KL.i..g.}.L......n%VJW.z`...<a..t...}.J.../D..d%q..0.B.b[.5..i..\...d...Yk..=......o.....A...

C:\Users\user\Contacts\iframe\rolloutfile.tv8.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	99558
Entropy (8bit):	7.998126987043341
Encrypted:	true
SSDEEP:	1536:BW6i/7u5pOXNGa8SHdDghoUY5IxeOvcrLK82rYi0AH4THvDR6g6dRQ5c:ovz2IXoa8SahoUPxeOkrW82aZb7RIQ5c
MD5:	DA245CD9A3C4B3C3801D3AF51F65669E
SHA1:	B4CBF06B1741C6F11BFCB70AF71648E9CD303AFA
SHA-256:	4ED05DA6232A33F423440381F7537F81D7A191869F61CADD46503A6219F61956
SHA-512:	4D7085D14DA5A9801503F42BDA2B638DDC39D3F7B2DC4C0F19D4E1F24257906711CBE88C5B93398EB26731532E8C2D649E629DB32782DF41D8A8A293D0C3BC0C
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv8.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32921
Entropy (8bit):	7.994624642930536
Encrypted:	true
SSDEEP:	768:BW6NewJwOQjdH/VducqYXlA3KZQcd61iEntb8LGAv6kpUtk:BW6jJefPqYXa3KNdHEtb2Xv6kKk
MD5:	83F1BCCDC2F210D7DE086FC737916F39
SHA1:	9CDE2A6162D3DA680ABCE27F73014762F9F3ACAD
SHA-256:	B00A874071BAC257B2FD82634301D93F2EF93AD7B2B6FA4CA59081C674E58083
SHA-512:	DD1620B4445E53DEF839D461853CA5819624EC45CBB7794A7A564B5317BFBE2E0A4CCE29BCA3990599E2CC4D056889A0025AA70FDAE2851BBF3244B22F40BFA5
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv9.0.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	95672
Entropy (8bit):	7.99801011413176
Encrypted:	true
SSDEEP:	1536:BW6YIBIE5MDNsiGv7/8/ieUvSZZht/paxFn9UyFELTsX3wt2JIaG0Q1WWTRDdXLo:o5IBNMDOHvL8avSXht/U2yFELwXAO1Gk
MD5:	4B55B9B8CD72784B8F4E86594C976C38
SHA1:	153DC16E17AD981DA1B8A9D990E00061D54CD49E
SHA-256:	9E3F1E22A087D3714AFD5E5C25817CB5D92F9DD158DBD5995D7E7B7FA7963C0C
SHA-512:	87E0FF6C0B087BC060F7B6F9D5A514FDEAB835A1153FC6A01A6D36E9765F4B9335C5281CB9CC832F0117F11030A104AB113057EDB6861508F8229870686C2E34
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Users\user\Contacts\iframe\rolloutfile.tv9.1.tv

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	30417
Entropy (8bit):	7.993108204768856
Encrypted:	true
SSDEEP:	768:BW6NHiPM2oCLwxHKaLMuIkdA/ceBdhiuP9vyRPMtoeVYbCluQ:BW6GLw418AjdvURPUYuv
MD5:	A227291090374BE07560BE98E820569E
SHA1:	79DE95ED367C987D0F2C009799E91C8D6EAD2127
SHA-256:	1BAC6A4DA0B8762762846D3828510696B82B9DACFC9341CF79A659863B328937
SHA-512:	21EFE5395D5CF59D60DABEAA2A6E83625571522EADD660C0EF1D599EBBEA5053ED381494EA46652CBD2AC994F09895F1249CC938F0BC42B28807815FE192F4BC
Malicious:	false
Preview:	.#D...e..,...!G...A..I....;.9...UK.......b.z.m.iG.}..a....k..@:g...f...."...s.@].3$..h....J......Qc.F...3.>r..P...(2..5....ERA.....G.eK.?..]...M....]......h...b..8i.ZJ.4..H..[.....ji.I.6"........P...j.~.-.......E.[....'..Y.)Q=..D..wX....v.2.JW.....0..p.d..cZ.........7.-\|0.......C....3..#1...R.........d+>{...x!OT..du.Y.r.H....^...W.....s.)......t...U.kJ...;.7k...th."....~O...[.C.. 2[...j^.....y.........4..0;..0.7..C.?.......W.n'.X.[.on.....o'.._..(.'....n.........#.g.wh('.R.!........tcCq...Z...9.7...!-gP.c.m8i.>N.O.p.P..#I".zH....5.@.F..(............._..t.2.C...b]-. ..,$NR.\|%4..Q.m.....U#F.P....e..)=..4...,..M.X.\.1.a...'.>.,h..r..i...4.)....\|.....=.....z.{6.....8.p:LZq}n.%.M.y...\|2.m~.E..j9..e..8.....14.....1.z.$.....gs..."..>.j.....n........4.&\..Y....5MQ..].:t.`=D=%qh..xZ4_._sKz.N....o.0..g..r.z.y.G.......L..A.....J..a..!G...\|nC....),...M..a.....L......Y.....@\.Gu.~>...@ ...\|R.9..Z&V.4....LYo/.I...]..h..I;...1...l."y._<......hx...e.LP.Mbi..

C:\Windows\Installer\5db15a.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {71DDB565-7BC9-40B1-ACCB-EE18F70FA1A2}, Number of Words: 10, Subject: Google Chorme Updat, Author: Microsoft, Name of Creating Application: Google Chorme Updat, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o Google Chorme Updat.Microsoft, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Wed Dec 11 13:28:05 2024, Last Saved Time/Date: Wed Dec 11 13:28:05 2024, Last Printed: Wed Dec 11 13:28:05 2024, Number of Pages: 450
Category:	dropped
Size (bytes):	26025472
Entropy (8bit):	7.975161494018679
Encrypted:	false
SSDEEP:	393216:rkfnz3B6QQmVmYiHS1YQtmdCFg8TVz5JmwA72LkilKBQGqfuGcC:rm0CEdHY0ou87q7riIDC
MD5:	F63A9B0B142D4A0D7A9811FAD82A1D39
SHA1:	65B03FE7CD544E60E4165BF8498E54E769694983
SHA-256:	2C1236D62D9E47AAC6495DFBCEE1D0E447C8CA6032EA49D0BB61B463976E1142
SHA-512:	4A973680557D4C93AA77D2292A218B29C56FA1BF33F39BC9A60861C0D5FB5D9B2DD9B55D8768FB1E434620525D9DF11AADD3F1C450C6960F33EBA52C7D9D5A60
Malicious:	false
Preview:	......................>...........................................+...........G.......c.......p....................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...............=...............#...4........................................................................................... ...!..."...,...$...%...&...'...(...)...*...+...1...-......./...0...5...2...3...>...A...6...7...8...9...:...;...<.......-...?...@.......B...C...D...E...F...........I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

C:\Windows\Installer\5db15d.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {71DDB565-7BC9-40B1-ACCB-EE18F70FA1A2}, Number of Words: 10, Subject: Google Chorme Updat, Author: Microsoft, Name of Creating Application: Google Chorme Updat, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o Google Chorme Updat.Microsoft, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Wed Dec 11 13:28:05 2024, Last Saved Time/Date: Wed Dec 11 13:28:05 2024, Last Printed: Wed Dec 11 13:28:05 2024, Number of Pages: 450
Category:	dropped
Size (bytes):	26025472
Entropy (8bit):	7.975161494018679
Encrypted:	false
SSDEEP:	393216:rkfnz3B6QQmVmYiHS1YQtmdCFg8TVz5JmwA72LkilKBQGqfuGcC:rm0CEdHY0ou87q7riIDC
MD5:	F63A9B0B142D4A0D7A9811FAD82A1D39
SHA1:	65B03FE7CD544E60E4165BF8498E54E769694983
SHA-256:	2C1236D62D9E47AAC6495DFBCEE1D0E447C8CA6032EA49D0BB61B463976E1142
SHA-512:	4A973680557D4C93AA77D2292A218B29C56FA1BF33F39BC9A60861C0D5FB5D9B2DD9B55D8768FB1E434620525D9DF11AADD3F1C450C6960F33EBA52C7D9D5A60
Malicious:	false
Preview:	......................>...........................................+...........G.......c.......p....................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...............=...............#...4........................................................................................... ...!..."...,...$...%...&...'...(...)...*...+...1...-......./...0...5...2...3...>...A...6...7...8...9...:...;...<.......-...?...@.......B...C...D...E...F...........I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

C:\Windows\Installer\MSIB9F5.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608380087035959
Encrypted:	false
SSDEEP:	24576:ccNkyRsKx6NapcjRh0lhSMXltuGVJ8Wea/xwuC:jNkyRmopy4duG/8Wea/xwuC
MD5:	EC6EBF65FE4F361A73E473F46730E05C
SHA1:	01F946DFBF773F977AF5ADE7C27FFFC7FE311149
SHA-256:	D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
SHA-512:	E4D7AAFA75D07A3071D2739D18B4C2B0A3798F754B339C349DB9A6004D031BF02F3970B030CEC4A5F55B4C19F03794B0CE186A303D936C222E7E6E8726FFFFF7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L...l..f.........."!...).....`............... ......................................Di....@A............................L...,...@....................Z..`=......h....K..p....................L...... K..@............ ...............................text...Z........................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIBB2E.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608380087035959
Encrypted:	false
SSDEEP:	24576:ccNkyRsKx6NapcjRh0lhSMXltuGVJ8Wea/xwuC:jNkyRmopy4duG/8Wea/xwuC
MD5:	EC6EBF65FE4F361A73E473F46730E05C
SHA1:	01F946DFBF773F977AF5ADE7C27FFFC7FE311149
SHA-256:	D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
SHA-512:	E4D7AAFA75D07A3071D2739D18B4C2B0A3798F754B339C349DB9A6004D031BF02F3970B030CEC4A5F55B4C19F03794B0CE186A303D936C222E7E6E8726FFFFF7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L...l..f.........."!...).....`............... ......................................Di....@A............................L...,...@....................Z..`=......h....K..p....................L...... K..@............ ...............................text...Z........................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIBB6E.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608380087035959
Encrypted:	false
SSDEEP:	24576:ccNkyRsKx6NapcjRh0lhSMXltuGVJ8Wea/xwuC:jNkyRmopy4duG/8Wea/xwuC
MD5:	EC6EBF65FE4F361A73E473F46730E05C
SHA1:	01F946DFBF773F977AF5ADE7C27FFFC7FE311149
SHA-256:	D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
SHA-512:	E4D7AAFA75D07A3071D2739D18B4C2B0A3798F754B339C349DB9A6004D031BF02F3970B030CEC4A5F55B4C19F03794B0CE186A303D936C222E7E6E8726FFFFF7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L...l..f.........."!...).....`............... ......................................Di....@A............................L...,...@....................Z..`=......h....K..p....................L...... K..@............ ...............................text...Z........................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIBBBD.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608380087035959
Encrypted:	false
SSDEEP:	24576:ccNkyRsKx6NapcjRh0lhSMXltuGVJ8Wea/xwuC:jNkyRmopy4duG/8Wea/xwuC
MD5:	EC6EBF65FE4F361A73E473F46730E05C
SHA1:	01F946DFBF773F977AF5ADE7C27FFFC7FE311149
SHA-256:	D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
SHA-512:	E4D7AAFA75D07A3071D2739D18B4C2B0A3798F754B339C349DB9A6004D031BF02F3970B030CEC4A5F55B4C19F03794B0CE186A303D936C222E7E6E8726FFFFF7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L...l..f.........."!...).....`............... ......................................Di....@A............................L...,...@....................Z..`=......h....K..p....................L...... K..@............ ...............................text...Z........................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIBC0C.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1021792
Entropy (8bit):	6.608380087035959
Encrypted:	false
SSDEEP:	24576:ccNkyRsKx6NapcjRh0lhSMXltuGVJ8Wea/xwuC:jNkyRmopy4duG/8Wea/xwuC
MD5:	EC6EBF65FE4F361A73E473F46730E05C
SHA1:	01F946DFBF773F977AF5ADE7C27FFFC7FE311149
SHA-256:	D3614D7BECE53E0D408E31DA7D9B0FF2F7285A7DD544C778847ED0C5DED5D52F
SHA-512:	E4D7AAFA75D07A3071D2739D18B4C2B0A3798F754B339C349DB9A6004D031BF02F3970B030CEC4A5F55B4C19F03794B0CE186A303D936C222E7E6E8726FFFFF7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......ia.p-..#-..#-..#].."!..#].."...#=..":..#=.."<..#=.."b..#].."7..#]..",..#].."...#-..#...#e.."T..#e..",..#e..#,..#-.g#,..#e..",..#Rich-..#........................PE..L...l..f.........."!...).....`............... ......................................Di....@A............................L...,...@....................Z..`=......h....K..p....................L...... K..@............ ...............................text...Z........................... ..`.rdata....... ......................@..@.data....(..........................@....fptable............................@....rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

C:\Windows\Installer\MSIBCC8.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	21375
Entropy (8bit):	4.859756087319408
Encrypted:	false
SSDEEP:	384:cKttVB66ntzCLLHNwEE0ppTZZZN7SWF9B:cKttVB66tkZZZNXzB
MD5:	2794A72D0FEAAE22269FEEF120324220
SHA1:	64AF37E01CA3DDD022170AF3D7450F69D8EAC8E1
SHA-256:	9C84A14F2041517DA0E6D935D77E9E75EEE806A380A9FF5ABE542E58767EA172
SHA-512:	08295B9EC20D4B5E079815F7B4753B43BF36B90E3932BF84DC553C10D63101CE47190106CB92C6D5A7F783388A09265C17852B3560DA88C55CA82CBBA872A95F
Malicious:	false
Preview:	...@IXOS.@.....@.].Y.@.....@.....@.....@.....@.....@......&.{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}..Google Chorme Updat..FS-SZHAJCVS.msi.@.....@.....@.....@........&.{71DDB565-7BC9-40B1-ACCB-EE18F70FA1A2}.....@.....@.....@.....@.......@.....@.....@.......@......Google Chorme Updat......Rollback..A.....o. .d.e. .r.e.s.t.a.u.r.a.....o.....RollbackCleanup..Removendo arquivos de backup..Arquivo: [1]...@.......@........ProcessComponents%.Atualizando o registro de componentes...@.....@.....@.]....&.{3B6BDBC4-2324-4D70-B1CA-94B741C61BF2}..C:\Users\user\Contacts\.@.......@.....@.....@......&.{C8D017D3-89C0-4250-9FFB-5D9684AF0A8D}2.01:\Software\Microsoft\Google Chorme Updat\Version.@.......@.....@.....@......&.{D5998543-BD40-48E5-B2B3-340A1A6BC8BF}..C:\Users\user\Contacts\file.cur.@.......@.....@.....@......&.{6C2AF152-BDD7-48E0-A2DE-D854C860F818}!.C:\Users\user\Contacts\chrome.exe.@.......@.....@.....@......&.{9F462EE0-6F93-497C-B68E-DBA788B46E2D}..01:\Software\Microssoft\.@.......@.....@.....

C:\Windows\Installer\SourceHash{E61000D3-0DDC-4DEE-8707-B125A70BDBB0}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1645915176334416
Encrypted:	false
SSDEEP:	12:JSbX72FjzJAGiLIlHVRpih/7777777777777777777777777vDHFBqjxl0i8Q:J5JQI5y/qcF
MD5:	24414ABFF5CDD0AEC95E16A51A0F3D0C
SHA1:	9E14119C109F17CBF3F570833211BBB2D6478632
SHA-256:	04E176F2D843929862162C2EFC9F15201D71F76B6A341D416BFCD0B100057D9F
SHA-512:	98D4E8238AC1B44BD37F1FD7DC03A3B33D87ABBC36B661D8B1CA228C358D76FAF5EE8A5401845884B62657936DE285A5E33F8ED7D6AB6C4880D9FDE23EC0B43E
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.481740442761816
Encrypted:	false
SSDEEP:	96:lhq13FTK97r8ukI1ukRv5C0MAnukI1uk:y11W9X8i1/v5ni1
MD5:	16A0EAF0E2F17E6D8B33CBA0176E7B08
SHA1:	924DBFE3C6ED2F0C973523CCB5962A9D09B5FE51
SHA-256:	1D2354D551A127B31F98FA265C28F5A99744B4FCA6AC9DA5EC8D9168F74D5F74
SHA-512:	5A06E92E973BEF9BA1B9B2ADCDD36DEB976336A4364FCB463C85A5C23519CDE56082CD342998DF5D62ADCA97CA4445F7950FB9B679E4A1B9A582CB9A2684EACE
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	360001
Entropy (8bit):	5.362968036722608
Encrypted:	false
SSDEEP:	1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauS:zTtbmkExhMJCIpE7
MD5:	9A8E3F9C6DF9F9D5AC412E5CE82DDE78
SHA1:	29822A52D5639D150563882E2F4D1881EF188C36
SHA-256:	E60D19F52206BD889B11C859450FB341754FEB62FECB46433128B2EF1969C9F7
SHA-512:	3818F6798F91C1249D2CB25FC7C0E847185474D12217E6FE8B0AFE8EF3DE9B2B95C574546FA81F356FC6D596017ACD8E1CDCB33BD3CF22D79C346BFF8F6D07B1
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\Temp\~DF133B27E25FCB8A55.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.1945047624074057
Encrypted:	false
SSDEEP:	48:Pliu6O+CFXJpT5G97r8ukISuukKAEu5CyjMHgnukISuukATNc9:tioRTo97r8ukI1ukRv5C0MAnukI1uk
MD5:	CBCA8E92D3DB25A721608D2E584FCDB7
SHA1:	FF72F0AF14CC6B81DEE9686FFF3D36B45BFECE77
SHA-256:	69E9F66426025ECD8CB04CC4ACB01DB41880089F0EE9F562C88422CBD3F7E3F6
SHA-512:	36D97C58B3543DF46CEBC3C331DEE95375DFDB28B5BB9C37701125E0642AC33E73603DDF7C4C59E205B1AF50EA9A5BBC68F6E8F9335818C9278176E5A4B26646
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF1CE07BF5081FF8EA.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.07190921955703432
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOd3qO+mUaVky6lhX:2F0i8n0itFzDHFBqjx
MD5:	78EB8AD7BDE7ED03534E6303E1D8AC1E
SHA1:	4B45FEA6D1F0744F425CC135EBE63858CE8F592D
SHA-256:	2CB8DCD17E6593448A68C44B914C2D3E6D8BB6B29DDE3F033EEA5E56ABD6F5B2
SHA-512:	E8FA94FEB6542D665F48C565955B166F458901A70100A128538668DFCC9443226A653966A651B136E56FFB2D2DFC12AE45239C2082A3B8350931E26193130F49
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF2EC1B65E7293B5D0.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF47DF317554A45B6B.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.481740442761816
Encrypted:	false
SSDEEP:	96:lhq13FTK97r8ukI1ukRv5C0MAnukI1uk:y11W9X8i1/v5ni1
MD5:	16A0EAF0E2F17E6D8B33CBA0176E7B08
SHA1:	924DBFE3C6ED2F0C973523CCB5962A9D09B5FE51
SHA-256:	1D2354D551A127B31F98FA265C28F5A99744B4FCA6AC9DA5EC8D9168F74D5F74
SHA-512:	5A06E92E973BEF9BA1B9B2ADCDD36DEB976336A4364FCB463C85A5C23519CDE56082CD342998DF5D62ADCA97CA4445F7950FB9B679E4A1B9A582CB9A2684EACE
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF4C90F0E5D86F03AE.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.481740442761816
Encrypted:	false
SSDEEP:	96:lhq13FTK97r8ukI1ukRv5C0MAnukI1uk:y11W9X8i1/v5ni1
MD5:	16A0EAF0E2F17E6D8B33CBA0176E7B08
SHA1:	924DBFE3C6ED2F0C973523CCB5962A9D09B5FE51
SHA-256:	1D2354D551A127B31F98FA265C28F5A99744B4FCA6AC9DA5EC8D9168F74D5F74
SHA-512:	5A06E92E973BEF9BA1B9B2ADCDD36DEB976336A4364FCB463C85A5C23519CDE56082CD342998DF5D62ADCA97CA4445F7950FB9B679E4A1B9A582CB9A2684EACE
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF95B284228F69D2DE.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.1945047624074057
Encrypted:	false
SSDEEP:	48:Pliu6O+CFXJpT5G97r8ukISuukKAEu5CyjMHgnukISuukATNc9:tioRTo97r8ukI1ukRv5C0MAnukI1uk
MD5:	CBCA8E92D3DB25A721608D2E584FCDB7
SHA1:	FF72F0AF14CC6B81DEE9686FFF3D36B45BFECE77
SHA-256:	69E9F66426025ECD8CB04CC4ACB01DB41880089F0EE9F562C88422CBD3F7E3F6
SHA-512:	36D97C58B3543DF46CEBC3C331DEE95375DFDB28B5BB9C37701125E0642AC33E73603DDF7C4C59E205B1AF50EA9A5BBC68F6E8F9335818C9278176E5A4B26646
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFAA9BDCF4AA986488.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFAE8AEBB9194345D5.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB349E6DA99E60766.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	0.10674169825040708
Encrypted:	false
SSDEEP:	48:diF1TyukISuuknukISuukKAEu5CyjMHguiOR:BukI1uknukI1ukRv5C0MAuiOR
MD5:	94BC38C4FB92AFE023E281416E09D064
SHA1:	2B9D34438A3C6DF6846600921AC8768BE691AFF5
SHA-256:	22C74AC3F9B0E3CDE8C8975E143FBC82C72CF3E8B743FF03530ED578B634FA04
SHA-512:	F32E84828BD140910771EF964C9946A608C89CE39139F3BCEFEBE0ACEE9D7C567F7F31684E6F203B7BFFAE79AFDA1EB12EC668B9ECEF52324B61FCDEFBF03221
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB351126AFF5BEDD1.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB6B88ED42AFBA194.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFD0EE3FBBC7688E79.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.1945047624074057
Encrypted:	false
SSDEEP:	48:Pliu6O+CFXJpT5G97r8ukISuukKAEu5CyjMHgnukISuukATNc9:tioRTo97r8ukI1ukRv5C0MAnukI1uk
MD5:	CBCA8E92D3DB25A721608D2E584FCDB7
SHA1:	FF72F0AF14CC6B81DEE9686FFF3D36B45BFECE77
SHA-256:	69E9F66426025ECD8CB04CC4ACB01DB41880089F0EE9F562C88422CBD3F7E3F6
SHA-512:	36D97C58B3543DF46CEBC3C331DEE95375DFDB28B5BB9C37701125E0642AC33E73603DDF7C4C59E205B1AF50EA9A5BBC68F6E8F9335818C9278176E5A4B26646
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Security: 0, Code page: 1252, Revision Number: {71DDB565-7BC9-40B1-ACCB-EE18F70FA1A2}, Number of Words: 10, Subject: Google Chorme Updat, Author: Microsoft, Name of Creating Application: Google Chorme Updat, Template: ;1046, Comments: A base dados do instalador contm a lgica e os dados necessrios para instalar o Google Chorme Updat.Microsoft, Title: Installation Database, Keywords: Installer, MSI, Database, Create Time/Date: Wed Dec 11 13:28:05 2024, Last Saved Time/Date: Wed Dec 11 13:28:05 2024, Last Printed: Wed Dec 11 13:28:05 2024, Number of Pages: 450
Entropy (8bit):	7.975161494018679
TrID:	Windows SDK Setup Transform Script (63028/2) 47.91% Microsoft Windows Installer (60509/1) 46.00% Generic OLE2 / Multistream Compound File (8008/1) 6.09%
File name:	FS-SZHAJCVS.msi
File size:	26'025'472 bytes
MD5:	f63a9b0b142d4a0d7a9811fad82a1d39
SHA1:	65b03fe7cd544e60e4165bf8498e54e769694983
SHA256:	2c1236d62d9e47aac6495dfbcee1d0e447c8ca6032ea49d0bb61b463976e1142
SHA512:	4a973680557d4c93aa77d2292a218b29c56fa1bf33f39bc9a60861c0d5fb5d9b2dd9b55d8768fb1e434620525d9df11aadd3f1c450c6960f33eba52c7d9d5a60
SSDEEP:	393216:rkfnz3B6QQmVmYiHS1YQtmdCFg8TVz5JmwA72LkilKBQGqfuGcC:rm0CEdHY0ou87q7riIDC
TLSH:	DC473335AA8BC52AE59C01BBA43DBE2E053EAD63073040D7F3F97C6E4D708C19679652
File Content Preview:	........................>...........................................+...........G.......c.......p..............................................................................................................................................................

File Icon


Icon Hash:	2d2e3797b32b2b99

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-13T17:47:47.216147+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.9	49708	162.214.64.212	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 13, 2024 17:47:45.592693090 CET	49708	80	192.168.2.9	162.214.64.212
Dec 13, 2024 17:47:45.712580919 CET	80	49708	162.214.64.212	192.168.2.9
Dec 13, 2024 17:47:45.712670088 CET	49708	80	192.168.2.9	162.214.64.212
Dec 13, 2024 17:47:45.712992907 CET	49708	80	192.168.2.9	162.214.64.212
Dec 13, 2024 17:47:45.833772898 CET	80	49708	162.214.64.212	192.168.2.9
Dec 13, 2024 17:47:47.215739965 CET	80	49708	162.214.64.212	192.168.2.9
Dec 13, 2024 17:47:47.216146946 CET	49708	80	192.168.2.9	162.214.64.212
Dec 13, 2024 17:47:52.221822977 CET	80	49708	162.214.64.212	192.168.2.9
Dec 13, 2024 17:47:52.221894026 CET	49708	80	192.168.2.9	162.214.64.212

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 13, 2024 17:47:44.470578909 CET	57216	53	192.168.2.9	1.1.1.1
Dec 13, 2024 17:47:45.474838972 CET	57216	53	192.168.2.9	1.1.1.1
Dec 13, 2024 17:47:45.586365938 CET	53	57216	1.1.1.1	192.168.2.9
Dec 13, 2024 17:47:45.611912012 CET	53	57216	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 13, 2024 17:47:44.470578909 CET	192.168.2.9	1.1.1.1	0xd669	Standard query (0)	e-notas.com	A (IP address)	IN (0x0001)	false
Dec 13, 2024 17:47:45.474838972 CET	192.168.2.9	1.1.1.1	0xd669	Standard query (0)	e-notas.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 13, 2024 17:47:45.586365938 CET	1.1.1.1	192.168.2.9	0xd669	No error (0)	e-notas.com		162.214.64.212	A (IP address)	IN (0x0001)	false
Dec 13, 2024 17:47:45.611912012 CET	1.1.1.1	192.168.2.9	0xd669	No error (0)	e-notas.com		162.214.64.212	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

e-notas.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49708	162.214.64.212	80	8024	C:\Users\user\Contacts\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Dec 13, 2024 17:47:45.712992907 CET	85	OUT	GET /dsdrk/inspecionando.php HTTP/1.1 Host: e-notas.com Cache-Control: no-cache
Dec 13, 2024 17:47:47.215739965 CET	131	IN	HTTP/1.1 200 OK Date: Fri, 13 Dec 2024 16:47:46 GMT Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8

Target ID:	1
Start time:	11:47:24
Start date:	13/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\FS-SZHAJCVS.msi"
Imagebase:	0x7ff7527c0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	11:47:24
Start date:	13/12/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff7527c0000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	11:47:27
Start date:	13/12/2024
Path:	C:\Windows\SysWOW64\msiexec.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\syswow64\MsiExec.exe -Embedding A95A5DA04788A2228387268B6F61DD10
Imagebase:	0x5c0000
File size:	59'904 bytes
MD5 hash:	9D09DC1EDA745A5F87553048E57620CF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	11:47:32
Start date:	13/12/2024
Path:	C:\Users\user\Contacts\chrome.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Contacts\chrome.exe"
Imagebase:	0xb40000
File size:	2'252'904 bytes
MD5 hash:	DD36EA28C576FB0AD109B42D3D6C9F96
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	11:47:58
Start date:	13/12/2024
Path:	C:\Users\user\Contacts\chrome.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Contacts\chrome.exe"
Imagebase:	0xb40000
File size:	2'252'904 bytes
MD5 hash:	DD36EA28C576FB0AD109B42D3D6C9F96
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	11:48:06
Start date:	13/12/2024
Path:	C:\Users\user\Contacts\chrome.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Contacts\chrome.exe"
Imagebase:	0xb40000
File size:	2'252'904 bytes
MD5 hash:	DD36EA28C576FB0AD109B42D3D6C9F96
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	0.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	19.3%
Total number of Nodes:	389
Total number of Limit Nodes:	17

Executed Functions

Function 00B50A20 Relevance: 51.4, APIs: 20, Strings: 9, Instructions: 617
threadlibraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

IsThreadAFiber.KERNEL32 ref: 00B50A48
ConvertThreadToFiberEx.KERNEL32(00000000,00000001), ref: 00B50A5C
CreateFiberEx.KERNEL32(00000000,00400000,00000001,00B509F0,?), ref: 00B50A85
SwitchToFiber.KERNEL32(00000000), ref: 00B50A96
DeleteFiber.KERNEL32(00000000), ref: 00B50A9D
ConvertFiberToThread.KERNEL32 ref: 00B50AA3
GetInstallDetailsPayload.CHROME_ELF ref: 00B50B6D
GetInstallDetailsPayload.CHROME_ELF ref: 00B50B7A
GetInstallDetailsPayload.CHROME_ELF ref: 00B50B9A
GetInstallDetailsPayload.CHROME_ELF ref: 00B50B9F
GetInstallDetailsPayload.CHROME_ELF ref: 00B50C57
GetProcAddress.KERNEL32(00000000,RelaunchChromeBrowserWithNewCommandLineIfNeeded), ref: 00B50D6B
QueryPerformanceCounter.KERNEL32(?,?,type,00000004), ref: 00B50D93
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B50DCF
GetLastError.KERNEL32 ref: 00B510ED

Strings

initial-client-data, xrefs: 00B50E50
..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00B50FBA
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00B50FC1
RelaunchChromeBrowserWithNewCommandLineIfNeeded, xrefs: 00B50D65
user-data-dir, xrefs: 00B50F25, 00B50F2F, 00B50F36
no-periodic-tasks, xrefs: 00B50E0F
About to load main DLL., xrefs: 00B5116B
type, xrefs: 00B50BF3, 00B50F37
..\..\chrome\app\chrome_exe_main_win.cc, xrefs: 00B5110F, 00B5115C

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: Fiber$DetailsInstallPayload$Thread$Convert$AddressCounterCreateDeleteErrorLastPerformanceProcQuerySwitchUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: ..\..\chrome\app\chrome_exe_main_win.cc$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$About to load main DLL.$RelaunchChromeBrowserWithNewCommandLineIfNeeded$initial-client-data$no-periodic-tasks$type$user-data-dir
API String ID: 1252984512-2531495068
Opcode ID: 59ffde0b3b00c110c7a11a0255c7e4de60dd9fbf59d203632af44851b0c50119
Instruction ID: 5eaf850fbf4d70446beb9753eebe9378e93930736f715fd482d42e8b618f53a5
Opcode Fuzzy Hash: 59ffde0b3b00c110c7a11a0255c7e4de60dd9fbf59d203632af44851b0c50119
Instruction Fuzzy Hash: 6D22E3B06107409FDB24AF39D8C1B26B7E4EF45305F1489EDED869B692EB70E848DB11

Function 00C06D80 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 439
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TryAcquireSRWLockExclusive.KERNEL32 ref: 00C06DA5
__aulldiv.LIBCMT ref: 00C0729D
TryAcquireSRWLockExclusive.KERNEL32 ref: 00C07319
ReleaseSRWLockExclusive.KERNEL32 ref: 00C07341
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00C07366
TlsAlloc.KERNEL32 ref: 00C0739A

Part of subcall function 00B49990: LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000000,?,?,00C06F07,?,?,?), ref: 00B499BC
Part of subcall function 00B49990: GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 00B499CC

Part of subcall function 00BCCF90: TryAcquireSRWLockExclusive.KERNEL32(00000040,00000000,00000040,00000000,?,00C073D2), ref: 00BCCFA1
Part of subcall function 00BCCF90: AcquireSRWLockExclusive.KERNEL32(00000040,?,00C073D2), ref: 00BCCFDA

Part of subcall function 00BAA660: TryAcquireSRWLockExclusive.KERNEL32(00D010F0), ref: 00BAA694
Part of subcall function 00BAA660: ReleaseSRWLockExclusive.KERNEL32(00D010F0), ref: 00BAA6B0

ReleaseSRWLockExclusive.KERNEL32 ref: 00C073F6

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00C0741F

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release$AddressAllocLibraryLoadProc__aulldiv
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
API String ID: 1366307475-4189810390
Opcode ID: 3f0f41d6870465a5b09d0ebf00474b74ebc948cd94c5754f6bc14fcb5f821d2c
Instruction ID: 559205bdbaf7b652356763a5fa40c68db85850b8632592b58bd31094264f57b9
Opcode Fuzzy Hash: 3f0f41d6870465a5b09d0ebf00474b74ebc948cd94c5754f6bc14fcb5f821d2c
Instruction Fuzzy Hash: 780282B1904B848FD316DF39C44435AFBE1AFD5340F048B2EE8DA67251DB74A996CB42

Function 00BCA770 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 319
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BCA835
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00BCA936
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00BCA97F
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BCA9A7

Strings

second, xrefs: 00BCAB44, 00BCAB89
first, xrefs: 00BCAAE5, 00BCAB1F, 00BCAB64

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: first$second
API String ID: 17069307-3095674784
Opcode ID: 55f72298af2751d4a2f819886affdb2152963693fb406a13ae9a83de5227e696
Instruction ID: 4e78200e5df8e1a8af212a875183a71ee4d4f3929951d0b1ea4633c0c07b2e48
Opcode Fuzzy Hash: 55f72298af2751d4a2f819886affdb2152963693fb406a13ae9a83de5227e696
Instruction Fuzzy Hash: 04B12631A007058BC7108F29C481F26F7E2EFD5718F29C6ADF999972A5D7719C42DB82

Function 00B49990 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000000,?,?,00C06F07,?,?,?), ref: 00B499BC
GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 00B499CC

Strings

ProcessPrng, xrefs: 00B499C6
bcryptprimitives.dll, xrefs: 00B499B7

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: ProcessPrng$bcryptprimitives.dll
API String ID: 2574300362-2667675608
Opcode ID: 245f444ee08fa3e3eba2a1dd16f8718e9ffd680329ca8e43c6451e46f9adadd2
Instruction ID: b1ac75628b198da698202d584f4046e494ca7475113672cc2d0bfe22c55d8fe0
Opcode Fuzzy Hash: 245f444ee08fa3e3eba2a1dd16f8718e9ffd680329ca8e43c6451e46f9adadd2
Instruction Fuzzy Hash: D331F670A00209AFDB04DF65D845A9BBBF5FF89310F08C56DF808AB350EB30A981DB91

Function 00B46AD0 Relevance: 3.1, APIs: 2, Instructions: 86
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TryAcquireSRWLockExclusive.KERNEL32(00D13578,00B46A79,?,?,00BCE05C,?,-00000048,?), ref: 00B46AEC
ReleaseSRWLockExclusive.KERNEL32(00D13578,?,?,?,?,?,?,?,00BCE05C,?,-00000048,?), ref: 00B46B6D

Part of subcall function 00B49990: LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000000,?,?,00C06F07,?,?,?), ref: 00B499BC
Part of subcall function 00B49990: GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 00B499CC

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireAddressLibraryLoadProcRelease
String ID:
API String ID: 969684755-0
Opcode ID: a409a889a42f6ea33767a142c8c84620232a427ff222f083c0497701b0f0b495
Instruction ID: 8e732368cfaf441f1afbad9c313b3c787e24ddfb17b1aa3374cf0a66f956c39a
Opcode Fuzzy Hash: a409a889a42f6ea33767a142c8c84620232a427ff222f083c0497701b0f0b495
Instruction Fuzzy Hash: 2B317571E043006BE310DF2AEC41696BBE7EBC8710B85C16DD899D7351EE305A42DB91

Function 00BCAE00 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReleaseSRWLockExclusive.KERNEL32(00000001,00000001), ref: 00BCAF04
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BCAF67

Strings

second, xrefs: 00BCAC5A, 00BCAFD9
first, xrefs: 00BCAC35, 00BCAFB4

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: first$second
API String ID: 17069307-3095674784
Opcode ID: 0bcaa102880be08109cfdc12fe424097db70399b5a8f218c405260dc1f36c1e2
Instruction ID: 652b73db244d7dc600c4b7a2f297c87b1a2030f633821d7d13fcccd17c2416ae
Opcode Fuzzy Hash: 0bcaa102880be08109cfdc12fe424097db70399b5a8f218c405260dc1f36c1e2
Instruction Fuzzy Hash: 815125B16007069BD7109F29C480B6AF7E2EFC5318F2886BDF49987299D7759842C782

Function 00B469E0 Relevance: 5.1, APIs: 4, Instructions: 56
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000020), ref: 00B46A02
GetLastError.KERNEL32 ref: 00B46A22
VirtualFree.KERNEL32(?,?,00004000), ref: 00B46A54
GetLastError.KERNEL32 ref: 00B46A5E

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLastVirtual$AllocFree
String ID:
API String ID: 2325269287-0
Opcode ID: 140f2e7f3a0fca748e6b1c588daccb232d4bb92ed7fc5e4ce54f06bb94242a3c
Instruction ID: 2efe5ac7b73b1180a80c2e39a19f71320365fc8191b11633e396e95dce1a6171
Opcode Fuzzy Hash: 140f2e7f3a0fca748e6b1c588daccb232d4bb92ed7fc5e4ce54f06bb94242a3c
Instruction Fuzzy Hash: B00126B07001049BEB285F21DC1C77E77DDEB4639AF2488A4FB0AE7180E674CA40D263

Function 00BC9FA0 Relevance: 3.2, APIs: 2, Instructions: 220
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

TryAcquireSRWLockExclusive.KERNEL32(656D6DA9,00000000,-00000004,?,?,?,00B59E75,00CEFE90,-00000004,00000000), ref: 00BCA171
ReleaseSRWLockExclusive.KERNEL32(00B59E75,00000001,?,00B59E75,00CEFE90,-00000004,00000000), ref: 00BCA1E3

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: 6b5710d116a6ffbb9407707cccdf1e60cc79d577de249129e34820aa82aeb3e8
Instruction ID: 03cf4daa22a189b2270ad5ad2fc9db5ce9dee3ee0ab1983f59100e412a14247e
Opcode Fuzzy Hash: 6b5710d116a6ffbb9407707cccdf1e60cc79d577de249129e34820aa82aeb3e8
Instruction Fuzzy Hash: 0C81DC716002098FDB28CF68C8C4BB5BBF5FF45328F1885ADE8298B696D735E845CB41

Function 00B46A70 Relevance: 3.0, APIs: 2, Instructions: 28
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B46AD0: TryAcquireSRWLockExclusive.KERNEL32(00D13578,00B46A79,?,?,00BCE05C,?,-00000048,?), ref: 00B46AEC
Part of subcall function 00B46AD0: ReleaseSRWLockExclusive.KERNEL32(00D13578,?,?,?,?,?,?,?,00BCE05C,?,-00000048,?), ref: 00B46B6D

GetCurrentProcess.KERNEL32(?,?,00BCE05C,?,-00000048,?), ref: 00B46A9E
IsWow64Process.KERNEL32(00000000,00D02550,?,00BCE05C,?,-00000048,?), ref: 00B46AAA

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLockProcess$AcquireCurrentReleaseWow64
String ID:
API String ID: 2898688079-0
Opcode ID: fff12a0cb3f7f3eb295362c063260a275096716a978e89d71688a973abb5ed8e
Instruction ID: ad0feee6bce76bf03c2ec8304f79cac8c488976d6ce32438125a577311747519
Opcode Fuzzy Hash: fff12a0cb3f7f3eb295362c063260a275096716a978e89d71688a973abb5ed8e
Instruction Fuzzy Hash: 3FE065B1601A2157C2105B6C6C5C73577E8A706751F198551F909E23D0F710EE0563A7

Function 00C5361B Relevance: 2.6, APIs: 2, Instructions: 67
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastError.KERNEL32(?,?,00C38151,00C68715,?,00000000,?,00C8476B,?,?), ref: 00C5361F
SetLastError.KERNEL32(00000000,00000008,000000FF,?,00C8476B,?,?), ref: 00C536C1

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 87790a707624fabaf3dd9faf6a7fa2c7297659a070435c1d5e1c08457d85fef4
Instruction ID: 40fb4310390802ed1021678e895214e1c0d73551983c738eda55a3cd3b164395
Opcode Fuzzy Hash: 87790a707624fabaf3dd9faf6a7fa2c7297659a070435c1d5e1c08457d85fef4
Instruction Fuzzy Hash: 9611C2797142917ED3113BB5ACC5F3B2AA8EB007EA7140238FD19912A2DE50CF8DA16D

Function 00C5727B Relevance: 1.6, APIs: 1, Instructions: 113
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___free_lconv_mon.LIBCMT ref: 00C572BF

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ___free_lconv_mon
String ID:
API String ID: 3903695350-0
Opcode ID: bed86e37ebc92977bc9ec7e72f4d6c26a37f386e14f401dc87d51040dc313da0
Instruction ID: b886c2afc6315ec8449b599cda2597dcda39e22b4461d3fcb58fc988109ad668
Opcode Fuzzy Hash: bed86e37ebc92977bc9ec7e72f4d6c26a37f386e14f401dc87d51040dc313da0
Instruction Fuzzy Hash: 1231AF35908201DFDB20AA79FC05B5AB3E8EF00721F1045A9FA64D7561DB74EEC4AB18

Function 00B509F0 Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00B50A20: IsThreadAFiber.KERNEL32 ref: 00B50A48
Part of subcall function 00B50A20: ConvertThreadToFiberEx.KERNEL32(00000000,00000001), ref: 00B50A5C
Part of subcall function 00B50A20: CreateFiberEx.KERNEL32(00000000,00400000,00000001,00B509F0,?), ref: 00B50A85
Part of subcall function 00B50A20: SwitchToFiber.KERNEL32(00000000), ref: 00B50A96
Part of subcall function 00B50A20: DeleteFiber.KERNEL32(00000000), ref: 00B50A9D
Part of subcall function 00B50A20: ConvertFiberToThread.KERNEL32 ref: 00B50AA3

SwitchToFiber.KERNEL32(?,?), ref: 00B50A07

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: Fiber$Thread$ConvertSwitch$CreateDelete
String ID:
API String ID: 3938851108-0
Opcode ID: 8f2e81588f15bfb2c33f9a590615843460b1fba66c30dab590bb4012d6ac5276
Instruction ID: 5da97353f26853b460fa85008fd7e0c98ff507e36775d089009d3b7c8895c829
Opcode Fuzzy Hash: 8f2e81588f15bfb2c33f9a590615843460b1fba66c30dab590bb4012d6ac5276
Instruction Fuzzy Hash: 6CD0C972410214ABC7107F69E80599ABFE8EB00351B00847AE94A52521D63268249BD1

Non-executed Functions

Function 00B48030 Relevance: 42.6, APIs: 16, Strings: 8, Instructions: 603COMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000004,?,?), ref: 00B482EC
GetLastError.KERNEL32 ref: 00B48301
SetLastError.KERNEL32(00000000), ref: 00B4830F
GetLastError.KERNEL32 ref: 00B48332
SetLastError.KERNEL32(00000000), ref: 00B48343
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B4851D
K32GetModuleInformation.KERNEL32(00000000,?,?,0000000C,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B48530
GetLastError.KERNEL32(0000000C,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B4856F
SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B4857D
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B48591
SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B485B1
GetSystemInfo.KERNEL32(?), ref: 00B48686
GetLastError.KERNEL32(00CE1384,..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type,?,?,?), ref: 00B486B8
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B48700

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00B486A2
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00B486A9
..\..\third_party\perfetto\src\tracing\event_context.cc, xrefs: 00B48229, 00B4825E
PERFETTO_CHECK(tls_state_), xrefs: 00B48238
..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00B480E3, 00B481D0
%s (errno: %d, %s), xrefs: 00B4823D, 00B48272
{}-, xrefs: 00B4846C
PERFETTO_CHECK(key), xrefs: 00B4826D

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$Module$CurrentFreeHandleInfoInformationLibraryProcessSystem
String ID: %s (errno: %d, %s)$..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\perfetto\src\tracing\event_context.cc$PERFETTO_CHECK(key)$PERFETTO_CHECK(tls_state_)${}-
API String ID: 4075626267-2919275849
Opcode ID: b2801cb96709f44383db88d16a377055999267ef0f900065b9df7bb0988707a4
Instruction ID: 360623fdd42dbec034d7e9026af3931aaf55b93f4a466e0bccbc0b7e75804fd2
Opcode Fuzzy Hash: b2801cb96709f44383db88d16a377055999267ef0f900065b9df7bb0988707a4
Instruction Fuzzy Hash: 132282B4E002159FDB11DF64D881BAEBBF4FF49700F248169E819AB351EB30AA45DF91

Function 00BC1760 Relevance: 36.1, APIs: 11, Strings: 9, Instructions: 1131COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BC17F5
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BC181D
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,000003E8,00000000), ref: 00BC1A45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00BC1B69

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00BC266A
Histogram.BadConstructionArguments, xrefs: 00BC2621
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00BC2679
@, xrefs: 00BC2116
Histogram.MismatchedConstructionArguments, xrefs: 00BC2639
..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00BC2607
Histogram.TooManyBuckets.1000, xrefs: 00BC25B9
..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00BC25F8
Blink.UseCounter, xrefs: 00BC25CA

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLockUnothrow_t@std@@@__ehfuncinfo$??2@$AcquireRelease
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$@$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000
API String ID: 198524673-1212892455
Opcode ID: 96c0f5e37be5de3fedda9a39ecdcf7acc770e9217d528ea917d3da335098cb80
Instruction ID: 2095d05da89b5079e03f74979ec7fcbc72cd9f1fa69b0de7c0fc009594a7c84d
Opcode Fuzzy Hash: 96c0f5e37be5de3fedda9a39ecdcf7acc770e9217d528ea917d3da335098cb80
Instruction Fuzzy Hash: 2C92B175A043418BD714DF28C891B2AB7E2EF95310F1989ADF89A9B352DB31EC41CB52

Function 00B58C00 Relevance: 35.4, APIs: 13, Strings: 7, Instructions: 449synchronizationthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,00B83FE0,00000000,00000000,00000000), ref: 00B58CC1
CreateThread.KERNEL32(00000000,00000000,00B83FE0,00000000,00000000,00000000), ref: 00B58D41

Part of subcall function 00B59620: VerSetConditionMask.KERNEL32 ref: 00B5968B
Part of subcall function 00B59620: VerSetConditionMask.KERNEL32(00000000,?,00000001,00000003), ref: 00B59697
Part of subcall function 00B59620: VerSetConditionMask.KERNEL32(00000000,?,00000020,00000003,?,00000001,00000003), ref: 00B596A3
Part of subcall function 00B59620: VerifyVersionInfoW.KERNEL32(?,00000023,00000000), ref: 00B596C3

GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00B58D76
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B58DE7
GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00B58E0F
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00B58E1E
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B58E80
WaitForSingleObject.KERNEL32(?,-00000001), ref: 00B58F23
WaitForSingleObject.KERNEL32(?,-00000001), ref: 00B58F2A
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00B58F30
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B58F67
CloseHandle.KERNEL32(?), ref: 00B58F76
CloseHandle.KERNEL32(?), ref: 00B58F89

Part of subcall function 00C99540: _strlen.LIBCMT ref: 00C99550

Part of subcall function 00B591B0: UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00B58DC9), ref: 00B591D1
Part of subcall function 00B591B0: UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00B58DC9), ref: 00B591D9
Part of subcall function 00B591B0: UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00B58DC9), ref: 00B591E2
Part of subcall function 00B591B0: CloseHandle.KERNEL32(?,?,?,?,?,?,00B58DC9), ref: 00B59200
Part of subcall function 00B591B0: CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00B58DC9), ref: 00B5922E
Part of subcall function 00B591B0: CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00B58DC9), ref: 00B59258
Part of subcall function 00B591B0: CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00B58DC9), ref: 00B59282

Strings

..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 00B5900F, 00B5904E
Free, xrefs: 00B59014, 00B59053
CreateThread, xrefs: 00B590BB, 00B59101
CreateNamedPipe, xrefs: 00B59147, 00B59190
Run, xrefs: 00B59095, 00B590DB, 00B59121, 00B5916A
CloseHandle, xrefs: 00B59036, 00B59075
..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc, xrefs: 00B59090, 00B590D6, 00B5911C, 00B59165

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CloseHandle$ExclusiveLockWait$ConditionMaskReleaseUnregister$AcquireCompletionCreateObjectQueuedSingleStatusThread$InfoVerifyVersion_strlen
String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$CreateNamedPipe$CreateThread$Free$Run
API String ID: 2114208606-1806101671
Opcode ID: f8c087f14b0b09c963c8551ed83c1956382662cfc4cbd22a2d6c53f9c44970cf
Instruction ID: c4f80e89d4409eab6d91b13297651d5ea59e7993ff15278e50f618bd14f05c64
Opcode Fuzzy Hash: f8c087f14b0b09c963c8551ed83c1956382662cfc4cbd22a2d6c53f9c44970cf
Instruction Fuzzy Hash: 3AF1C2B1A04300AFC710DF25D885A2FB7E5EF99710F044AADF959A7291DB70ED08CB92

Function 00C35A50 Relevance: 34.1, APIs: 17, Strings: 2, Instructions: 887threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00C35A5E

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00C36038, 00C365C2
..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00C3603F, 00C365A4

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CurrentThread
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value
API String ID: 2882836952-3013800257
Opcode ID: 86805a442bde76b99fdd5d11783fa37d8d72a0f312fafe38587fc7a73995e2c3
Instruction ID: df748e9b6c6c9ca458bc2f341b188c69a2d9ff024c5920a838b6bd36249bc4a8
Opcode Fuzzy Hash: 86805a442bde76b99fdd5d11783fa37d8d72a0f312fafe38587fc7a73995e2c3
Instruction Fuzzy Hash: 69727C716083419FCB08CF28C49562AFBE6FBC8314F148A2EF899973A1D774D945DB92

Function 00BC5CA0 Relevance: 32.4, APIs: 14, Strings: 4, Instructions: 856COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00BC5F03
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BC5F40
TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 00BC5FE9
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?), ref: 00BC60E0
QueryPerformanceCounter.KERNEL32(?), ref: 00BC61B0
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BC61ED
AcquireSRWLockExclusive.KERNEL32(00000000), ref: 00BC622F

Strings

@KL, xrefs: 00BC62A2
..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00BC62E6
..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00BC6829
@KL, xrefs: 00BC6270

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireCounterPerformanceQueryUnothrow_t@std@@@__ehfuncinfo$??2@$Release
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value$@KL$@KL
API String ID: 2252595807-3005847224
Opcode ID: ae7047397741606f3c890c87edc8a9d7ceac8c847972929426144b9c22d6d911
Instruction ID: c250f049949eb2cc6c54a87138758a03871bd2c85c5fe2045c4f8468357bbda2
Opcode Fuzzy Hash: ae7047397741606f3c890c87edc8a9d7ceac8c847972929426144b9c22d6d911
Instruction Fuzzy Hash: 70726C71A047408FCB29CF14D494F6AB7E5FF98300F1589ADE8899B362D770E985CB92

Function 00BC8210 Relevance: 30.6, APIs: 20, Instructions: 595threadCOMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BC832D
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00BC8414
GetCurrentThreadId.KERNEL32 ref: 00BC8728
GetCurrentThreadId.KERNEL32 ref: 00BC8741
AcquireSRWLockExclusive.KERNEL32(?), ref: 00BC875A
GetCurrentThreadId.KERNEL32 ref: 00BC877E
GetCurrentThreadId.KERNEL32 ref: 00BC878F
GetCurrentThreadId.KERNEL32 ref: 00BC87A0
GetCurrentThreadId.KERNEL32 ref: 00BC87B1
GetCurrentThreadId.KERNEL32 ref: 00BC87C2
GetCurrentThreadId.KERNEL32 ref: 00BC87D3
GetCurrentThreadId.KERNEL32 ref: 00BC87E7
GetCurrentThreadId.KERNEL32 ref: 00BC87F9
GetCurrentThreadId.KERNEL32 ref: 00BC884F
GetCurrentThreadId.KERNEL32 ref: 00BC8860
GetCurrentThreadId.KERNEL32 ref: 00BC8879
GetCurrentThreadId.KERNEL32 ref: 00BC888A
GetCurrentThreadId.KERNEL32 ref: 00BC88A3
GetCurrentThreadId.KERNEL32 ref: 00BC88E7

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Acquire$Release
String ID:
API String ID: 1097530104-0
Opcode ID: 83992ba67610778cf923710383400d6de9ebef677fc69757c9883e37cb177411
Instruction ID: 0c65b9caa693b6257f2943150e218285db4ee901ee506156da619be559f6a7ec
Opcode Fuzzy Hash: 83992ba67610778cf923710383400d6de9ebef677fc69757c9883e37cb177411
Instruction Fuzzy Hash: B2322971E0461A8BDB18CF68C484BADF7F2FF98310F298599D859AB351DB30AD41CB91

Function 00C2A580 Relevance: 28.7, APIs: 10, Strings: 6, Instructions: 738COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00C2A5A5
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00C2A791
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00C2A8C7
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00C2AAAC
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00C2AAD5
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00C2AAF8
_strlen.LIBCMT ref: 00C2ACF0
AcquireSRWLockExclusive.KERNEL32(?), ref: 00C2AD5F

Strings

Histogram.BadConstructionArguments, xrefs: 00C2AF7C
..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00C2AF4F
Histogram.MismatchedConstructionArguments, xrefs: 00C2AF32
Histogram.TooManyBuckets.1000, xrefs: 00C2AED8
..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00C2AFF1
Blink.UseCounter, xrefs: 00C2AEE9

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$_strlen
String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000
API String ID: 1657474455-318544123
Opcode ID: 1569c55156513f31a61ce771fe9b7a6c587cc0e64bf424da32fbb22fc3096116
Instruction ID: 3ba212cbb03fe24537347b129897c487927663f013ec48557451809e40555b6f
Opcode Fuzzy Hash: 1569c55156513f31a61ce771fe9b7a6c587cc0e64bf424da32fbb22fc3096116
Instruction Fuzzy Hash: DB52F775E002258FDB14CF64EC81B6DB7B6BF85300F1580A9E819AB752DB319E85CF92

Function 00BCE600 Relevance: 27.2, APIs: 13, Strings: 2, Instructions: 984COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BCE850
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BCEB12
ReleaseSRWLockExclusive.KERNEL32(?,?,00000010,?,00004000,?,00000000), ref: 00BCEBD1

Part of subcall function 00BB8000: ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 00BB8170

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BCECEA
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00BCED75
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00BCE889

Part of subcall function 00BB8000: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BB8047

Strings

second, xrefs: 00BCF0F6, 00BCF176, 00BCF1CA, 00BCF24E, 00BCF2F8, 00BCF34A
first, xrefs: 00BCF0CF, 00BCF14D, 00BCF1A1, 00BCF225, 00BCF2CF, 00BCF323

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: first$second
API String ID: 17069307-3095674784
Opcode ID: 1cad28d77117ddf4feefd824aa0ae55c3a5b7e76f4121e28de2e162e83728a50
Instruction ID: 05bcb1ce1ece49444def7fe0764069d39e3c5f109b20aa5a55dd566d2e0280a0
Opcode Fuzzy Hash: 1cad28d77117ddf4feefd824aa0ae55c3a5b7e76f4121e28de2e162e83728a50
Instruction Fuzzy Hash: 4E82BE71A04741DFD718DF24C884B2AB7E2FF88314F1986ADE89A5B292D730ED45DB81

Function 00C00F50 Relevance: 23.5, APIs: 10, Strings: 3, Instructions: 777COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00C010B5
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00C0123C
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00C01372
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00C01508
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00C01534
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00C01557
AcquireSRWLockExclusive.KERNEL32(?), ref: 00C017D2
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00C01968

Strings

..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00C0190A
Histogram.MismatchedConstructionArguments, xrefs: 00C0192E
..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00C01994

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$Release$Acquire$_strlen
String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$Histogram.MismatchedConstructionArguments
API String ID: 576647242-1605627795
Opcode ID: e80ca80afbea15bde0d677995ed1bc15a8ec1c19cb31bc964ccc8a5ea3aef2c5
Instruction ID: 6efb802c022b94f3dbbff43cedccc701b106cb0999e69edb71db079359b41951
Opcode Fuzzy Hash: e80ca80afbea15bde0d677995ed1bc15a8ec1c19cb31bc964ccc8a5ea3aef2c5
Instruction Fuzzy Hash: FE52C271E002158FDB24CF64DC81BADF7B6BF85304F188169E91A9B392DB31AE51CB91

Function 00B59620 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 224pipeCOMMON

Download Yara Rule

APIs

VerSetConditionMask.KERNEL32 ref: 00B5968B
VerSetConditionMask.KERNEL32(00000000,?,00000001,00000003), ref: 00B59697
VerSetConditionMask.KERNEL32(00000000,?,00000020,00000003,?,00000001,00000003), ref: 00B596A3
VerifyVersionInfoW.KERNEL32(?,00000023,00000000), ref: 00B596C3
LocalFree.KERNEL32(?), ref: 00B597FF
CreateNamedPipeW.KERNEL32 ref: 00B5987A
SetLastError.KERNEL32(00000000), ref: 00B59915

Part of subcall function 00C382C8: AcquireSRWLockExclusive.KERNEL32(00D02800,000000C0,?,?,00BCFE69,00D12A10), ref: 00C382D3
Part of subcall function 00C382C8: ReleaseSRWLockExclusive.KERNEL32(00D02800,?,00BCFE69,00D12A10), ref: 00C3830D

Strings

BuildSecurityDescriptor, xrefs: 00B5994C
D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0), xrefs: 00B5974E
..\..\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc, xrefs: 00B598E8
LocalFree, xrefs: 00B598FA
ConvertStringSecurityDescriptorToSecurityDescriptor, xrefs: 00B598CF
..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc, xrefs: 00B598BD, 00B5993A

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ConditionMask$ExclusiveLock$AcquireCreateErrorFreeInfoLastLocalNamedPipeReleaseVerifyVersion
String ID: ..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc$..\..\third_party\crashpad\crashpad\util\win\scoped_local_alloc.cc$BuildSecurityDescriptor$ConvertStringSecurityDescriptorToSecurityDescriptor$D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0)$LocalFree
API String ID: 2435325764-909682083
Opcode ID: 921902b76745dc8da104d27832d2d0823a21fb36329b32275811b1b5cd2e8ca6
Instruction ID: b3bb2b307025df91ea656baba1b72ab5c632f611d9545c31185734b31faa7981
Opcode Fuzzy Hash: 921902b76745dc8da104d27832d2d0823a21fb36329b32275811b1b5cd2e8ca6
Instruction Fuzzy Hash: 608194B0A00314ABEB549F25DC49FBAB7F8FF45744F0081A9F908A7291DB745E48CBA1

Function 00B8C090 Relevance: 21.5, APIs: 7, Strings: 5, Instructions: 509COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32 ref: 00B8C0BF

Part of subcall function 00BF0030: GetLastError.KERNEL32 ref: 00BF00AC
Part of subcall function 00BF0030: SetLastError.KERNEL32(00000000), ref: 00BF00BA
Part of subcall function 00BF0030: SetLastError.KERNEL32(?), ref: 00BF017B

Part of subcall function 00B8C8B0: __aullrem.LIBCMT ref: 00B8C909
Part of subcall function 00B8C8B0: __aullrem.LIBCMT ref: 00B8C950
Part of subcall function 00B8C8B0: __aullrem.LIBCMT ref: 00B8C994

CreateEventW.KERNEL32(0000000C,00000000,00000000,00000000,?,?,00000000,?,?), ref: 00B8C20A
CreateEventW.KERNEL32(0000000C,00000000,00000000,00000000,?,?,00000000,?,?), ref: 00B8C215
CreateEventW.KERNEL32(0000000C,00000000,00000000,00000000,?,?,00000000,?,?), ref: 00B8C220
SetUnhandledExceptionFilter.KERNEL32(00C99C50,?,?,?,?,00000000,?,?), ref: 00B8C24A
AddVectoredExceptionHandler.KERNEL32(00000001,00BAB0D0,?,?,?,?,00000000,?,?), ref: 00B8C259

Part of subcall function 00C99540: _strlen.LIBCMT ref: 00C99550

Strings

CreateThread, xrefs: 00B8C6FB
CreateNamedPipe, xrefs: 00B8C67E
CreatePipe, xrefs: 00B8C65B
..\..\third_party\crashpad\crashpad\client\crashpad_client_win.cc, xrefs: 00B8C656, 00B8C6E9
\\.\pipe\crashpad_%lu_, xrefs: 00B8C0C6

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CreateErrorEventLast__aullrem$Exception$CurrentFilterHandlerProcessUnhandledVectored_strlen
String ID: ..\..\third_party\crashpad\crashpad\client\crashpad_client_win.cc$CreateNamedPipe$CreatePipe$CreateThread$\\.\pipe\crashpad_%lu_
API String ID: 2423010757-465946070
Opcode ID: 1b0c201c135b5c5613633187ec51a21385128f5dd081dc52bcebf7ded4c6cec7
Instruction ID: 7fea994d95d3fce0c48a30b9b501b65e9046aa9043359f9bf55f048e42658be3
Opcode Fuzzy Hash: 1b0c201c135b5c5613633187ec51a21385128f5dd081dc52bcebf7ded4c6cec7
Instruction Fuzzy Hash: 3212C5B0A00215DFDB10DF64D884BAABBF5FF49304F1485AAE409AB351E771E985CFA1

Function 00BC34F0 Relevance: 20.4, APIs: 5, Strings: 6, Instructions: 1193COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,F1645913), ref: 00BC39CB
ReleaseSRWLockExclusive.KERNEL32(?,?,?,F1645913), ref: 00BC3B6A

Strings

1U!S, xrefs: 00BC3C3B
..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00BC4AC5
1U!S, xrefs: 00BC3CBD
..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00BC4AB6
..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00BC4AD4
..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00BC4AE3

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$1U!S$1U!S
API String ID: 17069307-3107453488
Opcode ID: 3bdaadc36687d18b47585948d69f10a312894bd418fb9b918a7cd0339c7b13ae
Instruction ID: 405bd5adbb89f96381fb300c5dbe6a51f6ba5979554018edcd92756ccf933d21
Opcode Fuzzy Hash: 3bdaadc36687d18b47585948d69f10a312894bd418fb9b918a7cd0339c7b13ae
Instruction Fuzzy Hash: 11A28F71A002158FDB24CF24C890B6AB7F2FB95314F5985EDE84AAB345DB31AE81CF51

Function 00C019D0 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 342COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00C01D4F
Histogram.BadConstructionArguments, xrefs: 00C01DFC
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00C01D56
Histogram.MismatchedConstructionArguments, xrefs: 00C01DD6
Histogram.TooManyBuckets.1000, xrefs: 00C01D11
..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00C01E1F
Blink.UseCounter, xrefs: 00C01D22

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000
API String ID: 0-1285705324
Opcode ID: eaef6b5763284a85df28ae01885d7fdca6407ace2210a76aeb699a113c76d3e7
Instruction ID: 65eae021c2554f2fb92c709fca30cf4240779b80f325920cf9233837e04db6c5
Opcode Fuzzy Hash: eaef6b5763284a85df28ae01885d7fdca6407ace2210a76aeb699a113c76d3e7
Instruction Fuzzy Hash: 89C1A075E002099FCB15DFA5D885AAEF7B6FF88300F184029EC16A7391DB31AD06DB91

Function 00B425F0 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 271fileCOMMON

Download Yara Rule

APIs

CreateFileMappingW.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000), ref: 00B426B9
GetLastError.KERNEL32 ref: 00B426CA
SetLastError.KERNEL32(00000000), ref: 00B426F6
MapViewOfFile.KERNEL32(?,?,00000000,00000000,00000000), ref: 00B42754

Strings

GetHandleVerifier, xrefs: 00B42994
..\..\base\files\memory_mapped_file_win.cc, xrefs: 00B4262B, 00B42808
ScopedBlockingCall, xrefs: 00B429E3, 00B42A34
MapFileRegionToMemory, xrefs: 00B42630
MapImageToMemory, xrefs: 00B4280D

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorFileLast$CreateMappingView
String ID: ..\..\base\files\memory_mapped_file_win.cc$GetHandleVerifier$MapFileRegionToMemory$MapImageToMemory$ScopedBlockingCall
API String ID: 2231327692-1444722369
Opcode ID: 2bb420535d19eb4e98f23e50929890c61eb6d0ca7432a7aa47c5b9a0f964536b
Instruction ID: 4f265698c2f71e50f48ec1a20cc683e43ef3bd41a4f287c957e11e4004dd0c89
Opcode Fuzzy Hash: 2bb420535d19eb4e98f23e50929890c61eb6d0ca7432a7aa47c5b9a0f964536b
Instruction Fuzzy Hash: 87A101B16043409FC714DF24C885B3BB7E1FF89300F54896CF98A97291DBB0AA44EB92

Function 00C096F0 Relevance: 17.9, APIs: 4, Strings: 6, Instructions: 444COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00C09840
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00C09863
AcquireSRWLockExclusive.KERNEL32(?), ref: 00C09B51
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00C09CC4

Part of subcall function 00BC75E0: _strlen.LIBCMT ref: 00BC75FF

Strings

Histogram.BadConstructionArguments, xrefs: 00C09C33
Histogram.MismatchedConstructionArguments, xrefs: 00C09C4B
..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00C09C12
Histogram.TooManyBuckets.1000, xrefs: 00C09BD1
..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00C09C19
Blink.UseCounter, xrefs: 00C09BE2

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$_strlen
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$Blink.UseCounter$Histogram.BadConstructionArguments$Histogram.MismatchedConstructionArguments$Histogram.TooManyBuckets.1000
API String ID: 1657474455-1726409365
Opcode ID: f90b1da6ecbbcccdc37c1eff2110e45d67f9fa5e7736d9a4415f8bed0c1a4643
Instruction ID: 7a883ce26264a825ce37ab34c1f079b3621305718370d4837ee108d803a7405a
Opcode Fuzzy Hash: f90b1da6ecbbcccdc37c1eff2110e45d67f9fa5e7736d9a4415f8bed0c1a4643
Instruction Fuzzy Hash: 8FF1D471A042409FCB14DF28D88172EBBE5EF89710F15862DF99A9B392DB31DD41CB92

Function 00B491A0 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 393COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00C023D8,?,00B49152,?), ref: 00B491BB
SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00C023D8,?,00B49152), ref: 00B491C5
SetLastError.KERNEL32(?,?,?,000000FF,?,00000000), ref: 00B493FD
OutputDebugStringA.KERNEL32(?,?,?,000000FF,?,00000000), ref: 00B494DB

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00B49694
LOG_FATAL, xrefs: 00B496C7
..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00B494A2
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00B4969E
..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range, xrefs: 00B494A9

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$DebugOutputString
String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range$LOG_FATAL
API String ID: 2831144795-1052261432
Opcode ID: 013f00142fb3d1ff6e1db49b21d0067f9640e49a57f4f58b9e4736abfd060595
Instruction ID: 7911806214164395521793037f8c0e36afe9dc091fc3eed803905170d5137083
Opcode Fuzzy Hash: 013f00142fb3d1ff6e1db49b21d0067f9640e49a57f4f58b9e4736abfd060595
Instruction Fuzzy Hash: EDE1D2B0E002159FDF24DFA4D880AAFBBF4EF45314F144199E805A7382D771AE06EBA1

Function 00C8B3B0 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 352COMMON

Download Yara Rule

APIs

Part of subcall function 00C99A70: GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00C99AA7

SetUnhandledExceptionFilter.KERNEL32(00C8B8F0,?,?,?,?,?,?,00000001,00000000,?,--no-periodic-tasks,?,?,?), ref: 00C8B489

Strings

--monitor-self-annotation=%s=%s, xrefs: 00C8B7C4
--no-rate-limit, xrefs: 00C8B5D7
--monitor-self-argument=--monitor-self is not supported, xrefs: 00C8B451
..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00C8B8B3
--no-periodic-tasks, xrefs: 00C8B55C
--no-identify-client-via-url, xrefs: 00C8B512
..\..\third_party\crashpad\crashpad\handler\handler_main.cc, xrefs: 00C8B43F
--no-upload-gzip, xrefs: 00C8B62A
..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00C8B8BA

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExceptionFileFilterModuleNameUnhandled
String ID: --monitor-self-annotation=%s=%s$--monitor-self-argument=--monitor-self is not supported$--no-identify-client-via-url$--no-periodic-tasks$--no-rate-limit$--no-upload-gzip$..\..\third_party\crashpad\crashpad\handler\handler_main.cc$..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
API String ID: 3130446091-567612736
Opcode ID: 4233beb4fabba52054589f3c713f895af39a30905a3a2c7ab6e84395b8481051
Instruction ID: 5b6a8a036bdd247c81f4678edf7f63c6a8dbc7e84400b1f823bf166b330ac700
Opcode Fuzzy Hash: 4233beb4fabba52054589f3c713f895af39a30905a3a2c7ab6e84395b8481051
Instruction Fuzzy Hash: 20E19171D003689FEB25EB20CC41BAAB7B5BF55304F1481E9E40AB7291EB70AE85CF55

Function 00B52DC0 Relevance: 16.6, Strings: 13, Instructions: 305COMMON

Download Yara Rule

Strings

xr_compositing, xrefs: 00B5301A
gpu-process, xrefs: 00B52F8C
nacl-loader, xrefs: 00B531E7
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00B52FC1
no-sandbox, xrefs: 00B52DD8
type, xrefs: 00B52DFC
print_backend, xrefs: 00B53066
..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00B52FBA
icon_reader, xrefs: 00B5304F
service-sandbox-type, xrefs: 00B52E5C
screen_ai, xrefs: 00B53088
disable-gpu-sandbox, xrefs: 00B52FA4
pdf_conversion, xrefs: 00B5302E

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$disable-gpu-sandbox$gpu-process$icon_reader$nacl-loader$no-sandbox$pdf_conversion$print_backend$screen_ai$service-sandbox-type$type$xr_compositing
API String ID: 0-1105528107
Opcode ID: 55dcaa7152965538cab80097802940ed1967491cbb92de771d6e51be41bea555
Instruction ID: 5fb96ecad7f39e219eac5291ccdefbc4eeac933da16e1680b8c2a8b35d51e003
Opcode Fuzzy Hash: 55dcaa7152965538cab80097802940ed1967491cbb92de771d6e51be41bea555
Instruction Fuzzy Hash: 42A18F31A0539297E7114B35E8D2B3A77F0EF46741F2486F9EC4A772C0EB249A5DE290

Function 00BCC7A0 Relevance: 16.3, APIs: 7, Strings: 2, Instructions: 570COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 00BCC98D
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00BCCA68
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BCCAB6
ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 00BCCBF3
TryAcquireSRWLockExclusive.KERNEL32(00000000), ref: 00BCCC2C
ReleaseSRWLockExclusive.KERNEL32(?,?,00000010,?,00004000,FFFFFFFF,00000000), ref: 00BCCCDE

Part of subcall function 00B4D400: TlsSetValue.KERNEL32(00000000,00000000,00000348,00000000,00000000,00000000,?,?,00B4D91D), ref: 00B4D485

Strings

second, xrefs: 00BCCE6D, 00BCCF06, 00BCCF70
first, xrefs: 00BCCE44, 00BCCE98, 00BCCEDD, 00BCCF47

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$Value
String ID: first$second
API String ID: 3402380315-3095674784
Opcode ID: 318a44e1c5f5dfdd85fea7d70925596854f512f1e49df9932436fb6bcfa29262
Instruction ID: d4bf350dd7afcfc5bcafa60ed8ed96827257178d8e94c7809d1cf603578e0636
Opcode Fuzzy Hash: 318a44e1c5f5dfdd85fea7d70925596854f512f1e49df9932436fb6bcfa29262
Instruction Fuzzy Hash: 8A32BE756047429FC708DF28C480B2ABBE1FF99314F1886ADF9999B291D731EC45DB82

Function 00C05ED0 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 371threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00C06354
GetCurrentThreadId.KERNEL32 ref: 00C06365
GetCurrentThreadId.KERNEL32 ref: 00C06376
GetCurrentThreadId.KERNEL32 ref: 00C06387
GetCurrentThreadId.KERNEL32 ref: 00C063B1
GetCurrentThreadId.KERNEL32 ref: 00C063C2
GetCurrentThreadId.KERNEL32 ref: 00C063D3

Strings

delayed, xrefs: 00C05FF9
immediate, xrefs: 00C06031

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CurrentThread
String ID: delayed$immediate
API String ID: 2882836952-2874976446
Opcode ID: 13554cb2e658aa4cef631eb6b348674693987a68e6983c6a0a95c846d42b4684
Instruction ID: cf4931f9014a5694a90e883dc608062ced8d0430d59a9ea34d86161b879e6e87
Opcode Fuzzy Hash: 13554cb2e658aa4cef631eb6b348674693987a68e6983c6a0a95c846d42b4684
Instruction Fuzzy Hash: E3E12871904B818FD324CF38C454766BBE1BF95314F198A5ED0AE8B3A2EB30E955CB91

Function 00B41F90 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 117threadlibraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00B42130: GetCurrentThreadId.KERNEL32 ref: 00B42145
Part of subcall function 00B42130: TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00B41E30,?,?,00B41FBD,00B41E30,?,?,00B41E30), ref: 00B4214F

GetCurrentThread.KERNEL32 ref: 00B42026
IsDebuggerPresent.KERNEL32(00B41E30,?,?,00B41E30,?), ref: 00B4204E
GetModuleHandleW.KERNEL32(Kernel32.dll,00B41E30,?,?,00B41E30,?), ref: 00B4208D
GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 00B42099
GetCurrentThreadId.KERNEL32 ref: 00B42105

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00B420E5
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00B420EC
SetThreadDescription, xrefs: 00B42093
Kernel32.dll, xrefs: 00B42088

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CurrentThread$AcquireAddressDebuggerExclusiveHandleLockModulePresentProc
String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Kernel32.dll$SetThreadDescription
API String ID: 2807427228-2817593401
Opcode ID: ee66b39ee3416d9e11d3d4ece4e4daa79c24e486cfb7245a46a641ade34fe74a
Instruction ID: f17510dc7b46139d4d0d0ac1af793b26cc8f0318305ae1af26ebc44e4dd51595
Opcode Fuzzy Hash: ee66b39ee3416d9e11d3d4ece4e4daa79c24e486cfb7245a46a641ade34fe74a
Instruction Fuzzy Hash: D4413BB1E00211ABDB10EB24EC45B3EB7E4EB04B50F448065F90AE7391DB75AE05F7A2

Function 00BC27F0 Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 423COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00C02818,?), ref: 00BC280D
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00C02818,?), ref: 00BC2985
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00C02818,?), ref: 00BC2BDF
__floor_pentium4.LIBCMT ref: 00BC2CE3

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00BC2C98
..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00BC2C70
..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00BC2C84

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release__floor_pentium4
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds
API String ID: 1376758062-4090480336
Opcode ID: 77b9906adc93331dd066ad12aaa53deeb31e87948c1dd21fe276ac7734ab7c77
Instruction ID: d1bae186a8b6cc0ff859923c157d05d5e2e3b103f0079e5c4e11bf75e3b591c0
Opcode Fuzzy Hash: 77b9906adc93331dd066ad12aaa53deeb31e87948c1dd21fe276ac7734ab7c77
Instruction Fuzzy Hash: 8CF15D71A046198BCB18DF69C481B6EB7F2FF99310F18866DE846EB344D731AC81DB91

Function 00C815D0 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 154windowCOMMON

Download Yara Rule

APIs

FormatMessageW.KERNEL32(00001300,00000000,00C81859,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 00C815FB
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,00C81859,?,?), ref: 00C81605

Part of subcall function 00BF0030: GetLastError.KERNEL32 ref: 00BF00AC
Part of subcall function 00BF0030: SetLastError.KERNEL32(00000000), ref: 00BF00BA
Part of subcall function 00BF0030: SetLastError.KERNEL32(?), ref: 00BF017B

LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00C81662

Strings

Error (0x%lX) while retrieving error. (0x%lX), xrefs: 00C8160D
..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00C8177C
..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00C8176E
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00C81775
(0x%lX), xrefs: 00C81673

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$FormatFreeLocalMessage
String ID: (0x%lX)$..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Error (0x%lX) while retrieving error. (0x%lX)
API String ID: 2740663437-2412322823
Opcode ID: 3f8dfd87fe6a0202fb06c346db92092b208c5cbb2711853ca7b39929cdbbf28e
Instruction ID: 8b327e6f4da35dae8058ce0a98e3a7a9de10079bf45b8c10d716dfe1e845931b
Opcode Fuzzy Hash: 3f8dfd87fe6a0202fb06c346db92092b208c5cbb2711853ca7b39929cdbbf28e
Instruction Fuzzy Hash: 6A4192B1E002596FDB01EFA1DC85BBFB7BCAF49704F184029F805B6151E670AA458765

Function 00B4CFF0 Relevance: 13.6, APIs: 9, Instructions: 129threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00B4D046
GetThreadPriority.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00B4D049
GetCurrentThread.KERNEL32 ref: 00B4D053
SetThreadPriority.KERNEL32(00000000,00000002,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B4D058
QueryPerformanceCounter.KERNEL32(?), ref: 00B4D0B6
GetCurrentThread.KERNEL32 ref: 00B4D0C1
SetThreadPriority.KERNEL32(00000000,?), ref: 00B4D0CC
QueryPerformanceFrequency.KERNEL32(?), ref: 00B4D0DA
QueryPerformanceCounter.KERNEL32(?), ref: 00B4D1D4

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: Thread$CurrentPerformancePriorityQuery$Counter$Frequency
String ID:
API String ID: 2845919953-0
Opcode ID: d1e7e6418b735ab45b45cae0299efdd01c68012020589cc8265652af283f45f1
Instruction ID: 07d79824ae5dd2d1866a0763b693209d8b32d20836f9472cf27d845020943885
Opcode Fuzzy Hash: d1e7e6418b735ab45b45cae0299efdd01c68012020589cc8265652af283f45f1
Instruction Fuzzy Hash: 8D516DB59047009FC311DF34E85572ABBF4FF99750F108A1AE889A3361DB31A945DB62

Function 00BC2DA0 Relevance: 12.8, APIs: 6, Strings: 1, Instructions: 575COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,00000000,?,00BC77EB,00000000,00000000), ref: 00BC2DDD
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,00BC77EB,00000000,00000000), ref: 00BC3059
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,00BC77EB,00000000,00000000), ref: 00BC30A9
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,00BC77EB,00000000,00000000), ref: 00BC30D3
__floor_pentium4.LIBCMT ref: 00BC310E
__floor_pentium4.LIBCMT ref: 00BC3412

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00BC33A1

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease__floor_pentium4
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
API String ID: 1764334464-2888085009
Opcode ID: c1d499c4cbe9b65758d5d9e049deaa1170118a8fc362e46a4edb1bd11814d6f4
Instruction ID: f2febd0d1f1f7df7924bca4f3c354b6209360454672a6f5f663d5babf6a54299
Opcode Fuzzy Hash: c1d499c4cbe9b65758d5d9e049deaa1170118a8fc362e46a4edb1bd11814d6f4
Instruction Fuzzy Hash: 7B22B071B006058FCB18CF69C880B6EB7F2FF89710B59C5ADE456EB354D731A9818B91

Function 00B4D620 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 419COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 00B4D6D0
ReleaseSRWLockExclusive.KERNEL32(00000002), ref: 00B4D73F

Part of subcall function 00BB8000: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BB8047

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,AF000000,?,00C9D674), ref: 00B4D769
TryAcquireSRWLockExclusive.KERNEL32(00000040), ref: 00B4D9A2
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B4DA63

Strings

second, xrefs: 00B4DAAD, 00B4DB01, 00B4DB9F
first, xrefs: 00B4DA84, 00B4DAD8, 00B4DB76

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: first$second
API String ID: 17069307-3095674784
Opcode ID: 96d40bcb96db1aa63338980683700cfc5d8d24dcab2662f1308470e7b997325a
Instruction ID: 7f2d103680f8ed03be1692db94270c5dde14c903619f0a33839d4ccc37b50690
Opcode Fuzzy Hash: 96d40bcb96db1aa63338980683700cfc5d8d24dcab2662f1308470e7b997325a
Instruction Fuzzy Hash: 50F1D1756043419FD718DF28C884A2AB7E2FF88324F15896DF599872A2D730EA45DB41

Function 00B8F4C0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 357COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00B8F8DF
..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00B8F8D8
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00B8F8E6

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
API String ID: 0-2665691617
Opcode ID: c11aa15b4353b56ddfe2e2589fad7a58d3b9446cfe92440c5ea924d15d67671b
Instruction ID: 36b39d1cc2d3c28e6a8d9112a37eef56d468cef64d1ff35f45ed561f52eaf797
Opcode Fuzzy Hash: c11aa15b4353b56ddfe2e2589fad7a58d3b9446cfe92440c5ea924d15d67671b
Instruction Fuzzy Hash: 24D18FB0A003029FDB10AF25D885736BBE1FF55304F1489BDE84A9B3A2E771E855DB91

Function 00C8B990 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 346COMMON

Download Yara Rule

APIs

K32GetPerformanceInfo.KERNEL32(00000000,00000038,00000000,00000000), ref: 00C8BA5A
K32GetProcessMemoryInfo.KERNEL32(00000000,?,0000002C), ref: 00C8BC23
GetProcessHandleCount.KERNEL32(00000000,?,00000000,?,0000002C), ref: 00C8BC5E

Part of subcall function 00B96E50: DeleteProcThreadAttributeList.KERNEL32(?,-00000008,?,00C8BD42,?,?,00000008,00000010,?,?), ref: 00B96E5E

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00C8B9EB
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00C8B9E4
--monitor-self, xrefs: 00C8B9CC
..\..\third_party\libc++\src\include\vector:618: assertion !empty() failed: front() called on an empty vector, xrefs: 00C8BD01

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: InfoProcess$AttributeCountDeleteHandleListMemoryPerformanceProcThread
String ID: --monitor-self$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$..\..\third_party\libc++\src\include\vector:618: assertion !empty() failed: front() called on an empty vector
API String ID: 861771794-1135451261
Opcode ID: da0963c2a87738a4f98be5bbd7e41599919407398cf4f93b6de3da1efe080515
Instruction ID: 5e525f00e7b753f89fe543632619c4ca1ac27c97ab7822782460e5c885418511
Opcode Fuzzy Hash: da0963c2a87738a4f98be5bbd7e41599919407398cf4f93b6de3da1efe080515
Instruction Fuzzy Hash: 75C1F071E006149FCB14EF78D885AAEBBF4AF84314B144269E855EB352EB74EE01CB90

Function 00C606AA Relevance: 12.0, APIs: 2, Strings: 4, Instructions: 1483COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00C608C1
GetStringTypeW.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 00C61CA3

Strings

1#SNAN, xrefs: 00C607B6
1#QNAN, xrefs: 00C607BD
1#IND, xrefs: 00C607AF
1#INF, xrefs: 00C607E0

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: StringType__floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 2638037228-2761157908
Opcode ID: 9ef3527ea97f3bfe6d1d7ca26be690957bf86658ecbb481be0876fdd4c651b1a
Instruction ID: 70b7378eb270dc6fe423400d1d6d5ca8886178219dbdac99c6043d099252bb89
Opcode Fuzzy Hash: 9ef3527ea97f3bfe6d1d7ca26be690957bf86658ecbb481be0876fdd4c651b1a
Instruction Fuzzy Hash: 67D22771E082298FDB75CE28DD807EAB7B5EB44305F1841EAD85DE7240EB74AE858F41

Function 00C07A30 Relevance: 11.3, APIs: 2, Strings: 4, Instructions: 805COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00C07E67
__floor_pentium4.LIBCMT ref: 00C0851D

Strings

..\..\third_party\perfetto\include\perfetto\tracing\track_event_interned_data_index.h, xrefs: 00C08486
..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00C084B0
%s (errno: %d, %s), xrefs: 00C0849A
PERFETTO_CHECK(false), xrefs: 00C08495

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: __floor_pentium4
String ID: %s (errno: %d, %s)$..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\perfetto\include\perfetto\tracing\track_event_interned_data_index.h$PERFETTO_CHECK(false)
API String ID: 4168288129-2023842766
Opcode ID: 43c9dc76703e68858151482a25da161925a7f5e702e5e3e42b0d13e7eed8f324
Instruction ID: 1d939bce8dbf7d07fe3a8a145e1a16290172a9e01c8bf1003680af7c60123f06
Opcode Fuzzy Hash: 43c9dc76703e68858151482a25da161925a7f5e702e5e3e42b0d13e7eed8f324
Instruction Fuzzy Hash: 6A723B71E046198FDB29CF65C8807ADB7B2BF48314F188669D86AA7391D730BE85CF50

Function 00C085F0 Relevance: 9.5, APIs: 2, Strings: 3, Instructions: 750COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00C08741
_strlen.LIBCMT ref: 00C0889B

Strings

..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00C08E65
", xrefs: 00C08617
..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00C08E5E

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: "$..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr
API String ID: 4218353326-3931686229
Opcode ID: e84f9f16a3674e3d7731e2c861727212473e11fd19f3bf4fdf79f052699d34bc
Instruction ID: 1aefcbf1ca1a6f9733105b1fbcb854cf79c34d6e6ba35f8b15e99088346cd9bc
Opcode Fuzzy Hash: e84f9f16a3674e3d7731e2c861727212473e11fd19f3bf4fdf79f052699d34bc
Instruction Fuzzy Hash: 69624975E002059FCB14CF69D4809ADFBF6BF88314B29C569E859AB391DB31AD06CF90

Function 00BDA8A0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 395threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00BDAC98

Strings

..\..\third_party\libc++\src\include\vector:1557: assertion __first <= __last failed: vector::erase(first, last) called with invalid range, xrefs: 00BDACEF
..\..\third_party\libc++\src\include\vector:1539: assertion !empty() failed: vector::pop_back called on an empty vector, xrefs: 00BDA964
..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00BDA955, 00BDAA01, 00BDACA9
..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00BDA973, 00BDACFE

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CurrentThread
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$..\..\third_party\libc++\src\include\vector:1539: assertion !empty() failed: vector::pop_back called on an empty vector$..\..\third_party\libc++\src\include\vector:1557: assertion __first <= __last failed: vector::erase(first, last) called with invalid range
API String ID: 2882836952-3981179074
Opcode ID: 9eb3f27bf3b65942e0784e70c38e70d50e0847ea61cf5c3f5041b1ed70628b7b
Instruction ID: efa921b0c359f0e8552f209b852c3f99ccc14d5604e05f30ea9810467bc5f127
Opcode Fuzzy Hash: 9eb3f27bf3b65942e0784e70c38e70d50e0847ea61cf5c3f5041b1ed70628b7b
Instruction Fuzzy Hash: C5D19575B006058FCB24CF69C981A6EF7F2FB88310B29856ED45A97345EB70EC41CB92

Function 00B78100 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 316COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00B78191

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00B78404
..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00B783FD
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00B7840B
GenuineIntel, xrefs: 00B78259

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$GenuineIntel
API String ID: 4218353326-3642438641
Opcode ID: 7240032dac49d8cf8dfac050245c97c0e22e25edd97164fafdd7024adfed9bd5
Instruction ID: 178560617639919c4cf8a8c96a4c68ed1d8f881c0feff2244e2b5e6078d66261
Opcode Fuzzy Hash: 7240032dac49d8cf8dfac050245c97c0e22e25edd97164fafdd7024adfed9bd5
Instruction Fuzzy Hash: 2DB11371E047458FDB18CF69C4853AEBBF0EB18304F14896EE89AE7782CA75E905CB54

Function 00C024F0 Relevance: 8.1, Strings: 6, Instructions: 635COMMON

Download Yara Rule

Strings

1U!S, xrefs: 00C028EA
..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00C02C70
1U!S, xrefs: 00C0287A
..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00C02C61
..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00C02C91
..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00C02CA0

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds$1U!S$1U!S
API String ID: 4218353326-3107453488
Opcode ID: 2c41d5de444105b7586c087a02a412f2e07b2b60fd8ab91d68f47204e3f18092
Instruction ID: 72c402f887d172d72a0b20bed56f48724d89cfefb727c8ca1bb7fc51c46d82c4
Opcode Fuzzy Hash: 2c41d5de444105b7586c087a02a412f2e07b2b60fd8ab91d68f47204e3f18092
Instruction Fuzzy Hash: 0A32A571E002159FDB14CF94C888AAEB7F2FF84314F598159E81AAB385D731ED42DB91

Function 00B632E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 347threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00B63415
TryAcquireSRWLockExclusive.KERNEL32 ref: 00B6341E
ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 00B635C9

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00B633E3

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
API String ID: 135963836-2888085009
Opcode ID: cf48970ab2e3e0416d3486cfbd7aced497a067b4f0d96707b24b21ba6cf1587b
Instruction ID: 5a6c972d698024bec87e995ab233d1ff5f2635f9e789129dd63826acf4f84302
Opcode Fuzzy Hash: cf48970ab2e3e0416d3486cfbd7aced497a067b4f0d96707b24b21ba6cf1587b
Instruction Fuzzy Hash: 80C18E71B042149FCB18CF58D88096DB7F2FF99B10B2885A9E81ADB351DB35EE41CB91

Function 00C07470 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 346COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00C07829

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00C077DE
..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00C077CA

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: __floor_pentium4
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds
API String ID: 4168288129-3188225135
Opcode ID: 3ad471a00ca4e07da06a74ad19350569ce752fa8a16b743ecbdb7ff2b8efaef9
Instruction ID: 1bc2a00070b077cc8831c2862bc4b014e6cc9cddc717968ea8721ff04fd1d734
Opcode Fuzzy Hash: 3ad471a00ca4e07da06a74ad19350569ce752fa8a16b743ecbdb7ff2b8efaef9
Instruction Fuzzy Hash: 43D18F70E186098FCB19DF69C89166EB7F2BF89310B18C729D456AB384E731BD81CB51

Function 00C412B0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f01260ebf20ca4b73e21e52b5d13809ae3c27eb3958df16668cd88b0e5e7c6e
Instruction ID: c6693aa3f6811fc6177c077d6c247003589a3edb31cefe86302e4f1be8c616df
Opcode Fuzzy Hash: 3f01260ebf20ca4b73e21e52b5d13809ae3c27eb3958df16668cd88b0e5e7c6e
Instruction Fuzzy Hash: FD023D75E012199BDF14CFA9C8806EEBBF1FF48314F298269E959E7340D731AA41CB90

Function 00C01E40 Relevance: 6.4, APIs: 4, Instructions: 442COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00C01F8D
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00C020A6

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID:
API String ID: 17069307-0
Opcode ID: c701c8874271158fd068f507da049c11b80376b658da99435b297075f35e20e1
Instruction ID: 601e6af7508256dc26a3c582be98c7ddef4e99763b1cc3141597e6b788b411c3
Opcode Fuzzy Hash: c701c8874271158fd068f507da049c11b80376b658da99435b297075f35e20e1
Instruction Fuzzy Hash: 89F1EA71E002158BDB14CFA4C8847ADF7B6BF85314F698529EC29AB3D5D731AE41CB90

Function 00C1B380 Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 585COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00C1B87B

Strings

0, xrefs: 00C1B768
0, xrefs: 00C1B95D

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: 0$0
API String ID: 4218353326-203156872
Opcode ID: 6226a328a1df41d177d3c12c6b96ee2a6aeda4b34c1e5601756050cd7f4f5f6f
Instruction ID: 3a81364740e77c0b2d931af448ba0b7b72b3233ba8c14b6dce19ed360866c8f1
Opcode Fuzzy Hash: 6226a328a1df41d177d3c12c6b96ee2a6aeda4b34c1e5601756050cd7f4f5f6f
Instruction Fuzzy Hash: 2832D071904741CFC724CF29C480A9AB7E5BF9A304F248A5DE8A987361E771ED85DF81

Function 00BD4E10 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 517COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00BD4FD9
__floor_pentium4.LIBCMT ref: 00BD53CE

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00BD52E7

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: __floor_pentium4
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
API String ID: 4168288129-2888085009
Opcode ID: ac7fac0b5b8c4070341e31274d7b29ee2802d44a2ac20e064dfb010ee614d16d
Instruction ID: 8ebdacf8a9bb62583dfbb132e89ef58c844851af235abd8c49b4882c7929844c
Opcode Fuzzy Hash: ac7fac0b5b8c4070341e31274d7b29ee2802d44a2ac20e064dfb010ee614d16d
Instruction Fuzzy Hash: 0B12C271B14A058FCB28CF69C8916ADF7F2EF99310B28C5AAD446EB350E731AC45CB50

Function 00B75C50 Relevance: 5.2, Strings: 4, Instructions: 186COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00B75E22
null, xrefs: 00B75DFF
true, xrefs: 00B75DB3
false, xrefs: 00B75DB8, 00B75DC8

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ___std_exception_destroy
String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$false$null$true
API String ID: 4194217158-3559124831
Opcode ID: b8e0e0314ada294bae40195a5e1237086dfcd58789e2ab929839e003b16d314d
Instruction ID: dc66188fd363b48d2f2681be921ebe4f7b98587517d3208b0c0d05c41a8cdcfa
Opcode Fuzzy Hash: b8e0e0314ada294bae40195a5e1237086dfcd58789e2ab929839e003b16d314d
Instruction Fuzzy Hash: 23517B70B046458FDB209F24C886BAE7BE0EF55304F18C4BCE55E9B392D6B0E901D7A1

Function 00C03B10 Relevance: 4.6, APIs: 3, Instructions: 87COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32(?), ref: 00C03B9D
GetProductInfo.KERNEL32(?,?,00000000,00000000,?), ref: 00C03BB4

Part of subcall function 00C382C8: AcquireSRWLockExclusive.KERNEL32(00D02800,000000C0,?,?,00BCFE69,00D12A10), ref: 00C382D3
Part of subcall function 00C382C8: ReleaseSRWLockExclusive.KERNEL32(00D02800,?,00BCFE69,00D12A10), ref: 00C3830D

GetNativeSystemInfo.KERNEL32(00D0440C), ref: 00C03C41

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveInfoLock$AcquireNativeProductReleaseSystemVersion
String ID:
API String ID: 1555125601-0
Opcode ID: dd639a82711c0a9929b0b9642ab109a963dfd4e22ed4062e0a28c0fb744a9976
Instruction ID: b026efba04270453aad5cffad7894d481e6e39cb8b9e4b21cc43c1d9ae1045e3
Opcode Fuzzy Hash: dd639a82711c0a9929b0b9642ab109a963dfd4e22ed4062e0a28c0fb744a9976
Instruction Fuzzy Hash: 223106F19002049FD720DB54FC85FAA77A4FB49B18F048225F60D87391D7B1AD15CBA2

Function 00C54F36 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00C5502E
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00C55038
UnhandledExceptionFilter.KERNEL32(-000002A3,?,?,?,?,?,?), ref: 00C55045

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: f844fd69d1e548fcfbe20a01c853fa4db78aa667af96e82a41b6680bb721b15d
Instruction ID: 3ab036e1308d9839e1500acd05f2c091353842a19de3c06d8418426f3065fd7b
Opcode Fuzzy Hash: f844fd69d1e548fcfbe20a01c853fa4db78aa667af96e82a41b6680bb721b15d
Instruction Fuzzy Hash: E831D57491122C9BCB21DF68D8887DDB7B8AF48310F5041EAE41DA72A0EB709F85CF45

Function 00C10860 Relevance: 4.3, Strings: 3, Instructions: 506COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00C10D90
..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00C10E74
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00C10D9F

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
API String ID: 0-3267226576
Opcode ID: fe91eb7032e9f6e82cc1cd61aa37e65d6b53f7674470adfbb0c3a776839b9fe4
Instruction ID: 57e438668203345a59a7dc7ec795938417ff6d02a9a1ce0874550da9592144f0
Opcode Fuzzy Hash: fe91eb7032e9f6e82cc1cd61aa37e65d6b53f7674470adfbb0c3a776839b9fe4
Instruction Fuzzy Hash: C7120671A042568FDB14CF55C8916EEBBA2FF86300F398269D8556B382C770E9C2DBD1

Function 00C02D40 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 439COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00C02D80

Strings

..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00C03237

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length
API String ID: 4218353326-3542035028
Opcode ID: ed8c6a19efdd606440f04a0f76bcb833c21fc19bd846fd8d643e2d65dff67941
Instruction ID: 37fb5f2bc50c1340bcb3cb3f2e355a96fd8b5d7707d4b34de44d82afccbe8146
Opcode Fuzzy Hash: ed8c6a19efdd606440f04a0f76bcb833c21fc19bd846fd8d643e2d65dff67941
Instruction Fuzzy Hash: 6EF1EFB0E002458FDB14CF68D889A69BBF4FF48304F14466DE85A9F382E770EA51CB91

Function 00BC5720 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 438COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00BC5760

Strings

..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00BC5C31

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length
API String ID: 4218353326-3542035028
Opcode ID: f86f262d07727e7614c89b6e2a0dee9e00bfe5f951691d2e623ea7e8500cf932
Instruction ID: 05eeb7462bc189e8fa006aa438dab10e10589f16a1609c7187596eb85b3bbb8a
Opcode Fuzzy Hash: f86f262d07727e7614c89b6e2a0dee9e00bfe5f951691d2e623ea7e8500cf932
Instruction Fuzzy Hash: 84F17FB0A00B059FDB24CF28D885B69BBE5FF49304F15469DE84A9B742E770F891CB91

Function 00B64520 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 155COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00B64562

Strings

..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00B64632

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length
API String ID: 4218353326-3542035028
Opcode ID: ba81d7d5f6374688ff5970d8beaf65a20c453b8bb24d62d1f4627ff0a4fc6d04
Instruction ID: e8dac21a08f2a2c1b7dd06c08cc5d4b6ebddc36a7c094cba1cdcb336f566a618
Opcode Fuzzy Hash: ba81d7d5f6374688ff5970d8beaf65a20c453b8bb24d62d1f4627ff0a4fc6d04
Instruction Fuzzy Hash: 7641AFB0E103095FD714DF29A841A6BB7A4FF99304B14863EF809DB342EB70A9449BD1

Function 00BD5620 Relevance: 3.0, Strings: 2, Instructions: 515COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00BD5AE1
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00BD5AE8

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
API String ID: 4218353326-2500828650
Opcode ID: c39ea7fde49b09d3b801bb976fe02e25dced2a482f1a1f0d1a2e66d6492fd182
Instruction ID: 6ce416826df507ab43a89ca904db1584e09902215d6ea3c11c749559792d8b37
Opcode Fuzzy Hash: c39ea7fde49b09d3b801bb976fe02e25dced2a482f1a1f0d1a2e66d6492fd182
Instruction Fuzzy Hash: E012D671A00A558FDB24CF54C8906AEF7F2FF84314F2985ABD8569B391E731E902DB90

Function 00BC8F20 Relevance: 2.8, Strings: 2, Instructions: 329COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00BC92C2
..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00BC92B3

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: ..\..\third_party\libc++\src\include\optional:800: assertion this->has_value() failed: optional operator* called on a disengaged value$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
API String ID: 0-1100549160
Opcode ID: 8ea906269ea155f6f7b38cd7d924227919b188562da020e29cf56266822b50b5
Instruction ID: 50400bf4fbe4f53af7e63194fb84d22177bfb81c2f9774a445f4aabc7f42dcd3
Opcode Fuzzy Hash: 8ea906269ea155f6f7b38cd7d924227919b188562da020e29cf56266822b50b5
Instruction Fuzzy Hash: 1ED12975A083119FD714CF14C484A1ABBE2FFC8724F158AADE8996B355C771EC45CB82

Function 00BEBFC0 Relevance: 2.8, Strings: 2, Instructions: 312COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00BEC319
..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00BEC328

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
API String ID: 0-112411280
Opcode ID: 7c05b15f012aa0c68e14f4c670a7bcd6d735d409c0c8db905d2dc42e703d14b6
Instruction ID: 63483681993ca83be85cfb99f76631693558a2126b60f522d9961a8f5db2dd2e
Opcode Fuzzy Hash: 7c05b15f012aa0c68e14f4c670a7bcd6d735d409c0c8db905d2dc42e703d14b6
Instruction Fuzzy Hash: 05C12530E147958FC3168F39C85126AFBE1EFDA354F05C31EE9967B691E730A8428780

Function 00C08EA0 Relevance: 2.0, Strings: 1, Instructions: 716COMMON

Download Yara Rule

Strings

__next_prime overflow, xrefs: 00C096DE

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: __next_prime overflow
API String ID: 0-822664188
Opcode ID: 9ae504156c68d1a00452bb21bf06b2460d50f84a0b6f3faa8ac4d0ffdf75de61
Instruction ID: 316299d41c554e26dea4be205c679681f2fbed533c842913165c5ed5325cb1ec
Opcode Fuzzy Hash: 9ae504156c68d1a00452bb21bf06b2460d50f84a0b6f3faa8ac4d0ffdf75de61
Instruction Fuzzy Hash: 54224935B001274BCB1CCA6DCCE05AEB293EBD9244B28C176D46AD7396FD31DD8AC694

Function 00C5EDA5 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00C5ED00,?,?,00000008,?,?,00C626ED,00000000), ref: 00C5EFD2

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 9b8e7e6b1e83950aa4f52b65f5f5d61a21a8e47db3e0d2f5d5e407608fc62f9a
Instruction ID: d39b6f95d6d5178ad179ff8a3b90e4cdcdbab7e9a61e48161fc5d0327fb899a3
Opcode Fuzzy Hash: 9b8e7e6b1e83950aa4f52b65f5f5d61a21a8e47db3e0d2f5d5e407608fc62f9a
Instruction Fuzzy Hash: 4CB14C351106089FD719CF28C48AB657BE0FF45365F29865CE8A9CF2E2C735EA86CB44

Function 00C1A7C0 Relevance: 1.6, Strings: 1, Instructions: 392COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00C1AC35

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: ..\..\third_party\libc++\src\include\vector:1418: assertion __n < size() failed: vector[] index out of bounds
API String ID: 0-1033426729
Opcode ID: bedf9419892b721b0b5e28b43b5af786f15b1f01f10646ab1d3a22b86ad1063a
Instruction ID: 911f63cce5498c0ad7c1dd108950ec52f1f507e3ac794049b0939a4ea6161f73
Opcode Fuzzy Hash: bedf9419892b721b0b5e28b43b5af786f15b1f01f10646ab1d3a22b86ad1063a
Instruction Fuzzy Hash: CCC1C731F02215CFDB34DE6884D05ADB3A2BF86310B2A857AC5755B391D6329DC2EAD3

Function 00C0C390 Relevance: 1.6, Strings: 1, Instructions: 355COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00C0C755

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
API String ID: 0-2233721302
Opcode ID: b0092867af8b5a540eb21469feb8cbc1482db00d0cd516a5b1b779b0e7d1e402
Instruction ID: 93f316815063ffb08e55a57d8bccf10a4f0572c7463879bee2ca914b2b8d740b
Opcode Fuzzy Hash: b0092867af8b5a540eb21469feb8cbc1482db00d0cd516a5b1b779b0e7d1e402
Instruction Fuzzy Hash: D3E11876A083119FC714CF19C5C0A1AF7E2BB88720F1A8A6DE89967355C770FD45CB92

Function 00BC6950 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00BC6C73

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
API String ID: 0-2233721302
Opcode ID: 2603f9b2c21f4b9e6d8ce07cf50baa83c28a4f79657b982ae188efcd151efa80
Instruction ID: 7fc7b4856a4df51eca9d6c92f3976e3d6513297b6a01072999fd8790be8ea78a
Opcode Fuzzy Hash: 2603f9b2c21f4b9e6d8ce07cf50baa83c28a4f79657b982ae188efcd151efa80
Instruction Fuzzy Hash: 2DD1D475600B018FC728CF29C580A56F7F2FF98314B658A6DD99A8BB25D770F845CB90

Function 00C05AC0 Relevance: 1.6, Strings: 1, Instructions: 313COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds, xrefs: 00C05DF2

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: ..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds
API String ID: 0-2233721302
Opcode ID: 9334e39effde23467d768f88d80523651c94da120b4c92073270e9b74dfada94
Instruction ID: 1aba9f13e71758b304257691832c9b9ee49d59e31b2345e114a835b979effe74
Opcode Fuzzy Hash: 9334e39effde23467d768f88d80523651c94da120b4c92073270e9b74dfada94
Instruction Fuzzy Hash: 73D13776A087119FDB14DF18C48061ABBE1FF88720F1A895EE8999B351D371ED41CF82

Function 00BC89B0 Relevance: 1.5, Strings: 1, Instructions: 243COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\optional:785: assertion this->has_value() failed: optional operator-> called on a disengaged value, xrefs: 00BC8C6A

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: ..\..\third_party\libc++\src\include\optional:785: assertion this->has_value() failed: optional operator-> called on a disengaged value
API String ID: 0-3475978879
Opcode ID: f8a5047421996bcd5a96c74e7fb76bd5874322e0ca2a26e62a3dfcd1a1d08dde
Instruction ID: 0fed02b7492f009609a25c7a1ea827507c5b90080e3f3e463a37443bb93a24c8
Opcode Fuzzy Hash: f8a5047421996bcd5a96c74e7fb76bd5874322e0ca2a26e62a3dfcd1a1d08dde
Instruction Fuzzy Hash: 37A113746087419FC718CF29C0D0A6AB7E2FFC8344F1489AEE59A47761DB30E985CB92

Function 00B4C650 Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00B4C78F

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
API String ID: 0-2888085009
Opcode ID: b75762a493050db5fa97361c3300199290bc3ba828e34fb96a8c597eef26ac9d
Instruction ID: 23de48fbb340f87f1ed188dc8f1d9223da170fd01eef9a3387138a9af0791e9c
Opcode Fuzzy Hash: b75762a493050db5fa97361c3300199290bc3ba828e34fb96a8c597eef26ac9d
Instruction Fuzzy Hash: 49310F791105A24AE7189FA5EC6AB327B92DB85310F288179D2178F7E2C77C9A00DB10

Function 00B9C480 Relevance: .6, Instructions: 598COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d6c9128871f1856d39bcc1edb13b036d26e4810c246a284f6b4713b95345826
Instruction ID: 495c1c79bfde8ace599bcbb1cd9b99137946b9e91a4df5be30eef0e496e225f2
Opcode Fuzzy Hash: 4d6c9128871f1856d39bcc1edb13b036d26e4810c246a284f6b4713b95345826
Instruction Fuzzy Hash: 5D2273735417044BE318CE2ECC815C2B3E3AFD822475F857EC926CB796EEB9A6178548

Function 00C3DDAD Relevance: .3, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83ee4da561ad53a1a3171c4dac248e3ad7dcea02325c9289494a22f7000694ab
Instruction ID: 5493665f597a0b67ce08526da6f23c772dd0127cbafd1405f7ed29b0ca1b47a4
Opcode Fuzzy Hash: 83ee4da561ad53a1a3171c4dac248e3ad7dcea02325c9289494a22f7000694ab
Instruction Fuzzy Hash: B3C11070920706CFCB29CFA8E584ABABBB1FF15300F144619E4A39B691C771EE45DB51

Function 00C3D11C Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6fcf0e79b2ee711c66748172b8e05b57fef5a01377303f3a4b499f3c49ad41a
Instruction ID: d44e6e49da6c2f447e4697548ba6705999f4c4711283cea283e7733b43ca5f5a
Opcode Fuzzy Hash: e6fcf0e79b2ee711c66748172b8e05b57fef5a01377303f3a4b499f3c49ad41a
Instruction Fuzzy Hash: D3B1E47092060A8BCB24DF68E9556BFBBB1AF41310F14461DE873A7691C732EF45CB92

Function 00BA8060 Relevance: .2, Instructions: 245COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c10c948e2f09096195d9baeeae570942aa493597e6642a0c3e209b0d645ef6b
Instruction ID: a61f169d02dca5bf137c8d9063618c72b048ced664bf37848cd1d9fceef99b38
Opcode Fuzzy Hash: 1c10c948e2f09096195d9baeeae570942aa493597e6642a0c3e209b0d645ef6b
Instruction Fuzzy Hash: E9915B75E042298BDB04CEA5C8C07FEBBF2FB89350F25819AC855B7741CB756D468BA0

Function 00B4EB60 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c03a0f1998d9563610d10029e535e09c4e925167a852cf35cda44156514f39d
Instruction ID: ac153f9a36df4ec3ab6faad3879f48695c22cc78f9a51aa45fcfc3f431260e61
Opcode Fuzzy Hash: 9c03a0f1998d9563610d10029e535e09c4e925167a852cf35cda44156514f39d
Instruction Fuzzy Hash: EE51B470A005159BCB14DF18D8C4A7AB7E5FF81314F1889ADE86A9B342DB31ED12E791

Function 00BA8EC0 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89c149419b1cb466ca5f75d50792d413f9a727d0b17a474225d2f0f1278744a6
Instruction ID: 68c38c516ae84cde3f705f3e40e433dab8275f2a96a04aaff8a3290949185392
Opcode Fuzzy Hash: 89c149419b1cb466ca5f75d50792d413f9a727d0b17a474225d2f0f1278744a6
Instruction Fuzzy Hash: D4415072B0C2168FCB28CE2C94C01BEB7E3FB97351B2980E9D9459B314DA319C459390

Function 00B4EED0 Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 421a4bb705536e0ef8d75cd1d81d2719598fb5d0699946c7f80a67c546bc7807
Instruction ID: ab2d245af8d84494f9f24f903918bcfbe5058807a37e6c41ba15a1e94fca5b69
Opcode Fuzzy Hash: 421a4bb705536e0ef8d75cd1d81d2719598fb5d0699946c7f80a67c546bc7807
Instruction Fuzzy Hash: B931A3B5F042025BE7248E35E885B66B2D6F7C0308F54457CE55EC7346EA31ED25C392

Function 00B52C70 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de6531e31b77c8da9d79803953c3e30b52e37cb513148eb7c75d9b340dad78e1
Instruction ID: 83c0ad45fb5f9a0dcafc00d811fb7d1d69abb46cf58ff092f38fd09428efa921
Opcode Fuzzy Hash: de6531e31b77c8da9d79803953c3e30b52e37cb513148eb7c75d9b340dad78e1
Instruction Fuzzy Hash: 983124B5F012159BDB149F14EC54B2937E1EB85315B0545E8EC0A9B3A2EB70EC15C7E2

Function 00B42B30 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 835d37861a0c8b4f9c0e7d839932c05caaccda62d1be447422752f640a7e87be
Instruction ID: beafd5e6790b313d60925fc5816bc603ba7e97c316f4e357b11b2966e949ba7a
Opcode Fuzzy Hash: 835d37861a0c8b4f9c0e7d839932c05caaccda62d1be447422752f640a7e87be
Instruction Fuzzy Hash: 3831E9B4F002058BCB14DF29D895B3EB7E5EB80314F8445ACE84ACB396EA71ED15D792

Function 00C38190 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 3002af9a612ee5d0488d95254a5d8443ca6b2c6341dbc759e90bd61ea80797db
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 8011087722179143D648862DD8B46BFB795EAC5320F2C437AF0614BA54DA23AB4E9600

Function 00BC1000 Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 421COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00BC1042
SetLastError.KERNEL32(00000000), ref: 00BC104B
SetLastError.KERNEL32(00000000), ref: 00BC105C
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BC1109
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00BC1165
QueryPerformanceCounter.KERNEL32(?), ref: 00BC11FA
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BC1238
AcquireSRWLockExclusive.KERNEL32(?), ref: 00BC1250
__floor_pentium4.LIBCMT ref: 00BC135C
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BC1450
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00BC146F
AcquireSRWLockExclusive.KERNEL32(?), ref: 00BC148B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BC1509
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BC1571

Strings

..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00BC14C4

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$Acquire$ErrorLastUnothrow_t@std@@@__ehfuncinfo$??2@$Release$CounterPerformanceQuery__floor_pentium4
String ID: ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value
API String ID: 739387787-2004180939
Opcode ID: 2aec118efba0303b257550482374dcc0ac7cd1ca29c7cf4c3537232e9d58c647
Instruction ID: a02e84607e78cc3e059d79f637560085a8c5431b61b637c31b21357cddc8821c
Opcode Fuzzy Hash: 2aec118efba0303b257550482374dcc0ac7cd1ca29c7cf4c3537232e9d58c647
Instruction Fuzzy Hash: 83F191706087419FD709DF28D894B2AB7E5FF86340F14896DF88A9B362DB34D845DB42

Function 00BF0360 Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 420COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00BF03A6
SetLastError.KERNEL32(00000000), ref: 00BF03B0
SetLastError.KERNEL32(00000000), ref: 00BF03C1
TryAcquireSRWLockExclusive.KERNEL32(0000055F), ref: 00BF046E
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00BF04CA
QueryPerformanceCounter.KERNEL32(?), ref: 00BF055F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BF059D
AcquireSRWLockExclusive.KERNEL32(?), ref: 00BF05B5
__floor_pentium4.LIBCMT ref: 00BF06C1
TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BF07B5
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00BF07D4
AcquireSRWLockExclusive.KERNEL32(?), ref: 00BF07F0
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BF086E
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BF08D6

Strings

..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value, xrefs: 00BF0829

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$Acquire$ErrorLastUnothrow_t@std@@@__ehfuncinfo$??2@$Release$CounterPerformanceQuery__floor_pentium4
String ID: ..\..\third_party\libc++\src\include\optional:795: assertion this->has_value() failed: optional operator* called on a disengaged value
API String ID: 739387787-2004180939
Opcode ID: b25e29c5587e90c0f4e66665e894d09980c230210eb62bb75f53f8b5677aeedd
Instruction ID: 89f81c7638292789dacc9e25e579e4aa678143a4cd09decf736ea547eb1228f4
Opcode Fuzzy Hash: b25e29c5587e90c0f4e66665e894d09980c230210eb62bb75f53f8b5677aeedd
Instruction Fuzzy Hash: 06F18E706183059FD705EF28D89473AB7E5EF85340F1489ADF98A8B262EB70D849DB42

Function 00B8C8B0 Relevance: 24.4, APIs: 16, Instructions: 427COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 00B8C909
__aullrem.LIBCMT ref: 00B8C950
__aullrem.LIBCMT ref: 00B8C994
__aullrem.LIBCMT ref: 00B8C9D8
__aullrem.LIBCMT ref: 00B8CA1C
__aullrem.LIBCMT ref: 00B8CA60
__aullrem.LIBCMT ref: 00B8CAA4
__aullrem.LIBCMT ref: 00B8CAE8
__aullrem.LIBCMT ref: 00B8CB2C

Part of subcall function 00BEDEC0: LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000008,?,?,00B8C0E2,?), ref: 00BEDF1B
Part of subcall function 00BEDEC0: GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 00BEDF2B

__aullrem.LIBCMT ref: 00B8CB70
__aullrem.LIBCMT ref: 00B8CBB4
__aullrem.LIBCMT ref: 00B8CBF8
__aullrem.LIBCMT ref: 00B8CC3C
__aullrem.LIBCMT ref: 00B8CC80
__aullrem.LIBCMT ref: 00B8CCC4
__aullrem.LIBCMT ref: 00B8CD08

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: __aullrem$AddressLibraryLoadProc
String ID:
API String ID: 3725045012-0
Opcode ID: a64cd0991c1b3609d9f19fc8c729b60958daa4a1d234350ce2f7c5db24e8651c
Instruction ID: 5521df7ee44f14c2c3dfef78a2a20154612a3c1dda2145d8302fcaca3b8269b6
Opcode Fuzzy Hash: a64cd0991c1b3609d9f19fc8c729b60958daa4a1d234350ce2f7c5db24e8651c
Instruction Fuzzy Hash: F2D1A3B4B043047BD614AA65CC86F7F7BDA9FD4B01F40891CF1899B2C2DAB19C49E762

Function 00B66910 Relevance: 23.1, APIs: 6, Strings: 7, Instructions: 314timeCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00B668F7,?,0000000C,?,00000000,?,?,00C82D92,?,00000001,?,?), ref: 00B6692E
SetLastError.KERNEL32(00000000,?,00B668F7,?,0000000C,?,00000000,?,?,00C82D92,?,00000001,?,?), ref: 00B66938
_strlen.LIBCMT ref: 00B66947
GetLocalTime.KERNEL32(0000000C,?,?,?,?,?,00B668F7,?,0000000C,?,00000000,?,?,00C82D92,?,00000001), ref: 00B669AA
_strlen.LIBCMT ref: 00B66AAF
SetLastError.KERNEL32(?,?,?,00000001), ref: 00B66B8F

Strings

..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00B66BD2
..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00B66BC4
)] , xrefs: 00B66AFE
..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range, xrefs: 00B66BD9
..\..\third_party\libc++\src\include\string_view:422: assertion __n <= size() failed: remove_prefix() can't remove more than size(), xrefs: 00B66BCB
VERBOSE, xrefs: 00B66C58
UNKNOWN, xrefs: 00B66BE8

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$_strlen$LocalTime
String ID: )] $..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:330: assertion (__end - __begin) >= 0 failed: std::string_view::string_view(iterator, sentinel) received invalid range$..\..\third_party\libc++\src\include\string_view:422: assertion __n <= size() failed: remove_prefix() can't remove more than size()$UNKNOWN$VERBOSE
API String ID: 1138008395-693731270
Opcode ID: e88c1d53cd7ae03429b479f4fcb970f2f799f61e68c465850bef0d1f9ae4812b
Instruction ID: c5a6ca32d8aff80e24b56799ad3e390d986d7fb1e61f5e0f4103ce7343fc724d
Opcode Fuzzy Hash: e88c1d53cd7ae03429b479f4fcb970f2f799f61e68c465850bef0d1f9ae4812b
Instruction Fuzzy Hash: B3B1F8B4E002149FCB14EF64D885ABEBBF5EF49314F184469F806A7392DB799C01DBA1

Function 00B52300 Relevance: 23.0, APIs: 5, Strings: 8, Instructions: 297libraryloaderCOMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNEL32(?,?,?,chrome.dll,0000000A,?,00000021,?,chrome.dll,0000000A,?,126.0.6478.183,0000000E,?,?,00000004), ref: 00B524E1
LoadLibraryExW.KERNEL32(?,00000000,00000008,no-pre-read-main-dll,?,?,00000004), ref: 00B52537
SetProcessShutdownParameters.KERNEL32(0000027F,00000001,?,?,00000004), ref: 00B52561
GetProcAddress.KERNEL32(?,ChromeMain), ref: 00B5258D

Part of subcall function 00B528B0: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00B52658), ref: 00B5292B
Part of subcall function 00B528B0: PrefetchVirtualMemory.KERNEL32(00000000,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00B52937

GetInstallDetailsPayload.CHROME_ELF(00000004), ref: 00B52660

Strings

type, xrefs: 00B5233E
Cannot find module , xrefs: 00B526ED
no-pre-read-main-dll, xrefs: 00B52511
chrome.dll, xrefs: 00B52404, 00B52461, 00B526FB
ChromeMain, xrefs: 00B52585
Failed to load Chrome DLL from , xrefs: 00B52759
126.0.6478.183, xrefs: 00B523F5
..\..\chrome\app\main_dll_loader_win.cc, xrefs: 00B526DB, 00B52747

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CurrentProcess$AddressDetailsDirectoryInstallLibraryLoadMemoryParametersPayloadPrefetchProcShutdownVirtual
String ID: ..\..\chrome\app\main_dll_loader_win.cc$126.0.6478.183$Cannot find module $ChromeMain$Failed to load Chrome DLL from $chrome.dll$no-pre-read-main-dll$type
API String ID: 1824951502-3802372930
Opcode ID: 281bca524ec1b60f79aab4375937d9ae77c28026516eb8128114515e074746db
Instruction ID: 9bded5687537ac604cc10cdaafc1e710a2a0dd170424561c5bef9c271778ac72
Opcode Fuzzy Hash: 281bca524ec1b60f79aab4375937d9ae77c28026516eb8128114515e074746db
Instruction Fuzzy Hash: 3FB1B370E012599BEF20DF20DC45BAEB7F5AF45301F0485E5E909B7281EB70AA89DF51

Function 00B84B90 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 247COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,00000000,0.0.0.0-devel,0000000D,Chrome,00000006,?,00C678B9,?), ref: 00B84BF2
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,00000006,?,00C678B9,?), ref: 00B84C1B

Part of subcall function 00B84F20: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?), ref: 00B84F82
Part of subcall function 00B84F20: GetUserDefaultLangID.KERNEL32(00000000,\VarFileInfo\Translation,?,?), ref: 00B84FAE
Part of subcall function 00B84F20: GetUserDefaultLangID.KERNEL32 ref: 00B84FB7
Part of subcall function 00B84F20: VerQueryValueW.VERSION(?,?,?,?), ref: 00B85023

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00B84E9E
ProductVersion, xrefs: 00B84C46
Official Build, xrefs: 00B84CC8
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00B84EA5
ProductShortName, xrefs: 00B84D72
SpecialBuild, xrefs: 00B84DE5
-devel, xrefs: 00B84EC0
0.0.0.0-devel, xrefs: 00B84BBF
Chrome, xrefs: 00B84BB1
..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00B84EAC
extended, xrefs: 00B84EF5

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: DefaultFileInfoLangQueryUserValueVersion$Size
String ID: -devel$..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$0.0.0.0-devel$Chrome$Official Build$ProductShortName$ProductVersion$SpecialBuild$extended
API String ID: 4255889946-2556447703
Opcode ID: b432c135330d76fb4e50b808e0743ef45c178e412ea8dd4d287ddd391f069a74
Instruction ID: 43c583a33ebb20adaa0cd7e54d16a550f05c37ec9cb27a5c9e4f0c00cb0d4f1b
Opcode Fuzzy Hash: b432c135330d76fb4e50b808e0743ef45c178e412ea8dd4d287ddd391f069a74
Instruction Fuzzy Hash: 3891F3B0D0028A9BEF05EF64D841BAE77F1FF58304F18C099E8057B266EB74A984D752

Function 00B54F50 Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 353libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000008,00000010,?,?), ref: 00B55299
GetProcAddress.KERNEL32(00000000,SetUnhandledExceptionFilter), ref: 00B552A9

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00B55377
database, xrefs: 00B55231
test-child-process, xrefs: 00B551F0, 00B55320, 00B55355
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00B5537E
..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00B5510F, 00B5530B
SetUnhandledExceptionFilter, xrefs: 00B552A3
type, xrefs: 00B551E4
fallback-handler, xrefs: 00B551DD
..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00B55108
kernel32.dll, xrefs: 00B55294

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$SetUnhandledExceptionFilter$database$fallback-handler$kernel32.dll$test-child-process$type
API String ID: 1646373207-3386034524
Opcode ID: 88039823043e10ecee2d5b44d5cb0647b82153fd4c6b03655a8f89bd6acebd4f
Instruction ID: d4a83e609de3eb9d9a6ba84bfe3e7f5944af192e84f4d8b96a06e16bc15aa02e
Opcode Fuzzy Hash: 88039823043e10ecee2d5b44d5cb0647b82153fd4c6b03655a8f89bd6acebd4f
Instruction Fuzzy Hash: E5C128B1E007099FDB20DF64D891BAEB7F5EF54306F1481A9FC05A7251EB70A948CB91

Function 00B593B0 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 176pipefileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00B593FB
SetNamedPipeHandleState.KERNEL32(00000000,?,00000000,00000000), ref: 00B59416
TransactNamedPipe.KERNEL32(00000000,?,00000024,00B58ED1,0000000C,?,00000000), ref: 00B59439
GetLastError.KERNEL32 ref: 00B5947D
WaitNamedPipeW.KERNEL32(?,000000FF), ref: 00B59497

Strings

, observed , xrefs: 00B59570
SetNamedPipeHandleState, xrefs: 00B595C1
CreateFile, xrefs: 00B5950D
TransactNamedPipe: expected , xrefs: 00B59557
TransactNamedPipe, xrefs: 00B595F8
..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc, xrefs: 00B594C7, 00B594FB, 00B59545, 00B595AF, 00B595E6
WaitNamedPipe, xrefs: 00B594D9

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: NamedPipe$CreateErrorFileHandleLastStateTransactWait
String ID: , observed $..\..\third_party\crashpad\crashpad\util\win\registration_protocol_win.cc$CreateFile$SetNamedPipeHandleState$TransactNamedPipe$TransactNamedPipe: expected $WaitNamedPipe
API String ID: 3582518244-2365249698
Opcode ID: e7e53007abeee07d73c9471eb6b2f2057f2d88d299ba31d845578f03c74c700a
Instruction ID: 5135b368ab726550296c6d39dc80e73cbe350636464e6b4858bb5fd06ff57d9b
Opcode Fuzzy Hash: e7e53007abeee07d73c9471eb6b2f2057f2d88d299ba31d845578f03c74c700a
Instruction Fuzzy Hash: 4151E670700304EAEB64AB609C46FBF77E9EB85705F0440E5FA09A62C1DBB0994DDB63

Function 00B74680 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 313filelibraryloaderCOMMON

Download Yara Rule

APIs

LocalFree.KERNEL32(?), ref: 00B7477B
CreateFileW.KERNEL32 ref: 00B74841
GetLastError.KERNEL32 ref: 00B74851
SetLastError.KERNEL32(00000000), ref: 00B74868
GetModuleHandleW.KERNEL32(00000000,00000000,00000004,00000004), ref: 00B74987
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00B74993

Strings

AddACEToPath, xrefs: 00B746CD
GetHandleVerifier, xrefs: 00B7498D
ScopedBlockingCall, xrefs: 00B74A6D
..\..\base\win\security_util.cc, xrefs: 00B746C8

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$AddressCreateFileFreeHandleLocalModuleProc
String ID: ..\..\base\win\security_util.cc$AddACEToPath$GetHandleVerifier$ScopedBlockingCall
API String ID: 24226920-314747623
Opcode ID: c476832f4a7ed7ce7131922f95bcbda5c52c70aa5c2fe8c4f6b3c623a3b2e463
Instruction ID: dbd6ef1fae66cc0cadebb232c14c278ead67acf06d3c8e6855eff4259ad0f744
Opcode Fuzzy Hash: c476832f4a7ed7ce7131922f95bcbda5c52c70aa5c2fe8c4f6b3c623a3b2e463
Instruction Fuzzy Hash: BBB1E3B1A043819FDB11DF24C88476FB7E4EF89301F1489ADFAE997251E7709948CB92

Function 00B8C730 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 113libraryloaderCOMMON

Download Yara Rule

APIs

VerSetConditionMask.KERNEL32 ref: 00B8C777
VerSetConditionMask.KERNEL32(00000000,?,00000001,00000003), ref: 00B8C783
VerSetConditionMask.KERNEL32(00000000,?,00000020,00000003,?,00000001,00000003), ref: 00B8C78A
VerifyVersionInfoW.KERNEL32(?,00000023,00000000), ref: 00B8C7AE
InitializeCriticalSection.KERNEL32(00B8C231,?,?,00000020,00000003,?,00000001,00000003), ref: 00B8C858

Part of subcall function 00C382C8: AcquireSRWLockExclusive.KERNEL32(00D02800,000000C0,?,?,00BCFE69,00D12A10), ref: 00C382D3
Part of subcall function 00C382C8: ReleaseSRWLockExclusive.KERNEL32(00D02800,?,00BCFE69,00D12A10), ref: 00C3830D

LoadLibraryW.KERNEL32(kernel32.dll,00000003), ref: 00B8C7F4
GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00B8C804

Strings

InitializeCriticalSectionEx, xrefs: 00B8C894
..\..\third_party\crashpad\crashpad\util\win\critical_section_with_debug_info.cc, xrefs: 00B8C882
InitializeCriticalSectionEx, xrefs: 00B8C7FE
kernel32.dll, xrefs: 00B8C7EF

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ConditionMask$ExclusiveLock$AcquireAddressCriticalInfoInitializeLibraryLoadProcReleaseSectionVerifyVersion
String ID: ..\..\third_party\crashpad\crashpad\util\win\critical_section_with_debug_info.cc$InitializeCriticalSectionEx$InitializeCriticalSectionEx$kernel32.dll
API String ID: 380373429-2219384513
Opcode ID: 87bf0e1c073a4a639c2e222662a52f9fbe5789b0791b4dbf8b6fec0e98b4c2c5
Instruction ID: 0dda2c0e3b8025644c83d98ffb80ec49421005109b2520fa2a7eb3e7b1b2509b
Opcode Fuzzy Hash: 87bf0e1c073a4a639c2e222662a52f9fbe5789b0791b4dbf8b6fec0e98b4c2c5
Instruction Fuzzy Hash: 1F31FCB0A40304ABE710BF20EC4AFFE77A9EF44B44F048168FA05972D1DB75A955CB66

Function 00B431D0 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 358COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00B43214
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B43361
_strlen.LIBCMT ref: 00B433F0
_strlen.LIBCMT ref: 00B43519
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B43601

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00B4365A
..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00B4367C
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00B4366D
Other, xrefs: 00B4324B, 00B4364B
d, xrefs: 00B435D3

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$Other$d
API String ID: 3295101305-4285599685
Opcode ID: c421d68d2d64f8e5c5bac8b2acb72a9c573f94f3a1e7480f31f7497f83b3198c
Instruction ID: fcecd9bb865f205c85fa21e5b846e339725ca6e3ee0a346c3f8009cbdc13f168
Opcode Fuzzy Hash: c421d68d2d64f8e5c5bac8b2acb72a9c573f94f3a1e7480f31f7497f83b3198c
Instruction Fuzzy Hash: 75D1CFB1A087419FC715DF28C84071FBBE5AFC5B10F198A2DF89997391EB70DA449B82

Function 00B591B0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 158COMMON

Download Yara Rule

APIs

UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00B58DC9), ref: 00B591D1
UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00B58DC9), ref: 00B591D9
UnregisterWaitEx.KERNEL32(?,-00000001,?,?,?,?,?,00B58DC9), ref: 00B591E2
CloseHandle.KERNEL32(?,?,?,?,?,?,00B58DC9), ref: 00B59200
CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00B58DC9), ref: 00B5922E
CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00B58DC9), ref: 00B59258
CloseHandle.KERNEL32(?,CloseHandle,?,?,?,?,?,?,?,?,?,?,?,00B58DC9), ref: 00B59282

Strings

..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 00B592BA, 00B592F7, 00B59334, 00B59371
Free, xrefs: 00B592BF, 00B592FC, 00B59339, 00B59376
CloseHandle, xrefs: 00B592DC, 00B59319, 00B59356, 00B59393

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CloseHandle$UnregisterWait
String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
API String ID: 1214919099-1704384866
Opcode ID: be596efe852c769a688db2cc09222b2aaacda5758927a6d1362fb75ce3bdf82d
Instruction ID: 4a1b4b8516200e8e7f289345d47ff8cbfd99774e3624ab31aead443e8f2ec9cd
Opcode Fuzzy Hash: be596efe852c769a688db2cc09222b2aaacda5758927a6d1362fb75ce3bdf82d
Instruction Fuzzy Hash: CC410470A00344BBD721AB61DC89B3F76E9EF84701F04089CE94657282EBB1E908D762

Function 00BC75E0 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 245COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00BC75FF
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,7FFFFFF7,?,7FFFFFF7,?,00C01938,Histogram.MismatchedConstructionArguments,00000000,00CE1384,..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length), ref: 00BC773F
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,7FFFFFF7,?,7FFFFFF7,?,00C01938,Histogram.MismatchedConstructionArguments,00000000,00CE1384,..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length), ref: 00BC7762
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,7FFFFFF7,?,7FFFFFF7,?,00C01938,Histogram.MismatchedConstructionArguments,00000000,00CE1384,..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length), ref: 00BC7855
ReleaseSRWLockExclusive.KERNEL32(7FFFFFF7,?,7FFFFFF7,?,7FFFFFF7,?,00C01938,Histogram.MismatchedConstructionArguments,00000000,00CE1384,..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length), ref: 00BC78D4

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00BC7899
..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00BC788B
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00BC78A0
..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00BC7892

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$_strlen
String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
API String ID: 1657474455-391765784
Opcode ID: b82036a2e4730a247de45e77e7d185cbeaa5c4c84430689628f404494656eb66
Instruction ID: 3f2bde4f5040d84213cdcc65a06b1b841dc14a12b5f8740574a18abf8e569e92
Opcode Fuzzy Hash: b82036a2e4730a247de45e77e7d185cbeaa5c4c84430689628f404494656eb66
Instruction Fuzzy Hash: 3481E071A443599FDB04DB61D884FAE7BF9AF88704F18406DE906A7241EB31DD00CFA1

Function 00B84F20 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 209COMMON

Download Yara Rule

APIs

VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?), ref: 00B84F82
GetUserDefaultLangID.KERNEL32(00000000,\VarFileInfo\Translation,?,?), ref: 00B84FAE
GetUserDefaultLangID.KERNEL32 ref: 00B84FB7
VerQueryValueW.VERSION(?,?,?,?), ref: 00B85023
VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B850A2
VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B8511E
VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B85199

Strings

\VarFileInfo\Translation, xrefs: 00B84F76
\StringFileInfo\%04hx%04hx\%ls, xrefs: 00B84FF1, 00B85074, 00B850F0, 00B8516B

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: QueryValue$DefaultLangUser
String ID: \StringFileInfo\%04hx%04hx\%ls$\VarFileInfo\Translation
API String ID: 2923350452-4158013653
Opcode ID: f3fd719d485c0fbcd6a17d5b73399bd7f19d78e1137e06f7eaf3976bf0562616
Instruction ID: 396ec36597bfd1b93964344cf2379fe664c45fbb586cd0c22f9bf990fa9d7c51
Opcode Fuzzy Hash: f3fd719d485c0fbcd6a17d5b73399bd7f19d78e1137e06f7eaf3976bf0562616
Instruction Fuzzy Hash: 7B71B6B1A412287EEB21AF60DC89BFAB7F8EF14700F0441E5F508E6251EB749E85CB51

Function 00B83EA0 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 204pipeCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00B84007
DisconnectNamedPipe.KERNEL32(?), ref: 00B8401C
ConnectNamedPipe.KERNEL32(?,00000000), ref: 00B84023
CloseHandle.KERNEL32(?), ref: 00B8404D

Strings

ConnectNamedPipe, xrefs: 00B840EA
..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 00B84084
Free, xrefs: 00B84089
CloseHandle, xrefs: 00B840A6
..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc, xrefs: 00B840DE

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: NamedPipe$CloseConnectDisconnectErrorHandleLast
String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$ConnectNamedPipe$Free
API String ID: 447347179-3091828373
Opcode ID: 9c339c3eb252cf19d8fd2b170d8c5c38dc6342054a69a687465e267b277642d5
Instruction ID: fb717d70152b23eee22a7f1d5814548d2450fd9de6ae8ce7822845148f74d9fe
Opcode Fuzzy Hash: 9c339c3eb252cf19d8fd2b170d8c5c38dc6342054a69a687465e267b277642d5
Instruction Fuzzy Hash: 67513671A00305ABDB20BB649C85B7B73F5DF80B04F1444A9FA0697261EB71F905E793

Function 00B92570 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 195fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(00000000,?), ref: 00B92683
GetLastError.KERNEL32 ref: 00B9268E
DeleteFileW.KERNEL32(00000000), ref: 00B926D7
RemoveDirectoryW.KERNEL32(00000000), ref: 00B926E4
SetLastError.KERNEL32(000000A1), ref: 00B9270C
SetFileAttributesW.KERNEL32(00000000,00000000), ref: 00B927B6

Strings

ScopedBlockingCall, xrefs: 00B92789
..\..\base\files\file_util_win.cc, xrefs: 00B925A9
DoDeleteFile, xrefs: 00B925AE

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: File$AttributesErrorLast$DeleteDirectoryRemove
String ID: ..\..\base\files\file_util_win.cc$DoDeleteFile$ScopedBlockingCall
API String ID: 3447957730-1263771705
Opcode ID: a3c557732b448dbb9fcd3c9c8e67944d93e98788c1c90e29317930c703f95611
Instruction ID: 4449ff42c87758d14b2416b1c3d016bf8fbe8714104b678165c19460f3356925
Opcode Fuzzy Hash: a3c557732b448dbb9fcd3c9c8e67944d93e98788c1c90e29317930c703f95611
Instruction Fuzzy Hash: 556124B1E043506BCF10AF24D8817AEB7E0EF95310F1485B8F8D6A7291DB74AE489782

Function 00B50280 Relevance: 15.2, APIs: 10, Instructions: 199COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(FFFFFFFF,?,00B4BCE8,?,?,?,?,?,?,?,?), ref: 00B502A5
WakeAllConditionVariable.KERNEL32(?,?,00B4BCE8,?,?,?,?,?,?,?,?), ref: 00B502B7
ReleaseSRWLockExclusive.KERNEL32(FFFFFFFF,?,00B4BCE8,?,?,?,?,?,?,?,?), ref: 00B502BE
TryAcquireSRWLockExclusive.KERNEL32(FFFFFFFF,?,00B4BCE8,?,?,?,?,?,?,?,?), ref: 00B502C5
ReleaseSRWLockExclusive.KERNEL32(FFFFFFFF,?,00B4BCE8,?,?,?,?,?,?,?,?), ref: 00B502EF
TryAcquireSRWLockExclusive.KERNEL32(?,?,00B4BCE8,?,?,?,?,?,?,?,?), ref: 00B50336
ReleaseSRWLockExclusive.KERNEL32(?,?,00B4BCE8,?,?,?,?,?,?,?,?), ref: 00B5034D
AcquireSRWLockExclusive.KERNEL32(FFFFFFFF,?,00B4BCE8,?,?,?,?,?,?,?,?), ref: 00B50359
AcquireSRWLockExclusive.KERNEL32(FFFFFFFF,?,00B4BCE8,?,?,?,?,?,?,?,?), ref: 00B50365
AcquireSRWLockExclusive.KERNEL32(?,?,00B4BCE8,?,?,?,?,?,?,?,?), ref: 00B50421

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release$ConditionVariableWake
String ID:
API String ID: 2824607059-0
Opcode ID: 0c362c2d863a37e248663726d7f09e62e18b75b0d0f8424e6936f79c0e6998b5
Instruction ID: 48258ea53f510a7fd2b34345d6d3ba495c9116f26d518b74a89ad7eb89fc9537
Opcode Fuzzy Hash: 0c362c2d863a37e248663726d7f09e62e18b75b0d0f8424e6936f79c0e6998b5
Instruction Fuzzy Hash: 5761AC71A102168FDB21EF54C885BBEB7F1FF89312B140499EE46A7310D735AD4ACB92

Function 00B42E20 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 307threadCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?), ref: 00B42F97
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B42FDA
GetCurrentThreadId.KERNEL32 ref: 00B430E8
GetCurrentThreadId.KERNEL32 ref: 00B430F7
GetCurrentThreadId.KERNEL32 ref: 00B43104
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B43133
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B431A4

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00B42F1A

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CurrentThreadUnothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
API String ID: 1687741313-4189810390
Opcode ID: ad5aa4a5b3edb4439178aac8432f0ab34d9bc399ce699052254ad13c0c3e5227
Instruction ID: 45b674ee66626720cc74eb3c314de867962951c239f89a97cf2a2a0f49b72cfb
Opcode Fuzzy Hash: ad5aa4a5b3edb4439178aac8432f0ab34d9bc399ce699052254ad13c0c3e5227
Instruction Fuzzy Hash: 62B16C70A042059FC708DF18C885A6AFBE5EF88704F58856DF88997351DB34EE44EB92

Function 00BB8290 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 156libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00BB83E2
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00BB83EE
GetModuleHandleW.KERNEL32(00000000), ref: 00BB8425
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00BB8431

Strings

GetHandleVerifier, xrefs: 00BB83E8, 00BB842B
..\..\base\files\file_win.cc, xrefs: 00BB830C
ScopedBlockingCall, xrefs: 00BB846F
Close, xrefs: 00BB8311

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier$ScopedBlockingCall
API String ID: 1646373207-3663164917
Opcode ID: d922915c806d147757e89577082e73ef163799e0a83f9ac851ea9083988900dd
Instruction ID: b7a7720827137c6b5a4b42e3bfadf964c700d1a804ebe0325335f0dc22c4565e
Opcode Fuzzy Hash: d922915c806d147757e89577082e73ef163799e0a83f9ac851ea9083988900dd
Instruction Fuzzy Hash: 3B51A371204341AFD710AF24DC89B7AB7E9FB49700F144968F596D73A1DFB0A944CBA2

Function 00B584E0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 149threadCOMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32 ref: 00B5852C
CreateEventW.KERNEL32 ref: 00B58580
CreateThread.KERNEL32(00000000,00000000,00BABD20,00000000,00000000,00000000), ref: 00B585C9

Strings

..\..\third_party\crashpad\crashpad\util\thread\thread_win.cc, xrefs: 00B58693
..\..\third_party\crashpad\crashpad\util\win\session_end_watcher.cc, xrefs: 00B58621, 00B5865F
CreateThread, xrefs: 00B586B5
CreateEvent, xrefs: 00B58633, 00B58671
Start, xrefs: 00B58698

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: Create$Event$Thread
String ID: ..\..\third_party\crashpad\crashpad\util\thread\thread_win.cc$..\..\third_party\crashpad\crashpad\util\win\session_end_watcher.cc$CreateEvent$CreateThread$Start
API String ID: 2525963256-1853482706
Opcode ID: d62fb46205c742ed1d516b871928bd4caf359f3dc4b38f9e5744800be1b05ab0
Instruction ID: 6be7cb9895436ba0a5c39e8eeb40c18f6d389d7ad8fa1542b1da67f92469432f
Opcode Fuzzy Hash: d62fb46205c742ed1d516b871928bd4caf359f3dc4b38f9e5744800be1b05ab0
Instruction Fuzzy Hash: 4D4149B1A403049BD720AB34AC86B7F77E9EF45305F08486DF949E6242EF70954A8712

Function 00C032B0 Relevance: 13.7, APIs: 9, Instructions: 220sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000,?,000F4240), ref: 00C0333B
QueryPerformanceCounter.KERNEL32(?), ref: 00C03364
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C033A7
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00C0342F
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C0346F

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CounterPerformanceQueryUnothrow_t@std@@@__ehfuncinfo$??2@$Sleep
String ID:
API String ID: 2381004442-0
Opcode ID: 915730bec8fbcbb32834b48c58ea3ffdc1f36411f0fa9856c588fe8a30fe3929
Instruction ID: 48ca112afea8867f421716e730c6b911c5152bc9a0e2d2d4a7a0dee945da6ef8
Opcode Fuzzy Hash: 915730bec8fbcbb32834b48c58ea3ffdc1f36411f0fa9856c588fe8a30fe3929
Instruction Fuzzy Hash: B7815E71608341AFC748DF28D895A2BBBE9EB88340F04892EF599C7361D734D944DB92

Function 00C7E520 Relevance: 13.6, APIs: 9, Instructions: 67synchronizationCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(crashpad-handler,?,?,?,?,?,?,?,?,?,?,?,00C679B4), ref: 00C7E542
TerminateProcess.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00C679B4), ref: 00C7E54A
GetCurrentProcess.KERNEL32 ref: 00C7E566
WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 00C7E572
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00C679B4), ref: 00C7E58E
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,00C679B4), ref: 00C7E59E
WaitForSingleObject.KERNEL32(00000000,0000EA60,?,?,?,?,?,?,?,?,?,?,00C679B4), ref: 00C7E5AA
GetCurrentProcess.KERNEL32 ref: 00C7E5C9
GetExitCodeProcess.KERNEL32(00000000,FFFFFFFF), ref: 00C7E5D4

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: Process$Current$ObjectSingleWait$CodeErrorExitLastTerminate
String ID:
API String ID: 2432511979-0
Opcode ID: 6b5179e455f507bcbf58e897e34a94b3370ef380a8855fa1729f34869f24fc5f
Instruction ID: 148b72c87ff95bd209ee4cba0e0e34055ec4cc6bcfaab01b734c994efe46c946
Opcode Fuzzy Hash: 6b5179e455f507bcbf58e897e34a94b3370ef380a8855fa1729f34869f24fc5f
Instruction Fuzzy Hash: 5721C6B26042499FD7609B79D84C77ABBA4EB09308F188459E45EC7250E774D984C723

Function 00B848E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 199registryCOMMON

Download Yara Rule

APIs

RegisterWaitForSingleObject.KERNEL32(00000000,?,00C994F0,00000000,000000FF,00000000), ref: 00B84990
RegisterWaitForSingleObject.KERNEL32(00000000,?,?,00000000,000000FF,00000000), ref: 00B849B6
RegisterWaitForSingleObject.KERNEL32(?,?,00000008,00000000,000000FF,00000008), ref: 00B849D8

Part of subcall function 00BABC60: CloseHandle.KERNEL32(00B585FC,?,00000000,00000000,?,00B585FC,00000000), ref: 00BABC77

Strings

RegisterWaitForSingleObject process end, xrefs: 00B84B69
RegisterWaitForSingleObject non-crash dump requested, xrefs: 00B84B1C
..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc, xrefs: 00B84AB9, 00B84B0A, 00B84B57
RegisterWaitForSingleObject crash dump requested, xrefs: 00B84ACB

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ObjectRegisterSingleWait$CloseHandle
String ID: ..\..\third_party\crashpad\crashpad\util\win\exception_handler_server.cc$RegisterWaitForSingleObject crash dump requested$RegisterWaitForSingleObject non-crash dump requested$RegisterWaitForSingleObject process end
API String ID: 2574254514-2013388152
Opcode ID: d0d545f743924b4b2c85eb161c6ed85aaa99e848b954f107fe7c9d02e0902874
Instruction ID: 8f3c8042597d283763098c545e664250d9ff6f806aae830cf31584721c5860e7
Opcode Fuzzy Hash: d0d545f743924b4b2c85eb161c6ed85aaa99e848b954f107fe7c9d02e0902874
Instruction Fuzzy Hash: F071C6B0A00B06AFD724DF25D945F56BBF4FF09304F0046A9E5499BAA2E770E954CB82

Function 00C83220 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 335COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?), ref: 00C8350B

Part of subcall function 00B92B00: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00000000,00000000), ref: 00B92B92

GetStartupInfoW.KERNEL32(?,00000000), ref: 00C832DD

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00C835AF
..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00C835A1
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00C835A8
source-shortcut, xrefs: 00C83307

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CurrentDirectoryErrorInfoLastStartup
String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$source-shortcut
API String ID: 783172407-2813202532
Opcode ID: bf5c8794477f9d66bcb5a964b8b7b816248a1855849cdd6a7c9ad3e1c27aaed8
Instruction ID: 0330db0b7e509fb539ec53d433492dbe5f836742b7cd9283c2bfdd13931a7176
Opcode Fuzzy Hash: bf5c8794477f9d66bcb5a964b8b7b816248a1855849cdd6a7c9ad3e1c27aaed8
Instruction Fuzzy Hash: 8CD123B0C003949AEF219FA1DC45BBEBBB4BF45B08F0041A9E4457B292E7756B05CF64

Function 00C55946 Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00C559CC

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 7783142af62f6bbaebb193a5bb5dccb2a0c698df62bb349582308dae326eb2db
Instruction ID: 0fcd7cd544936a4c6d643e438765291b91b97b4cbe3d3ed3e73e68127fc1658a
Opcode Fuzzy Hash: 7783142af62f6bbaebb193a5bb5dccb2a0c698df62bb349582308dae326eb2db
Instruction Fuzzy Hash: 1CB1AB36900B559FDB118F28CCA1BBE7BA5EF19311F144151EC14AF282D374EE89C7A8

Function 00B58910 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 226COMMON

Download Yara Rule

APIs

GetFileInformationByHandleEx.KERNEL32(?,00000002,00000000,00000210), ref: 00B58975
TryAcquireSRWLockExclusive.KERNEL32(00000188,00000000,\\.\pipe,00000008,00000004,00000000), ref: 00B589FF

Part of subcall function 00B87C00: CloseHandle.KERNEL32(00B583A6), ref: 00B87C1A

Part of subcall function 00B848E0: RegisterWaitForSingleObject.KERNEL32(00000000,?,00C994F0,00000000,000000FF,00000000), ref: 00B84990
Part of subcall function 00B848E0: RegisterWaitForSingleObject.KERNEL32(00000000,?,?,00000000,000000FF,00000000), ref: 00B849B6
Part of subcall function 00B848E0: RegisterWaitForSingleObject.KERNEL32(?,?,00000008,00000000,000000FF,00000008), ref: 00B849D8

ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B58B36

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00B58B97
\\.\pipe, xrefs: 00B589A5
GetFileInformationByHandleEx, xrefs: 00B58BE5

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ObjectRegisterSingleWait$ExclusiveHandleLock$AcquireCloseFileInformationRelease
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at$GetFileInformationByHandleEx$\\.\pipe
API String ID: 1841929329-4152786217
Opcode ID: 88fbad343ae034c7d79827aca242ab17b461a1307d7af5ccbe8b339e56aef518
Instruction ID: 99e12ac07cac1dde0ccca9d40a0885cbcbac8a846242e7e176ee45fbf16e02ab
Opcode Fuzzy Hash: 88fbad343ae034c7d79827aca242ab17b461a1307d7af5ccbe8b339e56aef518
Instruction Fuzzy Hash: AF913DB4A002059FDB14DF28D881B69B7F5FF08310F1486EAE849A7352DB70E985CF91

Function 00B942F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 178COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00B94338
_strlen.LIBCMT ref: 00B943D6

Strings

..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00B944A7
..\..\third_party\libc++\src\include\string:2862: assertion __s != nullptr failed: string::append received nullptr, xrefs: 00B944AE
..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00B944A0
pc:%p, xrefs: 00B9450C

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$..\..\third_party\libc++\src\include\string:2862: assertion __s != nullptr failed: string::append received nullptr$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr$pc:%p
API String ID: 4218353326-891714225
Opcode ID: 9932c4b732b2cf9bf10b24c9a785aab8479a292c0f43db04008e8ca5281f1295
Instruction ID: 924303716065a29e4ae02a47e232186e34ff9ba58d53e9793215bb72f133a331
Opcode Fuzzy Hash: 9932c4b732b2cf9bf10b24c9a785aab8479a292c0f43db04008e8ca5281f1295
Instruction Fuzzy Hash: 6761E370C007199FDF01DFA0D881B9EB7B5AF46300F28C26AF8056B361EB706996DB91

Function 00B44EF0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(00D13488), ref: 00B44F2A
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B44FBC
TryAcquireSRWLockExclusive.KERNEL32(00D1348C), ref: 00B450BD
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B450DB

Strings

2, xrefs: 00B45013
..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 00B4507E

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>$2
API String ID: 17069307-716612548
Opcode ID: 0d3a4eb7d9e432404b6d2cdc90226adb97bada45c9e2d291d60dd94a5d0c4b7b
Instruction ID: fd2ee91169fd6bac6edc7c32b6c9738547a32b2280aee6840e248b0d0ddd6976
Opcode Fuzzy Hash: 0d3a4eb7d9e432404b6d2cdc90226adb97bada45c9e2d291d60dd94a5d0c4b7b
Instruction Fuzzy Hash: CB51AD759016098FDB14DF65C480AEEBBF2FF89304F15829AD8496B322D731EA46DF90

Function 00C14810 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 150libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00C1491F
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00C1492B

Part of subcall function 00C68950: _strlen.LIBCMT ref: 00C68A26
Part of subcall function 00C68950: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C68A84

Strings

GetHandleVerifier, xrefs: 00C14925
..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h, xrefs: 00C149D7
PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES()."), xrefs: 00C149E6
%s (errno: %d, %s), xrefs: 00C149EB

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressHandleModuleProcUnothrow_t@std@@@__ehfuncinfo$??2@_strlen
String ID: %s (errno: %d, %s)$..\..\third_party\perfetto\include\perfetto\tracing\track_event_category_registry.h$GetHandleVerifier$PERFETTO_CHECK(false && "A track event used an unknown category. Please add it to " "PERFETTO_DEFINE_CATEGORIES().")
API String ID: 1366465500-389051806
Opcode ID: ae511c444a4af6eee9dbaca597497d18b9d7065196027fc13eba304fb2cde87b
Instruction ID: ff438d1fe34fb733ad206bbb37cc36acc8fca9c05dccdfc75d559e6dad928a26
Opcode Fuzzy Hash: ae511c444a4af6eee9dbaca597497d18b9d7065196027fc13eba304fb2cde87b
Instruction Fuzzy Hash: 19516D706043819FE714AF20DC45BA677A5EF46304F140968F459CB3D1DB71A985D762

Function 00B57EB0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 147COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00B57FB6
_strlen.LIBCMT ref: 00B58012

Strings

, discarding value , xrefs: 00B58059
..\..\third_party\crashpad\crashpad\handler\handler_main.cc, xrefs: 00B57FA2, 00B58004
requires KEY=VALUE, xrefs: 00B57FCB
has duplicate key , xrefs: 00B58031

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: has duplicate key $ requires KEY=VALUE$, discarding value $..\..\third_party\crashpad\crashpad\handler\handler_main.cc
API String ID: 4218353326-3787997346
Opcode ID: 3bfbbda1eec6457b5492bbbfc148165cd77db0f6d33f3eef901ca2c59a22dd6d
Instruction ID: 55bc4861662b8668537332582c097a7f0e1ae6f7db9b0a57712283eff5485ddc
Opcode Fuzzy Hash: 3bfbbda1eec6457b5492bbbfc148165cd77db0f6d33f3eef901ca2c59a22dd6d
Instruction Fuzzy Hash: 37411CB1D0435866EF20EB60AC42FEF77749F45304F0441E9FC0977183EA756A89EAA2

Function 00B49C10 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 146COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000057), ref: 00B49EC9

Strings

..\..\base\files\file_win.cc, xrefs: 00B49C50
ScopedBlockingCall, xrefs: 00B49EF1
DoInitialize, xrefs: 00B49C55

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast
String ID: ..\..\base\files\file_win.cc$DoInitialize$ScopedBlockingCall
API String ID: 1452528299-1981113363
Opcode ID: 6398d054487b48586bc53b43ce80d2346c5182ef98b91e0f86ea5357c35f84d0
Instruction ID: ae1932a93047a7b4806eb4e6a0b1db7ee4e9cb845bb8ad72e8836d5d15430844
Opcode Fuzzy Hash: 6398d054487b48586bc53b43ce80d2346c5182ef98b91e0f86ea5357c35f84d0
Instruction Fuzzy Hash: 2B51E4B1A047419FE710DF24D886B2BB7E1EF85310F04896CF8D697291D7349A08EB92

Function 00C287D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 145fileCOMMON

Download Yara Rule

APIs

ReplaceFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00C2890C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00C28916
MoveFileW.KERNEL32(?,?), ref: 00C28930

Strings

ReplaceFileW, xrefs: 00C28815
ScopedBlockingCall, xrefs: 00C28975
..\..\base\files\file_util_win.cc, xrefs: 00C28810

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: File$ErrorLastMoveReplace
String ID: ..\..\base\files\file_util_win.cc$ReplaceFileW$ScopedBlockingCall
API String ID: 3435996589-3571703075
Opcode ID: f013ffb86f2ae302dbfa1414c8aa4ea796c7c3e1ab586d8dfe0c34fe6c0e4b00
Instruction ID: 06021bd97990e74ca7f178dcd3d9ce7cf569f9aeb030ea3b1d2e1357453822cc
Opcode Fuzzy Hash: f013ffb86f2ae302dbfa1414c8aa4ea796c7c3e1ab586d8dfe0c34fe6c0e4b00
Instruction Fuzzy Hash: 37515CB0A003605FD720AF24E885B7E73E4EF55710F44412DF9899B692EF706A88C393

Function 00B6FB90 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 139COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00B6FC84
SetLastError.KERNEL32(00000000), ref: 00B6FC97
GetLastError.KERNEL32 ref: 00B6FCB1
SetLastError.KERNEL32(00000000), ref: 00B6FCC1
GetLastError.KERNEL32 ref: 00B6FCEF

Strings

..\..\third_party\libc++\src\include\string:990: assertion __n == 0 || __s != nullptr failed: basic_string(const char*, n) detected nullptr, xrefs: 00B6FC16
..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00B6FC1D

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast
String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:222: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$..\..\third_party\libc++\src\include\string:990: assertion __n == 0 || __s != nullptr failed: basic_string(const char*, n) detected nullptr
API String ID: 1452528299-3564941561
Opcode ID: ed08e7f8789524f621dbe6a431d1f346469ae0b94c4a15aadfabef8ec8371d1a
Instruction ID: 6c629daf956275c3c929c5cf317e49693a52934a250754eaeaf1de77199143d7
Opcode Fuzzy Hash: ed08e7f8789524f621dbe6a431d1f346469ae0b94c4a15aadfabef8ec8371d1a
Instruction Fuzzy Hash: 49415AB120030A5FC710AFA5F8C467EB7E9EF85324B24853AFC5597381DA399800D762

Function 00B43F50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 123COMMON

Download Yara Rule

APIs

ReleaseSRWLockExclusive.KERNEL32 ref: 00B43FC9
QueryPerformanceCounter.KERNEL32(?), ref: 00B43FE3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B44021

Strings

@KL, xrefs: 00B4471E

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CounterExclusiveLockPerformanceQueryReleaseUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: @KL
API String ID: 1367642695-3812413351
Opcode ID: 436ecb7a409fb658ac7275aef877088cbdf1e93ee0fe54a7b75cdbf710ff261e
Instruction ID: 7f36da3860ce88925e197222031f5384905b620cf1c08b5afaf8770b2da54854
Opcode Fuzzy Hash: 436ecb7a409fb658ac7275aef877088cbdf1e93ee0fe54a7b75cdbf710ff261e
Instruction Fuzzy Hash: 16414771A043419FC718CF28D894A2BF7F5FB88700F14892DF59A937A0D734E9449B92

Function 00C8C890 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 122COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00C8E7C4), ref: 00C8C8CE
IsWow64Process.KERNEL32(00000000,?), ref: 00C8C8D6

Part of subcall function 00C34D10: VirtualFree.KERNEL32(?,00BAB1C1,00004000,?,65449514,?,00C8E7C4), ref: 00C34DD5

Strings

ize, xrefs: 00C8C928
size, xrefs: 00C8C9AE
mit, xrefs: 00C8C98E
, xrefs: 00C8C94E

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: Process$CurrentFreeVirtualWow64
String ID: $ize$mit$size
API String ID: 1078977170-2684755539
Opcode ID: 34484d99fdf18343be1d8e3b1dbbce4a6e98b814964c04e51ac310e285664d9d
Instruction ID: c01641fd08ef6d0b37b18b5b8d115978f1cd90b1736edb3661832663945b73b1
Opcode Fuzzy Hash: 34484d99fdf18343be1d8e3b1dbbce4a6e98b814964c04e51ac310e285664d9d
Instruction Fuzzy Hash: A941B4B45003009FD714AF25E489A96BBE8FF49318F19C4BEE449CB312E776D905CB92

Function 00B7E220 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 117COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(00000004,00000000), ref: 00B7E245
GetLastError.KERNEL32 ref: 00B7E24F

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00B7E34D
..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 00B7E2B5
CreateDirectory , xrefs: 00B7E2C7
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00B7E354

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID: ..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr$CreateDirectory
API String ID: 1375471231-3193998906
Opcode ID: 04aa425b63a56beee526e09382ebc91fae01ab125c41cc475c9b00493ac52340
Instruction ID: 328aa85823b89bd352bfc295eeeff30d1b3422d757b28504c2329cb31b4692f2
Opcode Fuzzy Hash: 04aa425b63a56beee526e09382ebc91fae01ab125c41cc475c9b00493ac52340
Instruction Fuzzy Hash: 5F31F971B003145BDB20AA64AC86BBF77E89F05708F0884E9F92DEB242E761DD449656

Function 00C00D20 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 101libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,00000000,00000000), ref: 00C00DEE
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00C00DFA

Strings

GetHandleVerifier, xrefs: 00C00DF4
..\..\base\files\file_win.cc, xrefs: 00C00D70
ScopedBlockingCall, xrefs: 00C00E35
Close, xrefs: 00C00D75

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: ..\..\base\files\file_win.cc$Close$GetHandleVerifier$ScopedBlockingCall
API String ID: 1646373207-3663164917
Opcode ID: 93a505b074e521d7eb9211fa06d88baccae1a9bfb439e9fe79f4374681628d6d
Instruction ID: 527f7c14fcb2e26576c02e872f7dd440ec07c3142229d79243260d5d11976d7d
Opcode Fuzzy Hash: 93a505b074e521d7eb9211fa06d88baccae1a9bfb439e9fe79f4374681628d6d
Instruction Fuzzy Hash: D131C5716043409FD700AF65DC46B7AB3E4FB89700F21492DF5E6D7291DBB0A545CBA2

Function 00C826C0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 98COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00C826E3

Strings

..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00C8279B
FeatureList-early-access-allow-list, xrefs: 00C82809
true, xrefs: 00C82729
false, xrefs: 00C8272E, 00C82763
FeatureList-feature-accessed-too-early, xrefs: 00C827C9

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$FeatureList-early-access-allow-list$FeatureList-feature-accessed-too-early$false$true
API String ID: 4218353326-219429426
Opcode ID: af506cdf0646f23b83e3ad21b3da176a51569d98ba7267301a55e00d48d7828d
Instruction ID: 70e753901dea6aa9948ed2e6fe764401ab17fb9290a328cb4cabe37d90489924
Opcode Fuzzy Hash: af506cdf0646f23b83e3ad21b3da176a51569d98ba7267301a55e00d48d7828d
Instruction Fuzzy Hash: C631D0F59402049FCB14EB65EC8AFAE77A0EB45714F140139EA09973E1EB316E05CBB2

Function 00B52150 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,FFFFFFFF,00000000,?,00B50EE9,?,?), ref: 00B5216F
CreateEventW.KERNEL32 ref: 00B52204
GetLastError.KERNEL32 ref: 00B5221A
SetLastError.KERNEL32 ref: 00B5223E

Strings

ExitCodeWatcherThread, xrefs: 00B5219D
..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00B52277

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$CreateCurrentEventProcess
String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$ExitCodeWatcherThread
API String ID: 2886518480-2863599117
Opcode ID: c7a9514c179059d065466eb09d502fae21b1a90bd3cf7ba42fb8d12bf71ca94f
Instruction ID: 755b26eb3d1664920f1bd493007512c781474ec0ece54f8ca395cd22e2c1f161
Opcode Fuzzy Hash: c7a9514c179059d065466eb09d502fae21b1a90bd3cf7ba42fb8d12bf71ca94f
Instruction Fuzzy Hash: BB31C4B09047448FDB10EF78D48936EBBF0FF46304F04895DE8869B651EB749589CB82

Function 00C063F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90libraryloaderCOMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00C05F61,00000000,00000001,?,?,?,?,?,?), ref: 00C06411
GetLastError.KERNEL32(?,?,?,?,?,?), ref: 00C06423
SetLastError.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00C06443
GetModuleHandleW.KERNEL32(00000000,?,?,?,?,?,?), ref: 00C064A0
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00C064AC

Strings

GetHandleVerifier, xrefs: 00C064A6

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$AddressCreateEventHandleModuleProc
String ID: GetHandleVerifier
API String ID: 687412823-1090674830
Opcode ID: a6db55ab0ec05368e655aff764fedee3e17417f0ef5f78e739f2a3db46eb6dc3
Instruction ID: 07e6f762cca1269710a09590fad5dd7647880833cf855b8bb151e3cea874aa20
Opcode Fuzzy Hash: a6db55ab0ec05368e655aff764fedee3e17417f0ef5f78e739f2a3db46eb6dc3
Instruction Fuzzy Hash: 71217CB1600315AFDB24EFB4DC89B3EBBE8FB04305F104829F59AD7290DA759954CB62

Function 00BA8D30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

GetProcessId.KERNEL32(00000000,?,00CE1384,..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at,?,00000000,?,00B549F2), ref: 00BA8D92

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00BA8D6C

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: Process
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
API String ID: 1235230986-4189810390
Opcode ID: eccc43eca1c94da024dd6862258168150a395ed2c096e3e0a108fe1fb25e3511
Instruction ID: de78b72c84fa542f6474da173b617bd2d8191adfb6375cb6d5c369e1999003ed
Opcode Fuzzy Hash: eccc43eca1c94da024dd6862258168150a395ed2c096e3e0a108fe1fb25e3511
Instruction Fuzzy Hash: E321C6703482095BCB285669D85473A77D5DB6A310F1884BCF94ECBED1EE25EC40C252

Function 00B51530 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79synchronizationthreadCOMMON

Download Yara Rule

APIs

GetThreadId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B5154B
WaitForSingleObject.KERNEL32(?,000000FF,00000000,00000001), ref: 00B515CE
CloseHandle.KERNEL32(?), ref: 00B515D9
GetLastError.KERNEL32 ref: 00B515FE

Strings

..\..\base\threading\platform_thread_win.cc, xrefs: 00B5159C
Join, xrefs: 00B515A1

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CloseErrorHandleLastObjectSingleThreadWait
String ID: ..\..\base\threading\platform_thread_win.cc$Join
API String ID: 813778123-1746769387
Opcode ID: 8403682ca5950c31456c4d0c58157711dac54ede5af0b6931b1758bba5eb213b
Instruction ID: 6664ba714de219e3cabdd09c1f5e081319ebe1221bead5a6bbb72f0ff8cf1db0
Opcode Fuzzy Hash: 8403682ca5950c31456c4d0c58157711dac54ede5af0b6931b1758bba5eb213b
Instruction Fuzzy Hash: 312101B09043409BD710AF249C81B6FBBF8EF96750F000A6CF9C693181EBB1A548C693

Function 00B51840 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76libraryloaderCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00C84480,?,?,?,?,?,?,?,?,?,?,00C679B4), ref: 00B51858
SetLastError.KERNEL32(00000000,?,?,?,?,00C84480,?,?,?,?,?,?,?,?,?), ref: 00B51878
GetCurrentProcess.KERNEL32(?,?,00C84480,?,?,?,?,?,?,?,?,?,?,00C679B4), ref: 00B51882
GetModuleHandleW.KERNEL32(00000000,?,00C84480,?,?,?,?,?,?,?,?,?,?,00C679B4), ref: 00B518D7
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00B518E3

Strings

GetHandleVerifier, xrefs: 00B518DD

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$AddressCurrentHandleModuleProcProcess
String ID: GetHandleVerifier
API String ID: 2162457882-1090674830
Opcode ID: 2cc0bbc94d1087ccbd29890f9285cb920f040bddf7654a4504402562064f49f9
Instruction ID: 207c61a344ff5116271942835486362c53b3cb261ff85bb5c842ac554c536dc1
Opcode Fuzzy Hash: 2cc0bbc94d1087ccbd29890f9285cb920f040bddf7654a4504402562064f49f9
Instruction Fuzzy Hash: 0E2193716043059FDB20AF68DC89B7E7BF4EB05302F140CA9F94AD7250DB759849CB62

Function 00C5407E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00C5418D,E0000008,00C67B4F,?,E0000008,E8226A54,?,00C54018,00000019,AppPolicyGetProcessTerminationMethod,00CD5560,AppPolicyGetProcessTerminationMethod,E0000008), ref: 00C5413F

Strings

ext-ms-, xrefs: 00C540E9
api-ms-, xrefs: 00C540D5

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: c7750a78c366e6c9a5eba9eefaafade19c3d3645c1b69ad3f327057a31782056
Instruction ID: de4cbbf85bb5870f02da5a2b22c8139bdb30e247d5d1f95baa3e529f244e4d55
Opcode Fuzzy Hash: c7750a78c366e6c9a5eba9eefaafade19c3d3645c1b69ad3f327057a31782056
Instruction Fuzzy Hash: 41218B39A01610ABC7258B659C45B5F7368AB61367F240110FD1AE3280E730EEC8C6D4

Function 00C390F0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00C3916B,00C3933A,00C393A2), ref: 00C39107
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00C3911D
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00C39132

Strings

AcquireSRWLockExclusive, xrefs: 00C39117
ReleaseSRWLockExclusive, xrefs: 00C39127
KERNEL32.DLL, xrefs: 00C39102

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
API String ID: 667068680-1718035505
Opcode ID: 1d99e17bf9e890fb853f52dcaa7b3d61c1eca753734aa57b6ecb46fb36859c1b
Instruction ID: 813dd5b2308e5636dfad979f2ab7c2da4b1d090013b0ab6f0f8dd8b6518eda57
Opcode Fuzzy Hash: 1d99e17bf9e890fb853f52dcaa7b3d61c1eca753734aa57b6ecb46fb36859c1b
Instruction Fuzzy Hash: 77F08C35B623235B8B214E655C8D77F73E8DA15790B15403AE916E3340D6B0C90696E1

Function 00BDE000 Relevance: 9.1, APIs: 6, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 980b143776e968805d1c3608eec2185cf33c6c2422097ecd89c97ba95642949c
Instruction ID: 165182061915da85aeba85548bc212651df4d0d7fe9f3b4a01d7944958c4ae81
Opcode Fuzzy Hash: 980b143776e968805d1c3608eec2185cf33c6c2422097ecd89c97ba95642949c
Instruction Fuzzy Hash: 944151356006058FD724EF24C888A29F7F2FF54311715889ED96A8F761EB31EC42CB51

Function 00B464D0 Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

AcquireSRWLockExclusive.KERNEL32(00D03714), ref: 00B46504
ReleaseSRWLockExclusive.KERNEL32(00D03714), ref: 00B46536
AcquireSRWLockExclusive.KERNEL32(00D03714), ref: 00B46557
ReleaseSRWLockExclusive.KERNEL32(00D03714), ref: 00B46567
WakeAllConditionVariable.KERNEL32(00D03718), ref: 00B46572
ReleaseSRWLockExclusive.KERNEL32(00D03714), ref: 00B4658E

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$Release$Acquire$ConditionVariableWake
String ID:
API String ID: 2445866386-0
Opcode ID: 33c4054db70eb732cdbe8604561c7990dd648e71739b2b4aa93413766cbf77cd
Instruction ID: dc1fd85f83f06cb33f9c5dbc8497618441bdb63b98f828d4b8114b34ddef2d79
Opcode Fuzzy Hash: 33c4054db70eb732cdbe8604561c7990dd648e71739b2b4aa93413766cbf77cd
Instruction Fuzzy Hash: 76215CF5940705EFCB019F58DC89BADBBB4FB86725F004265E8099B390D7749A04CAA3

Function 00B42130 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 309threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00B42145
TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00B41E30,?,?,00B41FBD,00B41E30,?,?,00B41E30), ref: 00B4214F
AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,00B41E30,?,?,00B41FBD,00B41E30,?,?,00B41E30), ref: 00B421E4
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B42407

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00B42486

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$Acquire$CurrentReleaseThread
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
API String ID: 1385397084-2888085009
Opcode ID: e3c189388c90cdad579ba5c3dafd0aec3157b0ab3f6168e2a60c2cf6e5872dfe
Instruction ID: 77dedec7bd8485d76b45f92e49a5a0c526827329bc1b1e354026b6b404fa5fdc
Opcode Fuzzy Hash: e3c189388c90cdad579ba5c3dafd0aec3157b0ab3f6168e2a60c2cf6e5872dfe
Instruction Fuzzy Hash: 6BC17C75A002059FCF14CF69D880AA9BBF5FF48310B5481A9F90AEB311E770EE55EB91

Function 00B4C1E0 Relevance: 9.1, APIs: 6, Instructions: 52threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00B4C1F5
SetThreadPriority.KERNEL32(00000000,00010000), ref: 00B4C207

Part of subcall function 00C64320: GetCurrentThread.KERNEL32 ref: 00C64323
Part of subcall function 00C64320: GetThreadPriority.KERNEL32(00000000,?,00CE1384,..\..\third_party\libc++\src\include\vector:1411: assertion __n < size() failed: vector[] index out of bounds,?,00000000,?,00B4BC66,?,?,?,?,?,?,?,?), ref: 00C6432A

SetThreadPriority.KERNEL32(00000000,7FFFFFFF), ref: 00B4C21D
GetCurrentThread.KERNEL32 ref: 00B4C23A
SetThreadInformation.KERNEL32(00000000,00000003,?,0000000C), ref: 00B4C246
SetThreadPriority.KERNEL32(00000000,00020000), ref: 00B4C263

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: Thread$Priority$Current$Information
String ID:
API String ID: 2516384554-0
Opcode ID: 2ace20cb3440c9f1860c0ed2a25aac22f4af1a6b2cf69b9ee44ed62e4306830e
Instruction ID: f3a593cd006680c9b35afc07f9a2d2a6efe4c2917b8a0b174b4be9aebcd05929
Opcode Fuzzy Hash: 2ace20cb3440c9f1860c0ed2a25aac22f4af1a6b2cf69b9ee44ed62e4306830e
Instruction Fuzzy Hash: 0601D6F1A00200ABC7106F74EC19F6FBBF4EF497A1F014519F51A972D0DBB4A541CA92

Function 00B48CB0 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 206COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00B48ECE
AcquireSRWLockExclusive.KERNEL32(?), ref: 00B48ED9
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B48EEE

Strings

PushOntoDelayedIncomingQueue, xrefs: 00B48D2E
..\..\base\task\sequence_manager\task_queue_impl.cc, xrefs: 00B48D29

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$Acquire$Release
String ID: ..\..\base\task\sequence_manager\task_queue_impl.cc$PushOntoDelayedIncomingQueue
API String ID: 1678258262-2027707633
Opcode ID: 079bf32ee6349f1c3382ba05a97e8b45f4f0cccd01c364416a9a5c928ef8b7eb
Instruction ID: 0f885c86e3b16bea560f2772502f1e832a0086a37e6d317e516a0a185b68d360
Opcode Fuzzy Hash: 079bf32ee6349f1c3382ba05a97e8b45f4f0cccd01c364416a9a5c928ef8b7eb
Instruction Fuzzy Hash: 40919EB1904B41CFC715CF28C480A66BBF0FF99304B15969ED89E8B712EB30E995DB91

Function 00C68950 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 147COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00C68A26
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C68A84

Strings

[printf format error], xrefs: 00C689ED
%s%s %s, xrefs: 00C68AE7
[%03u.%03u] , xrefs: 00C68AC8

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_strlen
String ID: %s%s %s$[%03u.%03u] $[printf format error]
API String ID: 2172594012-104471065
Opcode ID: 71e7eafb0bbe7b7638ef2cc0c3ad5903a81ebd9779de5632fef7f2317a6e0ee5
Instruction ID: 437f0e31b8fc845697e36a9075262e779ed97347ea5a722bf2b7b473abf00358
Opcode Fuzzy Hash: 71e7eafb0bbe7b7638ef2cc0c3ad5903a81ebd9779de5632fef7f2317a6e0ee5
Instruction Fuzzy Hash: 6B4128F2E003406BD714AF349C86A6BB7A9EFC4310F04873DF95986282EF71D5588B92

Function 00C810C0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 141fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00C81139
GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,?,debug.log,00000009,?), ref: 00C81175
GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00C811BF
CreateFileW.KERNEL32 ref: 00C8129B

Strings

debug.log, xrefs: 00C811EF, 00C81262

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: File$Create$CurrentDirectoryModuleName
String ID: debug.log
API String ID: 4120427848-600467936
Opcode ID: ddf07d63f654ae00ec736f4677d732a226c14e2164d0f09675231a7a5ad33e64
Instruction ID: 3113586e0db86760eabf9c2d2463a90411caa7c562dcffe3320ae47178f450dd
Opcode Fuzzy Hash: ddf07d63f654ae00ec736f4677d732a226c14e2164d0f09675231a7a5ad33e64
Instruction Fuzzy Hash: 935117B06003408FD760BF64DD49BAE77E4AF44708F09411CEA59D72E2DBB099C5C7A6

Function 00B76B00 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 119COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNEL32(00B49E2B,00000000,00000000), ref: 00B76B7E
GetLongPathNameW.KERNEL32(00B49E2B,00000000,00000000), ref: 00B76BB5

Strings

ScopedBlockingCall, xrefs: 00B76C5B
MakeLongFilePath, xrefs: 00B76B41
..\..\base\files\file_util_win.cc, xrefs: 00B76B3C

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: LongNamePath
String ID: ..\..\base\files\file_util_win.cc$MakeLongFilePath$ScopedBlockingCall
API String ID: 82841172-2989128051
Opcode ID: 226329d4061f0c43b0bc40ce25d72c42e2891da2ac6c8ece094bb8290eba2d9d
Instruction ID: cb04d5ce698672d139e8f75e176b135694916bb69da7c060638927e59d2f03d7
Opcode Fuzzy Hash: 226329d4061f0c43b0bc40ce25d72c42e2891da2ac6c8ece094bb8290eba2d9d
Instruction Fuzzy Hash: 8141D4B1A04741AFE701DF30DC4576BB7E8EFD5304F14865DF8A897241E770E9588692

Function 00BB8AE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94libraryloaderCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00B424DD,?,?,?,?,?,?,?,?,A1A329F0), ref: 00BB8B10
SetLastError.KERNEL32(?), ref: 00BB8B31
GetModuleHandleW.KERNEL32(00000000,?,?,00B424DD,?,?,?,?,?,?,?,?,A1A329F0), ref: 00BB8BBA
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00BB8BC6

Strings

GetHandleVerifier, xrefs: 00BB8BC0

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1762409328-1090674830
Opcode ID: eb2b2a54442c73b6a5842e50622dbefd73e45382d44e55ef394347db41d31989
Instruction ID: 35825e641cbd46d68890391ba1f23117047c8c956ecb617068fbf9a54cc0d927
Opcode Fuzzy Hash: eb2b2a54442c73b6a5842e50622dbefd73e45382d44e55ef394347db41d31989
Instruction Fuzzy Hash: 85315CB4504204DFCB219F64D889BAABBF5FF09300F144599E5469B362DB729845CBA2

Function 00B4D200 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85libraryloaderCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00B4D22D
SetLastError.KERNEL32(?), ref: 00B4D24D
GetModuleHandleW.KERNEL32(00000000), ref: 00B4D2B3
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00B4D2BF

Strings

GetHandleVerifier, xrefs: 00B4D2B9

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1762409328-1090674830
Opcode ID: 1d4d19c5e2792bb809a9d119bf7574b773109a14ccb5c89dd97344e79036f88e
Instruction ID: 8de8e5fa01840f0499da087fb3c60e92bc6fbffbf6cc2dddba809115a4f2f695
Opcode Fuzzy Hash: 1d4d19c5e2792bb809a9d119bf7574b773109a14ccb5c89dd97344e79036f88e
Instruction Fuzzy Hash: 2D3160716043419FDB10AFA4D889B6EBBF5EF1A300F104899F546D7351CBB1D941EBA2

Function 00B51920 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84libraryloaderCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00B517F8,?,?,FFFFFFFF,00000000,?,00B50F01), ref: 00B51947
SetLastError.KERNEL32(?,?,?,?,?,00B517F8,?,?,FFFFFFFF,00000000,?,00B50F01), ref: 00B51967
GetModuleHandleW.KERNEL32(00000000,?,00B517F8,?,?,FFFFFFFF,00000000,?,00B50F01), ref: 00B519CD
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00B519D9

Strings

GetHandleVerifier, xrefs: 00B519D3

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1762409328-1090674830
Opcode ID: 1f571de096e75e8e963424be3b47e926a56ac719e9358305939b1c8fda2cd47a
Instruction ID: f46ebc6215df28e58cd8cbfca7cf515d1fdc4039aa0f3014c43e56be0c72a882
Opcode Fuzzy Hash: 1f571de096e75e8e963424be3b47e926a56ac719e9358305939b1c8fda2cd47a
Instruction Fuzzy Hash: AF31A0716003419FDB11AFA8D899B6EBBF5EB06302F1048D9E986E7351C7319846CBA2

Function 00B4C370 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?), ref: 00B4C382
SetLastError.KERNEL32(00000000,?,?,?,?,?), ref: 00B4C3A2
GetModuleHandleW.KERNEL32(00000000,?,?,?), ref: 00B4C3ED
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00B4C3F9

Strings

GetHandleVerifier, xrefs: 00B4C3F3

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1762409328-1090674830
Opcode ID: 3d8835e1f0e6daa1c0093712936508388081d53ba2cb522c169c53310c08d683
Instruction ID: 09e1fff8777fe18e11edb02bf5c098539e44ac02353333d60304e1b59e3b12df
Opcode Fuzzy Hash: 3d8835e1f0e6daa1c0093712936508388081d53ba2cb522c169c53310c08d683
Instruction Fuzzy Hash: D221ACB1601201AFCB50AFA0DC8AB3E7BF4EB45B01F1048A9F54AD7261DB319940DBA6

Function 00C23710 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68libraryloaderCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,00001010,00001010), ref: 00C23722
SetLastError.KERNEL32(00000000), ref: 00C23742
GetModuleHandleW.KERNEL32(00000000), ref: 00C2378D
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00C23799

Strings

GetHandleVerifier, xrefs: 00C23793

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ErrorLast$AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1762409328-1090674830
Opcode ID: 3d8835e1f0e6daa1c0093712936508388081d53ba2cb522c169c53310c08d683
Instruction ID: 265ac39f2d4fd201adc8b6e6819caa5560570a51ff8aa1ba2be720d47083e143
Opcode Fuzzy Hash: 3d8835e1f0e6daa1c0093712936508388081d53ba2cb522c169c53310c08d683
Instruction Fuzzy Hash: 0D2181F16003919FCB10AF64ED89B6E7BF5FB45B00F200829F606D7250DB799A41CBA2

Function 00C45EF6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,A1A329F0,E0000008,?,00000000,00CD0F0F,000000FF,?,00C45FB7,?,?,00C46053,00C67B4F), ref: 00C45F2B
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C45F3D
FreeLibrary.KERNEL32(00000000,?,00000000,00CD0F0F,000000FF,?,00C45FB7,?,?,00C46053,00C67B4F), ref: 00C45F5F

Strings

CorExitProcess, xrefs: 00C45F35
mscoree.dll, xrefs: 00C45F24

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 5043c33dd1dd2b30f31c633bc6a41b21632a5a085ca54a45cee2a422c48d5e47
Instruction ID: c1e09d342f6d7ad6044e5c103239548718da37b15e21d622dbd30c31159390e4
Opcode Fuzzy Hash: 5043c33dd1dd2b30f31c633bc6a41b21632a5a085ca54a45cee2a422c48d5e47
Instruction Fuzzy Hash: 2601D671954659AFDB118F84CC09FBEBBB8FB04B51F040526F821E23D0DB749904CA42

Function 00B51780 Relevance: 7.6, APIs: 5, Instructions: 77timeCOMMON

Download Yara Rule

APIs

GetProcessId.KERNEL32(00000000,?,FFFFFFFF,00000000,?,00B50F01), ref: 00B517B8
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,FFFFFFFF,00000000,?,00B50F01), ref: 00B517E3
GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,?,00B50F01), ref: 00B5181A
GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,?,00B50F01), ref: 00B51822
GetLastError.KERNEL32(?,FFFFFFFF,00000000,?,00B50F01), ref: 00B5182A

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: Process$Current$ErrorLastTimes
String ID:
API String ID: 2562579171-0
Opcode ID: bcbf84ea98a9cfe7a4cb5a83e8e6eccd9f728ccb8d39cc358acfad097e534d3f
Instruction ID: a03dee85fb90622ccc796752ae59cc5766028a0a4e8cc4353cc53a3312e0bf77
Opcode Fuzzy Hash: bcbf84ea98a9cfe7a4cb5a83e8e6eccd9f728ccb8d39cc358acfad097e534d3f
Instruction Fuzzy Hash: 3B21A4B0A001199FDB249F6C88587BFBBE9EF44302F144CDDE956D7100EB649D48C762

Function 00BFEFB0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 221COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00BFF011

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00BFF1FB
..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00BFF219
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00BFF20A

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
API String ID: 4218353326-2665691617
Opcode ID: a5730e18a48530794254aa19a729599ca4cc202e945d09bffcb10ccde9202e3f
Instruction ID: dee62858cb15100bdba12109a2d4428fa288e3abfc70923fee036319da178e3b
Opcode Fuzzy Hash: a5730e18a48530794254aa19a729599ca4cc202e945d09bffcb10ccde9202e3f
Instruction Fuzzy Hash: 6F713B75B0021B8BCB18CE69D9919BEB7F6FF84300B248069E515E7791DB30EE45CB90

Function 00BB8000 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 175COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BB8047
ReleaseSRWLockExclusive.KERNEL32(?,?,00000021,?,00004000,?,000000FF), ref: 00BB8170

Strings

second, xrefs: 00BB8208
first, xrefs: 00BB81DD

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: first$second
API String ID: 17069307-3095674784
Opcode ID: 7908ede524b686acc9b25f889758d08017d116894bbfecaaeb0dcd1cbe70f06e
Instruction ID: d22d91e0411c7cdca47b6f0d8306187d191e943c3b388122e358607f50dd1d82
Opcode Fuzzy Hash: 7908ede524b686acc9b25f889758d08017d116894bbfecaaeb0dcd1cbe70f06e
Instruction Fuzzy Hash: 6651F3716047019FC304DF29C880ABAF7E9FF88364F148A6DF59997291DB70E946CB82

Function 00B53210 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 156COMMON

Download Yara Rule

APIs

Part of subcall function 00B53410: ResetEvent.KERNEL32(?), ref: 00B5342B
Part of subcall function 00B53410: ResetEvent.KERNEL32(?,00000001), ref: 00B534AF
Part of subcall function 00B53410: TryAcquireSRWLockExclusive.KERNEL32(00B50A01), ref: 00B534B9
Part of subcall function 00B53410: ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B534FB

TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00B532A7
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B532DD

Strings

..\..\chrome\app\exit_code_watcher_win.cc, xrefs: 00B5333F
StartWatching, xrefs: 00B53344

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireEventReleaseReset
String ID: ..\..\chrome\app\exit_code_watcher_win.cc$StartWatching
API String ID: 2082994738-1005533984
Opcode ID: 390c393bb8d8ab43625fed25ea7bf62ec0ea9e3e6d9fd45f2c4c10acb1ddc4c3
Instruction ID: 3b7e429467fb30cd1cf1facd43ef2a30e7009482b33c81483b328cc671f9a8cd
Opcode Fuzzy Hash: 390c393bb8d8ab43625fed25ea7bf62ec0ea9e3e6d9fd45f2c4c10acb1ddc4c3
Instruction Fuzzy Hash: 1151B2716007008FC710DF29C885B6ABBE0FF48744B1449ADD89A8B752DB71E949CF91

Function 00C06B40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 148threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00C06B85
TryAcquireSRWLockExclusive.KERNEL32(00D010F0), ref: 00C06BB0
ReleaseSRWLockExclusive.KERNEL32(00D010F0), ref: 00C06BF1

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at, xrefs: 00C06D46

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:66: assertion __loc != nullptr failed: null pointer given to destroy_at
API String ID: 135963836-4189810390
Opcode ID: 5701dc21babd4da9e468d22afbd5a5f79252c4578962be45d846abb9081eed59
Instruction ID: 156da1c8caf99952a375c77ddc1ea451c01b9bb005f44c7144665574fa7e3cff
Opcode Fuzzy Hash: 5701dc21babd4da9e468d22afbd5a5f79252c4578962be45d846abb9081eed59
Instruction Fuzzy Hash: 6F51C3B09047418FD321CF29C890776BBE4FF95314F148A6EE8EA87392D774A694CB52

Function 00B92B00 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 125COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32(00000104,?,?,00000000,00000000), ref: 00B92B92

Strings

GetCurrentDirectoryW, xrefs: 00B92B41
ScopedBlockingCall, xrefs: 00B92C90
..\..\base\files\file_util_win.cc, xrefs: 00B92B3C

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CurrentDirectory
String ID: ..\..\base\files\file_util_win.cc$GetCurrentDirectoryW$ScopedBlockingCall
API String ID: 1611563598-3482229333
Opcode ID: 81c7513822524322838c32a71281eeb09860eb50b1fe66682ccc16888c9da88c
Instruction ID: b3b745fc54025f18263f3b6e1f711ee27c9372f02749d58e7387967f12c51140
Opcode Fuzzy Hash: 81c7513822524322838c32a71281eeb09860eb50b1fe66682ccc16888c9da88c
Instruction Fuzzy Hash: E641A4B1904345AFDB10EF24D845A6FB7E4EF84740F00896DF9D5A7251EB70A9488792

Function 00B51390 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(?,?,?,00B9395C,?,00000000,?,?,?,?,00C9179B), ref: 00B513E0
ReleaseSRWLockExclusive.KERNEL32(?,?,00B9395C,?,00000000,?,?,?,?,00C9179B), ref: 00B51410

Strings

StopSoon, xrefs: 00B51479
..\..\base\threading\thread.cc, xrefs: 00B51474

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ..\..\base\threading\thread.cc$StopSoon
API String ID: 17069307-4240870308
Opcode ID: 5f22fb41be585e985ae0612625a4850bb9b648e65b19bf144ffd8ca35bc4ecbe
Instruction ID: ddb373841fd16d7a49de702e0df424a2244540d4d5559e9cde35c3961d07b7ad
Opcode Fuzzy Hash: 5f22fb41be585e985ae0612625a4850bb9b648e65b19bf144ffd8ca35bc4ecbe
Instruction Fuzzy Hash: FD41A1716043009FC710EF28C884B2ABBE5FF88715F0549DDE85A9B342D770E909CB82

Function 00C813C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00C814AC

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00C81500
..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length, xrefs: 00C8150E
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00C81507

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: ..\..\third_party\libc++\src\include\string_view:268: assertion __s != nullptr failed: null pointer passed to non-null argument of char_traits<...>::length$..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
API String ID: 4218353326-2665691617
Opcode ID: c3f3ac16f1db2ed56444687f5689ba11aadffcd31307776929b27b6f2f187bca
Instruction ID: 1ac65fdcba08cb26e54389099d5ae09a37793aa844929ed0a0c841a4e9824cd6
Opcode Fuzzy Hash: c3f3ac16f1db2ed56444687f5689ba11aadffcd31307776929b27b6f2f187bca
Instruction Fuzzy Hash: 4F31E2F1E0021C5FD724EB61DC41B9A77ADAF84318F184478EA1E97342D670AEC5CBA9

Function 00B7E370 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 87COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32 ref: 00B7E393

Strings

..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc, xrefs: 00B7E3D8, 00B7E440
GetFileAttributes , xrefs: 00B7E3EA, 00B7E452
: not a directory, xrefs: 00B7E404

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AttributesFile
String ID: ..\..\third_party\crashpad\crashpad\client\crash_report_database_win.cc$: not a directory$GetFileAttributes
API String ID: 3188754299-1182343664
Opcode ID: 05610954f07d20c8f022de904daddc6e4ad7f9bda0ba5b1ab9ee8d8cb890fc2c
Instruction ID: 83c2dff4c4967588761df77542e954653dc208a3d9e2fff5c077e41376b8c092
Opcode Fuzzy Hash: 05610954f07d20c8f022de904daddc6e4ad7f9bda0ba5b1ab9ee8d8cb890fc2c
Instruction Fuzzy Hash: 6021FB60B4030466DA1076646C4BFBE369D9F85708F0844B4FA1D6B2C3E9B59949A253

Function 00B42A60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 70COMMON

Download Yara Rule

APIs

GetFileSizeEx.KERNEL32(00000000,?,00000000,00000000), ref: 00B42AD4

Strings

..\..\base\files\file_win.cc, xrefs: 00B42A96
ScopedBlockingCall, xrefs: 00B42B17
GetLength, xrefs: 00B42A9B

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: FileSize
String ID: ..\..\base\files\file_win.cc$GetLength$ScopedBlockingCall
API String ID: 3433856609-1252741873
Opcode ID: 8a64dac91284e2f3de9a366a5fce5ac20f57b906f5c73fb4f92fa6570f1b115f
Instruction ID: b8073f4aa136e31b6ee2475ed9ddfe0b7a5cee9ebe31f0122758b47dd229dac0
Opcode Fuzzy Hash: 8a64dac91284e2f3de9a366a5fce5ac20f57b906f5c73fb4f92fa6570f1b115f
Instruction Fuzzy Hash: 7521C3B1A143449FD700AF28CC82A6BB7E8EF89750F10466DF8C4D7251EBB0A9088793

Function 00B52A10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67filelibraryloaderCOMMON

Download Yara Rule

APIs

UnmapViewOfFile.KERNEL32(?,00000000,?,?,00000001,?,00B425CE,?,?,?,?,?,?,?,?,00B424EF), ref: 00B52A22
GetModuleHandleW.KERNEL32(00000000,00000000,?,?,00000001,?,00B425CE,?,?,?,?,?,?,?,?,00B424EF), ref: 00B52A86
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00B52A92

Strings

GetHandleVerifier, xrefs: 00B52A8C

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressFileHandleModuleProcUnmapView
String ID: GetHandleVerifier
API String ID: 3224599007-1090674830
Opcode ID: 754e2aee335b2504a22b67622051336776e823e54c2338ed8481c4d97d3e2428
Instruction ID: afe29c4b93ca9f4795edab4a18ca92160b80b2dc9f3434084f316460fb545bf7
Opcode Fuzzy Hash: 754e2aee335b2504a22b67622051336776e823e54c2338ed8481c4d97d3e2428
Instruction Fuzzy Hash: C511B2716013009FDB34AF65DC49B2A77E5FB4A702F1409A9F50BD32A0DB70A849CBA2

Function 00B516C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON

Download Yara Rule

APIs

SetCurrentDirectoryW.KERNEL32(?,00000000,00000000), ref: 00B5172F

Strings

SetCurrentDirectoryW, xrefs: 00B516FC
ScopedBlockingCall, xrefs: 00B51765
..\..\base\files\file_util_win.cc, xrefs: 00B516F7

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CurrentDirectory
String ID: ..\..\base\files\file_util_win.cc$ScopedBlockingCall$SetCurrentDirectoryW
API String ID: 1611563598-623993952
Opcode ID: 46739b28f5134e8c681e53e96391fa5eaaa5cc1ea46b314303dc2187ad6e29ce
Instruction ID: 0fcc85fdc49f167cc5b6ed32f32cb67a9bd8c0102aa20883a012d10a6de31ce3
Opcode Fuzzy Hash: 46739b28f5134e8c681e53e96391fa5eaaa5cc1ea46b314303dc2187ad6e29ce
Instruction Fuzzy Hash: 551126B1A003805FD7109F25CC41B7BF7E8EF89750F004A6EF9D597141EBB0A9498792

Function 00BEDEC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(bcryptprimitives.dll,00000008,?,?,00B8C0E2,?), ref: 00BEDF1B
GetProcAddress.KERNEL32(00000000,ProcessPrng), ref: 00BEDF2B

Strings

ProcessPrng, xrefs: 00BEDF25
bcryptprimitives.dll, xrefs: 00BEDF16

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: ProcessPrng$bcryptprimitives.dll
API String ID: 2574300362-2667675608
Opcode ID: 97b3ecb2485126b24a7201e4a0e5351e412c330a27d67fc90894fb6688eb69bb
Instruction ID: 8a34a2e551d1b4d4a186ae7a86f319f9b11e0bb53a18bc1dbfe48e3e97cb64ce
Opcode Fuzzy Hash: 97b3ecb2485126b24a7201e4a0e5351e412c330a27d67fc90894fb6688eb69bb
Instruction Fuzzy Hash: 5A01D4B56403409FD610EF26EC89F2A33A9EBC5721B140469FA0AC7790D7B0EC01CAB3

Function 00B927D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(00C89899,00000000,00000000), ref: 00B9283F

Strings

PathExists, xrefs: 00B9280C
ScopedBlockingCall, xrefs: 00B92876
..\..\base\files\file_util_win.cc, xrefs: 00B92807

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AttributesFile
String ID: ..\..\base\files\file_util_win.cc$PathExists$ScopedBlockingCall
API String ID: 3188754299-3474313534
Opcode ID: f963808efc264a8d2c8063b4f20da325ea2be11dce25e5604cf82eb6f334d493
Instruction ID: ec9b3579397514f57e66f9f16c95cd1534de6736eb37e2c2e71341094c648c9b
Opcode Fuzzy Hash: f963808efc264a8d2c8063b4f20da325ea2be11dce25e5604cf82eb6f334d493
Instruction Fuzzy Hash: E51126B1A143806FDB109F24CC81A6FF7E4EF89720F004A2DF8D597282E7B0B5498792

Function 00C6028C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00C60328,00000000,00000001,?,?,?,?,00C601E6,00000002,FlsGetValue,00CD7188,00CD7190), ref: 00C60299
GetLastError.KERNEL32(?,00C60328,00000000,00000001,?,?,?,?,00C601E6,00000002,FlsGetValue,00CD7188,00CD7190,00000000,?,00C51734), ref: 00C602A3
LoadLibraryExW.KERNEL32(?,00000000,00000000,00C51734,?,00C64421), ref: 00C602CB

Strings

api-ms-, xrefs: 00C602B0

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: e45afeadb6ef805db87c4cc504d6364b14430862d8b8be0b5bdc31f322c12b48
Instruction ID: 32411743082e8715bf67117b3d706e929c40bd3a06cc24a98572efa88af176d2
Opcode Fuzzy Hash: e45afeadb6ef805db87c4cc504d6364b14430862d8b8be0b5bdc31f322c12b48
Instruction Fuzzy Hash: 49E04870684305B7EB301B51EC5EB6E3F99AF10B51F644020F90CF44E1EBB59E50D546

Function 00C4D6F7 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(A1A329F0,00000000,00000000,?), ref: 00C4D75A

Part of subcall function 00C5A071: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00C53434,?,00000000,-00000008), ref: 00C5A0D2

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00C4D9AC
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00C4D9F2
GetLastError.KERNEL32 ref: 00C4DA95

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: 69934c7ded1268d9e574ed389dd3f45362258ed5390a2fc1e7de93422d094dd7
Instruction ID: 6debc311ff8c4633fc879764db06e1fd89221321d71bd91126c9930b10e2bfd8
Opcode Fuzzy Hash: 69934c7ded1268d9e574ed389dd3f45362258ed5390a2fc1e7de93422d094dd7
Instruction Fuzzy Hash: AED17CB5D04249AFCF15DFE8C880AEDBBB5FF49314F24456AE426EB351D630A942CB50

Function 00B53410 Relevance: 6.1, APIs: 4, Instructions: 146COMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32(?), ref: 00B5342B
ResetEvent.KERNEL32(?,00000001), ref: 00B534AF
TryAcquireSRWLockExclusive.KERNEL32(00B50A01), ref: 00B534B9
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B534FB

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: EventExclusiveLockReset$AcquireRelease
String ID:
API String ID: 1579669990-0
Opcode ID: e1d28a5e25e48261002e6b94dda167e303506c306cfc3fbe3ca044c140afd569
Instruction ID: fb4d6672e6c5c499d544398e1eaa4b60da79a24c1d3ee91754aa69ebd9d869a3
Opcode Fuzzy Hash: e1d28a5e25e48261002e6b94dda167e303506c306cfc3fbe3ca044c140afd569
Instruction Fuzzy Hash: B85171B1A002059FDB019F10D880BAABBF4EF14755F1480A9EC0A5B352D735EE09DBE2

Function 00C035A0 Relevance: 6.1, APIs: 4, Instructions: 94COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(00000000), ref: 00C035FE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C0363B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C0365E
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00C036C2

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
String ID:
API String ID: 374826692-0
Opcode ID: f568c454fd394c0323a8209332fdad8aeabec68aba596db4d07d7dc30dacb1e9
Instruction ID: 4785809c6aa2d0124c8f63815e6df8d67d2ef60927aca3deabbf6715e42e2567
Opcode Fuzzy Hash: f568c454fd394c0323a8209332fdad8aeabec68aba596db4d07d7dc30dacb1e9
Instruction Fuzzy Hash: 40315BB1608301AFC708DF58D885A2BFBE9FB88310F04882DF589C73A1D734A944DB52

Function 00B58320 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 87COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00B57F22), ref: 00B58367

Strings

..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 00B583BB
Free, xrefs: 00B583C0
CloseHandle, xrefs: 00B583DD

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CloseHandle
String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
API String ID: 2962429428-1704384866
Opcode ID: 4c04829ea2d5a751bcaa490f7d5e743144ecfad2e813fd3ac26ceae01ba6d9f2
Instruction ID: ed776c9dd96d55968bc41f5ef8730f7ab0bdb9ca42a315ca6bfb83798eac9f1e
Opcode Fuzzy Hash: 4c04829ea2d5a751bcaa490f7d5e743144ecfad2e813fd3ac26ceae01ba6d9f2
Instruction Fuzzy Hash: F32104B0A003445BDB20AB349C49B2F77E4EF40705F140EACF996A7282EBB0E909D795

Function 00BABC60 Relevance: 6.0, APIs: 1, Strings: 3, Instructions: 39COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00B585FC,?,00000000,00000000,?,00B585FC,00000000), ref: 00BABC77

Strings

..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 00BABC97
Free, xrefs: 00BABC9C
CloseHandle, xrefs: 00BABCB9

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CloseHandle
String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$CloseHandle$Free
API String ID: 2962429428-1704384866
Opcode ID: e9b7e2427b15cd5232d41885e05d229c77483d1c27296e56c136a8798629cbc3
Instruction ID: 8b0d7fa64a6df401e51860cb2eced1b5be717216328b27847decca91e7da37c1
Opcode Fuzzy Hash: e9b7e2427b15cd5232d41885e05d229c77483d1c27296e56c136a8798629cbc3
Instruction Fuzzy Hash: 5AF0F631F00148778B057BA5EC0ADBF7768DF86B00B44006CF9056B282FE706600D7E2

Function 00C6211B Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,00C5C366,00000000,00000001,?,?,?,00C4DAE9,?,00000000,00000000), ref: 00C62132
GetLastError.KERNEL32(?,00C5C366,00000000,00000001,?,?,?,00C4DAE9,?,00000000,00000000,?,?,?,00C4D42F,?), ref: 00C6213E

Part of subcall function 00C62190: CloseHandle.KERNEL32(FFFFFFFE,00C6214E,?,00C5C366,00000000,00000001,?,?,?,00C4DAE9,?,00000000,00000000,?,?), ref: 00C621A0

___initconout.LIBCMT ref: 00C6214E

Part of subcall function 00C62170: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00C6210C,00C5C353,?,?,00C4DAE9,?,00000000,00000000,?), ref: 00C62183

WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,00C5C366,00000000,00000001,?,?,?,00C4DAE9,?,00000000,00000000,?), ref: 00C62163

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 9ae234ac5d29484b0a304ec8c60ba7cb143383bfaaf5c14c1584ba6023c073ff
Instruction ID: 40d7e49adb479c1e746bb8aac6379b923b4746e52ce8c154115021c0bd6ca97a
Opcode Fuzzy Hash: 9ae234ac5d29484b0a304ec8c60ba7cb143383bfaaf5c14c1584ba6023c073ff
Instruction Fuzzy Hash: AEF01C76400514BBCF321FA1DC08FAE7F66EF093A0B058111FE1D95120C6328D60EB92

Function 00BCF370 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 260COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(85088B40,A1A329F0,?,?,?,?,00BCEE3A,?), ref: 00BCF540
ReleaseSRWLockExclusive.KERNEL32(00000001,00000001,?,00BCEE3A,?), ref: 00BCF5A8

Part of subcall function 00BCAE00: ReleaseSRWLockExclusive.KERNEL32(00000001,00000001), ref: 00BCAF04
Part of subcall function 00BCAE00: TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00BCAF67

Strings

ScopedBlockingCall, xrefs: 00BCF6B7

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ScopedBlockingCall
API String ID: 17069307-1243657212
Opcode ID: a7eb10af612e718261b1c617f4da521f5544355bb23371f3f1f4992f0395dc6d
Instruction ID: 502d199f235d24c2543ad12063d434e47c93d1d8d067a17b65da06a62a4db389
Opcode Fuzzy Hash: a7eb10af612e718261b1c617f4da521f5544355bb23371f3f1f4992f0395dc6d
Instruction Fuzzy Hash: BCA1BB716006028FDB28CF69C484BBABBE6FF45314F1885EDE9598B696D734E845CB80

Function 00B48A20 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 232threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00B48BF9
QueryThreadCycleTime.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B48C0C

Strings

..\..\third_party\libc++\src\include\string:2502: assertion __n == 0 || __s != nullptr failed: string::assign received nullptr, xrefs: 00B48BC2

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: Thread$CurrentCycleQueryTime
String ID: ..\..\third_party\libc++\src\include\string:2502: assertion __n == 0 || __s != nullptr failed: string::assign received nullptr
API String ID: 2290024384-1286669872
Opcode ID: ba47887e2f7b9ca27ef1e854e87100ae2f133416020f309189a76a8e4ed3728c
Instruction ID: aa029644d3fd49364daf57928360a50662b224c10c79ee18b13e5528df8779b6
Opcode Fuzzy Hash: ba47887e2f7b9ca27ef1e854e87100ae2f133416020f309189a76a8e4ed3728c
Instruction Fuzzy Hash: E47104B1A006159FCB11CF68C8815AFBBF9FF84350B14856EE89A97351EF71AE01DB90

Function 00B4E6E0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00B4E780

Strings

..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00B4E915
..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr, xrefs: 00B4E90E

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap$..\..\third_party\libc++\src\include\string:973: assertion __s != nullptr failed: basic_string(const char*) detected nullptr
API String ID: 4218353326-1580066018
Opcode ID: 29c9224670d6874b01db18f974a51d247aa6ecdb3fb02bb86c06bbced05766e5
Instruction ID: a175b0758937ebcbd4de054cc1615b9fad03338c6d1f8bc10b1f7d5c624df0c5
Opcode Fuzzy Hash: 29c9224670d6874b01db18f974a51d247aa6ecdb3fb02bb86c06bbced05766e5
Instruction Fuzzy Hash: 46715C71E002159FCB08DF68D884AAEB7F5FF48314F1481A9E829AB395D730ED04DB95

Function 00C67810 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 165COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00C6784A

Part of subcall function 00B84B90: GetFileVersionInfoSizeW.VERSION(?,00000000,0.0.0.0-devel,0000000D,Chrome,00000006,?,00C678B9,?), ref: 00B84BF2
Part of subcall function 00B84B90: GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,00000006,?,00C678B9,?), ref: 00B84C1B

Strings

..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type, xrefs: 00C67A36
..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr, xrefs: 00C67A2F

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: File$InfoVersion$ModuleNameSize
String ID: ..\..\third_party\libc++\src\include\string_view:318: assertion __len <= static_cast<size_type>(numeric_limits<difference_type>::max()) failed: string_view::string_view(_CharT *, size_t): length does not fit in difference_type$..\..\third_party\libc++\src\include\string_view:320: assertion __len == 0 || __s != nullptr failed: string_view::string_view(_CharT *, size_t): received nullptr
API String ID: 4070046241-2500828650
Opcode ID: bd6d1b64362af39f7b14e65f8b3e5fb6a36b752e2f776f84e82390aa3ff5d32f
Instruction ID: cfdd7b151fb6a0e0415f87e1b2d47de5a19a5a013d0b2d576d7cbb59ef8efe53
Opcode Fuzzy Hash: bd6d1b64362af39f7b14e65f8b3e5fb6a36b752e2f776f84e82390aa3ff5d32f
Instruction Fuzzy Hash: 7451CCB1D00229ABDF20DF609C89BDEBBB4AF14704F0485E8E409B6112E775AFD4DE80

Function 00C05970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00C05A90
GetCurrentThreadId.KERNEL32 ref: 00C05A9F

Strings

..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at, xrefs: 00C05A81

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: CurrentThread
String ID: ..\..\third_party\libc++\src\include\__memory\construct_at.h:40: assertion __location != nullptr failed: null pointer given to construct_at
API String ID: 2882836952-2888085009
Opcode ID: 574482f545dd99aec36f258d35e85e4010a7fe3a228b4ca409e379a65ee27edb
Instruction ID: eca012f9c8460071aaaafab4b200edfc272e25fea78101b38753241e31460479
Opcode Fuzzy Hash: 574482f545dd99aec36f258d35e85e4010a7fe3a228b4ca409e379a65ee27edb
Instruction Fuzzy Hash: DE4181756006159FCB14CF18D8809BBBBA5FF48360F198569E9199B391D730ED01EF90

Function 00B44C40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(00D044BC,?,00000000,?,00BC7842,?,?,?,?,7FFFFFF7,?), ref: 00B44CFB
ReleaseSRWLockExclusive.KERNEL32(00D044BC,..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap,?,?,?,?,00BC7842,?,?,?,?,7FFFFFF7,?), ref: 00B44D77

Part of subcall function 00C382C8: AcquireSRWLockExclusive.KERNEL32(00D02800,000000C0,?,?,00BCFE69,00D12A10), ref: 00C382D3
Part of subcall function 00C382C8: ReleaseSRWLockExclusive.KERNEL32(00D02800,?,00BCFE69,00D12A10), ref: 00C3830D

Part of subcall function 00C38317: AcquireSRWLockExclusive.KERNEL32(00D02800,?,?,00C67C0E,00D03538,?,?,00C67B98), ref: 00C38321
Part of subcall function 00C38317: ReleaseSRWLockExclusive.KERNEL32(00D02800,?,00C67C0E,00D03538,?,?,00C67B98), ref: 00C38354
Part of subcall function 00C38317: WakeAllConditionVariable.KERNEL32(00D027FC,?,00C67C0E,00D03538,?,?,00C67B98), ref: 00C3835F

Strings

..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap, xrefs: 00B44DCF

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease$ConditionVariableWake
String ID: ..\..\third_party\libc++\src\include\__string\char_traits.h:145: assertion !std::__is_pointer_in_range(__s1, __s1 + __n, __s2) failed: char_traits::copy: source and desusertion ranges overlap
API String ID: 4258034872-2510419621
Opcode ID: c196565aedd9b098d7486bd86941e023d0dcf672c4fa0ccbdb46a6a84e4be93c
Instruction ID: 1e5036ae915ad8837f97c95ffd3468899ecf30dd8be7865fa64634ed1381a63d
Opcode Fuzzy Hash: c196565aedd9b098d7486bd86941e023d0dcf672c4fa0ccbdb46a6a84e4be93c
Instruction Fuzzy Hash: D741E5B1D002549FCB10EFA4E881F9E77F5EB44314F184169EA09A7391CB75AE14DBE1

Function 00C64170 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00C6426C

Strings

... (message truncated), xrefs: 00C6424B
[%s : %d] RAW: , xrefs: 00C641C0

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: ... (message truncated)$[%s : %d] RAW:
API String ID: 4218353326-3262997248
Opcode ID: 499f11087763e7cc227817948fa4bdc76938d60e0bd60bb3574f684df5d2d1d8
Instruction ID: b4fa5cd48f0e87bdcce5bbf433560d8e574cae2d9cd595091eb0bbe094b6de26
Opcode Fuzzy Hash: 499f11087763e7cc227817948fa4bdc76938d60e0bd60bb3574f684df5d2d1d8
Instruction Fuzzy Hash: E831F7B2901219ABDB249E51DC85EDA7B79EF94308F0444A9FD09A3182EB315E54CB90

Function 00C99A70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00C99AA7

Strings

GetModuleFileName, xrefs: 00C99B1C, 00C99B76
..\..\third_party\crashpad\crashpad\util\misc\paths_win.cc, xrefs: 00C99B0A, 00C99B64

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: FileModuleName
String ID: ..\..\third_party\crashpad\crashpad\util\misc\paths_win.cc$GetModuleFileName
API String ID: 514040917-708485756
Opcode ID: e75bf13eac2353beee493ff0f9e6cab838f69ace298d8c44d4c967f9c8831557
Instruction ID: c85091a95eb39a43b72d6b64d7eab570ceda9ce0ff06c28e5c1cba5a62810525
Opcode Fuzzy Hash: e75bf13eac2353beee493ff0f9e6cab838f69ace298d8c44d4c967f9c8831557
Instruction Fuzzy Hash: 0D21A6B174031827DB60B6606C8BFFE771C9B44704F040068FA0A6A2D3DEA8AA49A592

Function 00B44DF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(00D13488), ref: 00B44E14
ReleaseSRWLockExclusive.KERNEL32(?), ref: 00B44E8D

Strings

..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>, xrefs: 00B44EC4

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: ..\..\third_party\libc++\src\include\array:239: assertion __n < _Size failed: out-of-bounds access in std::array<T, N>
API String ID: 17069307-1005156258
Opcode ID: aafd2d902666a1dcb2403af0f872b5979d8ebff3519ca7aeff447d0b1e11a709
Instruction ID: f78592f800d0dab155afb484bee24eb73cbd06abb0e347410b47d2b1d725889c
Opcode Fuzzy Hash: aafd2d902666a1dcb2403af0f872b5979d8ebff3519ca7aeff447d0b1e11a709
Instruction Fuzzy Hash: AE319130A4018ADFDB18CF24C894BFABBF5FF49314F188595E8449B241D732DA66DB91

Function 00C67A60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

_strlen.LIBCMT ref: 00C67B89

Strings

bad_array_new_length was thrown in -fno-exceptions mode, xrefs: 00C67A73
length_error was thrown in -fno-exceptions mode with message "%s", xrefs: 00C67A66

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: _strlen
String ID: bad_array_new_length was thrown in -fno-exceptions mode$length_error was thrown in -fno-exceptions mode with message "%s"
API String ID: 4218353326-980162239
Opcode ID: 57a8426e5c5ae2c03708c1c03d6fd3518f70af608e7381a77ad0f4946bccf429
Instruction ID: 9f08bd669c8c7079d6477347d6ed0fb42c814f7763979958bfd4355d01319c74
Opcode Fuzzy Hash: 57a8426e5c5ae2c03708c1c03d6fd3518f70af608e7381a77ad0f4946bccf429
Instruction Fuzzy Hash: 5201D6B5D0434C37D624B6A16C46F9B3B5C9B82724F040924FB5917683EA71A95492F2

Function 00BCE240 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(00D04540,?,00000000,?,00BCDF3E,?,00000000,?,00000000,?,-00000048,?), ref: 00BCE24D
ReleaseSRWLockExclusive.KERNEL32(00D04540,?,00000000,?,00BCDF3E,?,00000000,?,00000000,?,-00000048,?), ref: 00BCE2A4

Strings

bitset set argument out of range, xrefs: 00BCE2E1

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: bitset set argument out of range
API String ID: 17069307-3990704234
Opcode ID: 2b9c76ed37777e03d10546f7ba7d73a34ea4f62a558abc129364607d974716a7
Instruction ID: d5cd342d2af8123840a7fd65d1735935021b7226f2df26fc3a3cb02dee67931f
Opcode Fuzzy Hash: 2b9c76ed37777e03d10546f7ba7d73a34ea4f62a558abc129364607d974716a7
Instruction Fuzzy Hash: 2711E173600128CBC72C5A54988AFBD379AD7A1754F1442BEEA6BAF2D1D6B0C841C6A1

Function 00BCB000 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

TryAcquireSRWLockExclusive.KERNEL32(00D04540,?,?,00BCA709,00000002,?,?,?), ref: 00BCB00C
ReleaseSRWLockExclusive.KERNEL32(00D04540,?,00BCA709,00000002,?,?,?), ref: 00BCB039

Strings

bitset reset argument out of range, xrefs: 00BCB068

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExclusiveLock$AcquireRelease
String ID: bitset reset argument out of range
API String ID: 17069307-1934458321
Opcode ID: 52b327bf80fd818cd57efb65dd4eded1b13d24fb7ea687ea2bc2b820106d647f
Instruction ID: 4e0cb094b63bc7175aa96c46db8a57bac78e4dfa6b420e42f70511aac72aad22
Opcode Fuzzy Hash: 52b327bf80fd818cd57efb65dd4eded1b13d24fb7ea687ea2bc2b820106d647f
Instruction Fuzzy Hash: 8F0189B360021487CB1C5A18AC47F7E3291DB92724F2402AEEA76D76D1D771CC40C6A1

Function 00B52970 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00B52A10: UnmapViewOfFile.KERNEL32(?,00000000,?,?,00000001,?,00B425CE,?,?,?,?,?,?,?,?,00B424EF), ref: 00B52A22

GetModuleHandleW.KERNEL32(00000000,00000000,?,?,00000000,?,00B5294A,?,?), ref: 00B529CD
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00B529D9

Strings

GetHandleVerifier, xrefs: 00B529D3

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressFileHandleModuleProcUnmapView
String ID: GetHandleVerifier
API String ID: 3224599007-1090674830
Opcode ID: 9f4fd3a080824b9451342a2a2ed6ef78876279edf41aa00a848304cca04c5057
Instruction ID: 15f102193b0c00f6860ac9b83503d6c9a9a883a1fc9dafceee68ca797e979299
Opcode Fuzzy Hash: 9f4fd3a080824b9451342a2a2ed6ef78876279edf41aa00a848304cca04c5057
Instruction Fuzzy Hash: 8E018071201340ABDB256B65DC89B7B77E9FB4A712F1408F5E907D7390CA70A848CAA2

Function 00C269F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

Strings

GetHandleVerifier, xrefs: 00C26A44

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID:
String ID: GetHandleVerifier
API String ID: 0-1090674830
Opcode ID: 01a927e67c0c6b3cfca65202ad339bfe8c97c0ef03232af4514faa0707eedb38
Instruction ID: 49c9d3b113526ec79cbaa4e99aeef88955992c2e262ece86aafc06d72fb03807
Opcode Fuzzy Hash: 01a927e67c0c6b3cfca65202ad339bfe8c97c0ef03232af4514faa0707eedb38
Instruction Fuzzy Hash: C001B1B1600210EFDB106F65EC49B3E77A9FB45311F644828F11AE72A0DB719941DAB2

Function 00B4D300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00B4D34F
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00B4D35B

Strings

GetHandleVerifier, xrefs: 00B4D355

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: ce5225b04bf4cda80e8ba2529cf0b1b9ab1a3230706ba63d17b26090b690a7b4
Instruction ID: 8d3958e968684705a742aee307c2d098876f84452b3b17b7a9ce5edd55422f34
Opcode Fuzzy Hash: ce5225b04bf4cda80e8ba2529cf0b1b9ab1a3230706ba63d17b26090b690a7b4
Instruction Fuzzy Hash: A701D4B1700300AFDB106F65EC8DB3E77E9FB46315F2408A5F106D32A0DA749940DAA7

Function 00C3924C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualQuery.KERNEL32(80000000,00C39356,0000001C,00C3930B,00000000,?,?,?,?,?,?,?,00C39356,00000004,00D02840,00C393A2), ref: 00C3925D
GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00C39356,00000004,00D02840,00C393A2), ref: 00C39278

Strings

D, xrefs: 00C3926C

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: InfoQuerySystemVirtual
String ID: D
API String ID: 401686933-2746444292
Opcode ID: 5c9e0ce90c9bc090fcb23f2ce6c13040e79df05f37617cb09c421c30f65e53a7
Instruction ID: f6386d01c4fe7370498e7d6b5276266660e4b805d240478b95389ef640465b3e
Opcode Fuzzy Hash: 5c9e0ce90c9bc090fcb23f2ce6c13040e79df05f37617cb09c421c30f65e53a7
Instruction Fuzzy Hash: AB01D472610509ABCF14DE29DC05BEE7BE9EFC4324F0CC120ED69DA251DA75D901C680

Function 00C20910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000000,00000000,?,00B4297D,?), ref: 00C20940
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00C2094C

Strings

GetHandleVerifier, xrefs: 00C20946

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: 531b2a31821a6f60d9495a6d710ca3b8661de5d4b0a978a34caae7dbcd2853e2
Instruction ID: 6cdba61447647525841baef1c1325bb54a578c7f9c9564adb4eedfbf379eebc6
Opcode Fuzzy Hash: 531b2a31821a6f60d9495a6d710ca3b8661de5d4b0a978a34caae7dbcd2853e2
Instruction Fuzzy Hash: 4CF044723403106FEA143B65FC4DB7A379DE745751F240425F50BD76A3C6645885CA72

Function 00CA6060 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

RemoveVectoredExceptionHandler.KERNEL32(00B8C623,?,?,00000000,?,00B8C623,?,?,?,?,?,00000000,?,?), ref: 00CA6077

Strings

..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc, xrefs: 00CA6097
Free, xrefs: 00CA609C

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ExceptionHandlerRemoveVectored
String ID: ..\..\third_party\crashpad\crashpad\util\win\scoped_handle.cc$Free
API String ID: 1340492425-290371620
Opcode ID: 68a51cc528766039b082564d029e61a782912dafad798a4f24764aad3ede9519
Instruction ID: f8286a05c311446272619fa4bdacd35a8a100ec048821e06e24a5157e73d2820
Opcode Fuzzy Hash: 68a51cc528766039b082564d029e61a782912dafad798a4f24764aad3ede9519
Instruction Fuzzy Hash: CFF0E932E0010877CB14BBA5EC0ADBF7778EF86704B44006DF90667282EE746604C7E6

Function 00C68450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 00C64170: _strlen.LIBCMT ref: 00C6426C

___std_exception_destroy.LIBVCRUNTIME ref: 00C68480

Strings

bad_variant_access.cc, xrefs: 00C6845A
Bad variant access, xrefs: 00C68453

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: ___std_exception_destroy_strlen
String ID: Bad variant access$bad_variant_access.cc
API String ID: 907491995-4004146108
Opcode ID: d072fde5cec8f56e54124fb1ed3fd4f2dcb85e3acc1050203fd4f5905af16872
Instruction ID: 929d8e0cf9047d717f0093248fb735ec5ddadde69753d6eba50f791fea7481ae
Opcode Fuzzy Hash: d072fde5cec8f56e54124fb1ed3fd4f2dcb85e3acc1050203fd4f5905af16872
Instruction Fuzzy Hash: 84E0D8A295030833EA117999AC07F867A9C8B12700F048432FA095A342EAA2B61092DA

Function 00B948F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 00B948FE
GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00B9490A

Strings

GetHandleVerifier, xrefs: 00B94904

Memory Dump Source

Source File: 00000004.00000002.2684383257.0000000000B41000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B40000, based on PE: true

Associated: 00000004.00000002.2684153703.0000000000B40000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684781686.0000000000CD2000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684821396.0000000000CFF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684861653.0000000000D00000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D02000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684894685.0000000000D0F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2684954149.0000000000D16000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000004.00000002.2685002614.0000000000D17000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_b40000_chrome.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetHandleVerifier
API String ID: 1646373207-1090674830
Opcode ID: 572e1e1e1571bf1902415bcf5799f61865767069e566dbc58b9e9a186945c102
Instruction ID: 3927bfa481342a6aa29b839310475bacaa42bd3fe73089f1a5a996eb32ce9f33
Opcode Fuzzy Hash: 572e1e1e1571bf1902415bcf5799f61865767069e566dbc58b9e9a186945c102
Instruction Fuzzy Hash: 04D05EA1614300BFDE006BA1DE0DF2B37DCD710705F0408A0B11ED21A0CBB8D805CA73

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report FS-SZHAJCVS.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\5db15c.rbs

C:\Users\user\Contacts\126.0.6478.183.manifest

C:\Users\user\Contacts\chrome.exe

C:\Users\user\Contacts\chrome_elf.dll

C:\Users\user\Contacts\file.cur

C:\Users\user\Contacts\iframe\rolloutfile.tv0.0.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv0.1.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv0.2.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv0101.3.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv1.1.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv1.2.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv1.200.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv1.3.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv10.0.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv10.1.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv11.0.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv11.1.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv12.0.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv12.1.tv

C:\Users\user\Contacts\iframe\rolloutfile.tv13.0.tv

Windows Analysis Report
FS-SZHAJCVS.msi

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre