Loading ...

Play interactive tourEdit tour

Windows Analysis Report mixfive_20211216-221155

Overview

General Information

Sample Name:mixfive_20211216-221155 (renamed file extension from none to exe)
Analysis ID:541451
MD5:66e3c71bcd364eb5cf19cb820683ef0c
SHA1:a51f002e800d652c14b2de10a63bbb80d276a33b
SHA256:ee23fa71bea1f05017e21b38e7592db6334a0fc4e9e44bb48452b40a4ddf0677
Tags:exeGuLoaderRedlineStealer
Infos:

Most interesting Screenshot:

Detection

GuLoader RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Crypto Currency Wallets
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • mixfive_20211216-221155.exe (PID: 4728 cmdline: "C:\Users\user\Desktop\mixfive_20211216-221155.exe" MD5: 66E3C71BCD364EB5CF19CB820683EF0C)
    • mixfive_20211216-221155.exe (PID: 4240 cmdline: "C:\Users\user\Desktop\mixfive_20211216-221155.exe" MD5: 66E3C71BCD364EB5CF19CB820683EF0C)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["194.26.229.202:18758"], "Bot Id": "private_1"}

Threatname: GuLoader

{"Payload URL": "http://185.112.83.8/Allocation.bin"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          0000000C.00000000.813287233.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
            0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 5 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              12.2.mixfive_20211216-221155.exe.20590000.2.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                12.2.mixfive_20211216-221155.exe.20b60000.4.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  12.3.mixfive_20211216-221155.exe.a3fcd8.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    12.2.mixfive_20211216-221155.exe.20590000.2.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      12.2.mixfive_20211216-221155.exe.20b60000.4.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        Click to see the 7 entries

                        Sigma Overview

                        No Sigma rule has matched

                        Jbx Signature Overview

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection:

                        barindex
                        Found malware configurationShow sources
                        Source: 0000000C.00000000.813287233.0000000000560000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "http://185.112.83.8/Allocation.bin"}
                        Source: 12.2.mixfive_20211216-221155.exe.1e140f6e.0.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["194.26.229.202:18758"], "Bot Id": "private_1"}
                        Source: mixfive_20211216-221155.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                        Source: mixfive_20211216-221155.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                        Source: Binary string: _.pdb source: mixfive_20211216-221155.exe, 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmp
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B

                        Networking:

                        barindex
                        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                        Source: TrafficSnort IDS: 2018752 ET TROJAN Generic .bin download from Dotted Quad 192.168.2.4:49857 -> 185.112.83.8:80
                        C2 URLs / IPs found in malware configurationShow sources
                        Source: Malware configuration extractorURLs: http://185.112.83.8/Allocation.bin
                        Source: Joe Sandbox ViewASN Name: SUPERSERVERSDATACENTERRU SUPERSERVERSDATACENTERRU
                        Source: Joe Sandbox ViewASN Name: HEANETIE HEANETIE
                        Source: global trafficHTTP traffic detected: GET /Allocation.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 185.112.83.8Cache-Control: no-cache
                        Source: global trafficTCP traffic: 192.168.2.4:49858 -> 194.26.229.202:18758
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: l9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: romium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-j
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1001528934.0000000000920000.00000004.00000001.sdmpString found in binary or memory: http://185.112.83.8/Allocation.bin
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1001581740.00000000009D8000.00000004.00000020.sdmpString found in binary or memory: http://185.112.83.8/Allocation.binwq
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://forms.rea
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://go.micros
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://ocsp.digicert.com0C
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://ocsp.digicert.com0O
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultl
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm4
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://service.r
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://support.a
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005631729.000000001E7BC000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://www.digicert.com/CPS0
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006896564.0000000020B60000.00000004.00020000.sdmpString found in binary or memory: https://api.ip.sb/ip
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://get.adob
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://helpx.ad
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                        Source: mixfive_20211216-221155.exeString found in binary or memory: https://www.digicert.com/CPS0
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: global trafficHTTP traffic detected: GET /Allocation.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 185.112.83.8Cache-Control: no-cache
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056DE
                        Source: mixfive_20211216-221155.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_0040755C0_2_0040755C
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_00406D850_2_00406D85
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_729B1BFF0_2_729B1BFF
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029AAA490_2_029AAA49
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A0FEB0_2_029A0FEB
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A77E00_2_029A77E0
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A9CFA0_2_029A9CFA
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A21DA0_2_029A21DA
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A75CD0_2_029A75CD
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A9E910_2_029A9E91
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A62BA0_2_029A62BA
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A92DC0_2_029A92DC
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A7AC80_2_029A7AC8
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A021A0_2_029A021A
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A964E0_2_029A964E
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6FD10_2_029A6FD1
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8B070_2_029A8B07
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8F590_2_029A8F59
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A5F710_2_029A5F71
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6F630_2_029A6F63
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8C810_2_029A8C81
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A7C170_2_029A7C17
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A680A0_2_029A680A
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A90020_2_029A9002
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A68320_2_029A6832
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A69870_2_029A6987
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A95A70_2_029A95A7
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A697E0_2_029A697E
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000644F812_2_000644F8
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000609C012_2_000609C0
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00064A3012_2_00064A30
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00069E5012_2_00069E50
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00062E7512_2_00062E75
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_0006E5C912_2_0006E5C9
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00064D6012_2_00064D60
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000A612F12_2_000A612F
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000A6B0012_2_000A6B00
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000AED6012_2_000AED60
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000A717012_2_000A7170
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000A972812_2_000A9728
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000A980812_2_000A9808
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00105C5812_2_00105C58
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00107FB812_2_00107FB8
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00102FE812_2_00102FE8
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00102FE812_2_00102FE8
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00102FE812_2_00102FE8
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A77E0 NtAllocateVirtualMemory,LoadLibraryA,0_2_029A77E0
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A9CFA NtWriteVirtualMemory,LoadLibraryA,0_2_029A9CFA
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029AA562 NtProtectVirtualMemory,0_2_029AA562
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A62BA NtWriteVirtualMemory,0_2_029A62BA
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A92DC NtWriteVirtualMemory,0_2_029A92DC
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A021A NtWriteVirtualMemory,0_2_029A021A
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6FD1 NtWriteVirtualMemory,0_2_029A6FD1
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8B07 NtWriteVirtualMemory,0_2_029A8B07
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8F59 NtWriteVirtualMemory,0_2_029A8F59
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6F63 NtWriteVirtualMemory,0_2_029A6F63
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8C81 NtWriteVirtualMemory,0_2_029A8C81
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A680A NtWriteVirtualMemory,0_2_029A680A
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6832 NtWriteVirtualMemory,0_2_029A6832
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6987 NtWriteVirtualMemory,0_2_029A6987
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A95A7 NtWriteVirtualMemory,0_2_029A95A7
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A792B NtAllocateVirtualMemory,0_2_029A792B
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A697E NtWriteVirtualMemory,0_2_029A697E
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess Stats: CPU usage > 98%
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameCourtesied.exe4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_.dll4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameCourtesied.exe4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmpBinary or memory string: OriginalFilename_.dll4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameCourtesied.exe4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_.dll4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameCourtesied.exe4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1006896564.0000000020B60000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameCourtesied.exe4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exeStatic PE information: invalid certificate
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile read: C:\Users\user\Desktop\mixfive_20211216-221155.exeJump to behavior
                        Source: mixfive_20211216-221155.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\mixfive_20211216-221155.exe "C:\Users\user\Desktop\mixfive_20211216-221155.exe"
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess created: C:\Users\user\Desktop\mixfive_20211216-221155.exe "C:\Users\user\Desktop\mixfive_20211216-221155.exe"
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess created: C:\Users\user\Desktop\mixfive_20211216-221155.exe "C:\Users\user\Desktop\mixfive_20211216-221155.exe" Jump to behavior
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile created: C:\Users\user\AppData\Local\Temp\nsyE396.tmpJump to behavior
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/4@0/2
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile read: C:\Users\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_0040498A
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: mixfive_20211216-221155.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                        Source: Binary string: _.pdb source: mixfive_20211216-221155.exe, 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmp

                        Data Obfuscation:

                        barindex
                        Yara detected GuLoaderShow sources
                        Source: Yara matchFile source: 0000000C.00000000.813287233.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.816118549.00000000029A0000.00000040.00000001.sdmp, type: MEMORY
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_729B30C0 push eax; ret 0_2_729B30EE
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A0FEB push cs; ret 0_2_029A0FDC
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A52B2 pushad ; retf 0_2_029A52B4
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A2EAB push ss; retf 0_2_029A2F95
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A1AFC push edx; retf 0_2_029A1AFF
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A57BD push ecx; iretd 0_2_029A57C2
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A23DB push ecx; retf 0_2_029A2405
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A2FCD push ss; retf 0_2_029A2F95
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A37E9 push ss; retf 0_2_029A385A
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A2311 push ecx; retf 0_2_029A2405
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A2F5D push ss; retf 0_2_029A2F95
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A5B71 pushad ; retf 0_2_029A5C21
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A54BE push A139D881h; retf 0_2_029A54C3
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A385B push ss; retf 0_2_029A385A
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A2D1E push ds; retf 0_2_029A2D27
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00062A48 push esp; ret 12_2_00062E71
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_0006B530 push esp; iretd 12_2_0006B539
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000AD4D0 push cs; ret 12_2_000AD4E4
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000AF950 push eax; iretd 12_2_000AF95D
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_0010099C push 418B000Dh; ret 12_2_001009A2
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_729B1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_729B1BFF
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile created: C:\Users\user\AppData\Local\Temp\nsiE423.tmp\System.dllJump to dropped file
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX