Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
bnieCH9wRm.exe

Overview

General Information

Sample Name:bnieCH9wRm.exe
Analysis ID:806861
MD5:acd46f88a6f90143090c342c10544ccf
SHA1:bb90bed3b0d747feeac32536d75c6d153b34be0b
SHA256:8bf1319fd0f77cd38f85d436e044f2d9e93e3f33844f20737117230b73b60f6c
Infos:

Detection

Conti, DBatLoader, Jcrypt, NominatusCrypto, TrojanRansom
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected Conti ransomware
Yara detected DBatLoader
Multi AV Scanner detection for submitted file
Yara detected Jcrypt Ransomware
Yara detected NominatusCrypto Ransomware
Malicious sample detected (through community Yara rule)
Yara detected TrojanRansom
Writes many files with high entropy
Deletes shadow drive data (may be related to ransomware)
Found potential ransomware demand text
Machine Learning detection for sample
Creates a DirectInput object (often for capturing keystrokes)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Binary contains a suspicious time stamp
Detected potential crypto function
Abnormal high CPU Usage

Classification

  • System is w10x64
  • bnieCH9wRm.exe (PID: 5532 cmdline: C:\Users\user\Desktop\bnieCH9wRm.exe MD5: ACD46F88A6F90143090C342C10544CCF)
  • cleanup
{"Email": ["Clay_whoami_1@protonmail.ch"], "Bitcoin Wallet": "bc1q6dkqnmj3ynetnk3asypm5malwd3se0ylcld5gh", "Ransom Note": "All of your files have been encrypted.\n\nTo unlock them, please send 0.01 bitcoin(s) to BTC address: bc1q6dkqnmj3ynetnk3asypm5malwd3se0ylcld5gh\nAfterwards, please email your transaction ID to: Clay_whoami_1@protonmail.ch\n\nThank you and have a nice day!\n\nEncryption Log:\n----------------------------------------\n"}
SourceRuleDescriptionAuthorStrings
bnieCH9wRm.exeJoeSecurity_DBatLoaderYara detected DBatLoaderJoe Security
    bnieCH9wRm.exeJoeSecurity_NominatusCryptoYara detected NominatusCrypto RansomwareJoe Security
      bnieCH9wRm.exeJoeSecurity_Conti_ransomwareYara detected Conti ransomwareJoe Security
        bnieCH9wRm.exeKovter_1Kovter Payloadkevoreilly
        • 0x86210:$a1: chkok
        • 0x86238:$a1: chkok
        • 0x86248:$a1: chkok
        • 0x95328:$a1: chkok
        • 0x95338:$a1: chkok
        • 0x95360:$a1: chkok
        • 0x89998:$a2: k2Tdgo
        • 0x89b68:$a2: k2Tdgo
        • 0x83ee8:$a3: 13_13_13
        • 0x9e1e8:$a4: Win Server 2008 R2
        bnieCH9wRm.exeWin32_Ransomware_KovterunknownReversingLabs
        • 0x9f2ac:$remote_connection_1: 55 8B EC 81 C4 C0 FB FF FF 53 56 57 33 DB 89 9D C0 FB FF FF 89 9D C4 FB FF FF 89 9D C8 FB FF FF 89 9D CC FB FF FF 89 9D D0 FB FF FF 89 9D D4 FB FF FF 89 9D D8 FB FF FF 89 5D EC 89 5D E4 8B D9 ...
        • 0x9f4c0:$remote_connection_2: 45 E0 50 6A 1F 8B 45 F4 50 E8 0A 44 FC FF 85 C0 0F 84 B4 00 00 00 8B 45 E0 0D 00 01 00 00 0D 80 00 00 00 89 45 E0 8B 45 DC 50 8D 45 E0 50 6A 1F 8B 45 F4 50 E8 EF 43 FC FF 85 C0 0F 84 89 00 00 ...
        • 0x9f7d0:$remote_connection_3: 45 F4 50 E8 08 41 FC FF 85 C0 74 46 83 7D F0 00 74 40 8D 45 E4 8B 55 F0 E8 9B 0A FC FF 8D 45 E4 E8 2F 09 FC FF 8D 95 DC FB FF FF 8B 4D F0 E8 6D 38 FC FF 8B C6 8B 55 E4 E8 4F 07 FC FF 8B 45 F0 ...
        • 0xa0e3f:$find_files: 50 E8 5B 1F FC FF 8B D8 83 FB FF 0F 84 06 01 00 00 33 F6 46 81 FE 10 27 00 00 0F 87 F7 00 00 00 83 FB FF 0F 84 EE 00 00 00 8D 45 F8 8D 57 2C B9 04 01 00 00 E8 E0 F5 FB FF 8B 45 F8 BA 68 47 44 ...
        • 0x7e52a:$decrypt_payload_script: FF 75 D8 FF 75 F4 68 BC 1C 42 00 FF 75 FC 68 C8 1C 42 00 8D 45 D4 E8 97 FC FF FF FF 75 D4 FF 75 F0 68 D4 1C 42 00 FF 75 EC 68 E8 1C 42 00 FF 75 EC 68 F4 1C 42 00 FF 75 F4 68 00 1D 42 00 FF 75 ...
        SourceRuleDescriptionAuthorStrings
        Process Memory Space: bnieCH9wRm.exe PID: 5532JoeSecurity_TrojanRansomYara detected TrojanRansomJoe Security
          Process Memory Space: bnieCH9wRm.exe PID: 5532JoeSecurity_jcryptYara detected Jcrypt RansomwareJoe Security
            No Sigma rule has matched
            No Snort rule has matched

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: bnieCH9wRm.exeAvira: detected
            Source: bnieCH9wRm.exeReversingLabs: Detection: 79%
            Source: bnieCH9wRm.exeVirustotal: Detection: 72%Perma Link
            Source: bnieCH9wRm.exeJoe Sandbox ML: detected
            Source: bnieCH9wRm.exeMalware Configuration Extractor: JCrypt {"Email": ["Clay_whoami_1@protonmail.ch"], "Bitcoin Wallet": "bc1q6dkqnmj3ynetnk3asypm5malwd3se0ylcld5gh", "Ransom Note": "All of your files have been encrypted.\n\nTo unlock them, please send 0.01 bitcoin(s) to BTC address: bc1q6dkqnmj3ynetnk3asypm5malwd3se0ylcld5gh\nAfterwards, please email your transaction ID to: Clay_whoami_1@protonmail.ch\n\nThank you and have a nice day!\n\nEncryption Log:\n----------------------------------------\n"}
            Source: bnieCH9wRm.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: JP2KLib.pdb source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb77.GCTL source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\chrome_wow_helper.pdb source: bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\work\p4\splinters\Splinters\S\BuildResults\bin\Win32\ReaderRelease\FullTrustNotifier\FullTrustNotifier.pdb source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: c:\Users\sd\Documents\SharpDevelop Projects\VirusMSILNominatusStorm\VirusMSILNominatusStorm\obj\Debug\VirusMSILNominatusStorm.pdb source: bnieCH9wRm.exe
            Source: Binary string: A3DUtils.pdb// GCTL source: bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ScCore.pdb$ source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: BIBUtils.pdb$$$ source: bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\3D\Common\a3d\build\win\Release\rt3d.pdb source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: A3DUtils.pdb source: bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: BIBUtils.pdb source: bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ACE.pdb source: bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: g:\Acro_root_apms\build\Release-results\info\Adobe AIR.pdb|0m source: bnieCH9wRm.exe
            Source: Binary string: ScCore.pdb source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ExtendScript.pdb source: bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\AcroRd32Exe.pdb source: bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\Eula.pdb source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ACE.pdboon source: bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: C:\Users\1\Downloads\EncrypterPOC-main\EncrypterPOC-main\WindowsFormsApp1\obj\Release\WindowsFormsApp1.pdb source: bnieCH9wRm.exe
            Source: Binary string: pe.pdb source: bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\Acrobat\Installers\AcroSup64\Release\AcroSup64.pdb source: bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: g:\Acro_root_apms\build\Release-results\info\Adobe AIR.pdb source: bnieCH9wRm.exe
            Source: Binary string: D:\DCB\CBT_Main\3D\Common\a3d\build\win\Release\rt3d.pdb source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: AXE8SharedExpat.pdb source: bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: ExtendScript.pdb source: bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: c:\Users\sd\Documents\SharpDevelop Projects\VirusMSILNominatusStorm\VirusMSILNominatusStorm\obj\Debug\VirusMSILNominatusStorm.pdbp7 source: bnieCH9wRm.exe
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\Eula.pdb998 source: bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp
            Source: Binary string: D:\DCB\CBT_Main\BuildResults\bin\Release\sqlite.pdb source: bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp
            Source: bnieCH9wRm.exeString found in binary or memory: http://%shttp://a.SharedObject.BadPersistencependingSharedObject.UriMismatch
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
            Source: bnieCH9wRm.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
            Source: bnieCH9wRm.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
            Source: bnieCH9wRm.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
            Source: bnieCH9wRm.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
            Source: bnieCH9wRm.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
            Source: bnieCH9wRm.exeString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
            Source: bnieCH9wRm.exeString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://evcs-aia.ws.symantec.com/evcs.cer0
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://evcs-crl.ws.symantec.com/evcs.crl0
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://evcs-ocsp.ws.symantec.com04
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
            Source: bnieCH9wRm.exeString found in binary or memory: http://fpdownload2.macromedia.com/get/
            Source: bnieCH9wRm.exeString found in binary or memory: http://fpdownload2.macromedia.com/get/https://fpdownload.macromedia.com/get/https://www.macromedia.c
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://icu-project.org
            Source: bnieCH9wRm.exeString found in binary or memory: http://ocsp.digicert.com0
            Source: bnieCH9wRm.exeString found in binary or memory: http://ocsp.digicert.com0A
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
            Source: bnieCH9wRm.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
            Source: bnieCH9wRm.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
            Source: bnieCH9wRm.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
            Source: bnieCH9wRm.exeString found in binary or memory: http://uri.etsi.org/01903/v1.1.1#
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: bnieCH9wRm.exe, 00000000.00000003.261283598.0000000006157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.html
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: bnieCH9wRm.exeString found in binary or memory: http://www.digicert.com/CPS0
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.542723604.0000000004928000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000478A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004569000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.762953829.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.773412110.0000000004469000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.511883188.00000000046B9000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.635822828.000000000473A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: bnieCH9wRm.exe, 00000000.00000003.263542603.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.262802204.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272077070.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263864398.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263930068.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263680533.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263807548.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272196896.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263777832.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: bnieCH9wRm.exe, 00000000.00000003.262766646.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: bnieCH9wRm.exe, 00000000.00000003.263864398.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263835648.0000000006176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
            Source: bnieCH9wRm.exe, 00000000.00000003.263510923.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.262842218.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.263542603.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.262802204.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers6RQ7
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: bnieCH9wRm.exe, 00000000.00000003.264664563.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersDR
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: bnieCH9wRm.exe, 00000000.00000003.263864398.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersURW
            Source: bnieCH9wRm.exe, 00000000.00000003.272150246.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designerse&
            Source: bnieCH9wRm.exe, 00000000.00000003.272150246.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272077070.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designerskR
            Source: bnieCH9wRm.exe, 00000000.00000003.265121648.0000000006172000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.265060289.0000000006172000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersn
            Source: bnieCH9wRm.exe, 00000000.00000002.787910842.0000000006140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma#27g
            Source: bnieCH9wRm.exe, 00000000.00000002.787910842.0000000006140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comicva
            Source: bnieCH9wRm.exe, 00000000.00000002.787910842.0000000006140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.como
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: bnieCH9wRm.exe, 00000000.00000003.257847890.000000000614E000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.256662876.000000000614E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: bnieCH9wRm.exe, 00000000.00000003.257847890.000000000614E000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.256662876.000000000614E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnde
            Source: bnieCH9wRm.exe, 00000000.00000003.256008300.000000000616D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnh-c
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: bnieCH9wRm.exe, 00000000.00000003.267330166.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267535619.0000000006175000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.268376500.0000000006175000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.266840770.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267235955.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.268947792.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272490068.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.272265866.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270339223.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.268211432.0000000006175000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270841141.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267024477.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.266877443.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.266797443.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.268322371.0000000006175000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270420736.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.269521456.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.266742260.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267066364.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.267263450.0000000006176000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: bnieCH9wRm.exe, 00000000.00000003.719974579.000000000463B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.lextek.com)
            Source: bnieCH9wRm.exe, 00000000.00000003.719974579.000000000463B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.lextek.com/
            Source: bnieCH9wRm.exeString found in binary or memory: http://www.macromedia.com
            Source: bnieCH9wRm.exeString found in binary or memory: http://www.macromedia.com/support/flashplayer/sys/
            Source: bnieCH9wRm.exe, 00000000.00000003.271179571.0000000006177000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270841141.0000000006176000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.270984573.0000000006179000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.monotype.GLn6m
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps09
            Source: bnieCH9wRm.exe, 00000000.00000003.762953829.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.727709471.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa04
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.256451160.000000000616F000.00000004.00000020.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.257847890.0000000006154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: bnieCH9wRm.exe, 00000000.00000003.256451160.000000000616F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com2Vt7
            Source: bnieCH9wRm.exe, 00000000.00000003.256451160.000000000616F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comKV
            Source: bnieCH9wRm.exe, 00000000.00000003.257847890.0000000006154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comL
            Source: bnieCH9wRm.exe, 00000000.00000003.257847890.0000000006154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comk
            Source: bnieCH9wRm.exe, 00000000.00000003.257847890.0000000006154000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comslnt
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: bnieCH9wRm.exe, 00000000.00000002.788292850.0000000007352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
            Source: bnieCH9wRm.exe, 00000000.00000003.701331145.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.719974579.000000000470E000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.559701675.00000000046D2000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.680278801.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.627040066.0000000004884000.00000004.00000800.00020000.00000000.sdmp, bnieCH9wRm.exe, 00000000.00000003.673617466.0000000004689000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
            Source: bnieCH9wRm.exeString found in binary or memory: https://fpdownload.macromedia.com/get/
            Source: bnieCH9wRm.exe, 00000000.00000003.751054876.000000000438A000.00000004.00000800.00020000.00000000.sdmp, bn