Windows Analysis Report
r14836901-5B4A-.exe

Overview

General Information

Sample name: r14836901-5B4A-.exe
Analysis ID: 1455408
MD5: d5867544e7fb701fb71e72cf8caf8df8
SHA1: 4d4d42bb8a49013f6804e5c21d35fd8da6d141b2
SHA256: d8d23e874918f7f77e8ac832e69adef1bda5244e403364a6ad5cb18e8ecbcb5e
Infos:

Detection

FormBook, GuLoader
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected FormBook
Yara detected GuLoader
Submitted sample is a known malware sample
Maps a DLL or memory area into another process
Mass process execution to delay analysis
Obfuscated command line found
Sample uses process hollowing technique
Switches to a custom stack to bypass stack traces
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Too many similar processes found
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection

barindex
Source: r14836901-5B4A-.exe ReversingLabs: Detection: 42%
Source: Yara match File source: 00000227.00000002.18838668946.00000000014B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000223.00000002.15198144068.0000000033DE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000226.00000002.18840181821.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000226.00000002.18840696565.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000226.00000002.18830755989.0000000000540000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000223.00000002.15199197968.0000000035840000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000225.00000002.18840425519.00000000042D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: r14836901-5B4A-.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 142.250.65.174:443 -> 192.168.11.20:50387 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.251.35.161:443 -> 192.168.11.20:50388 version: TLS 1.2
Source: r14836901-5B4A-.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: mshtml.pdb source: r14836901-5B4A-.exe, 00000223.00000001.14993436130.0000000000649000.00000020.00000001.01000000.00000009.sdmp
Source: Binary string: wntdll.pdbUGP source: r14836901-5B4A-.exe, 00000223.00000002.15198251060.000000003421D000.00000040.00001000.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000002.15198251060.00000000340F0000.00000040.00001000.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15086066257.0000000033F41000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15081364748.0000000033DA0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: r14836901-5B4A-.exe, r14836901-5B4A-.exe, 00000223.00000002.15198251060.000000003421D000.00000040.00001000.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000002.15198251060.00000000340F0000.00000040.00001000.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15086066257.0000000033F41000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15081364748.0000000033DA0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rmactivate_isv.pdb source: r14836901-5B4A-.exe, 00000223.00000003.15143317532.0000000033EB8000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15142897085.0000000033E23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rmactivate_isv.pdbGCTL source: r14836901-5B4A-.exe, 00000223.00000003.15143317532.0000000033EB8000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15142897085.0000000033E23000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mshtml.pdbUGP source: r14836901-5B4A-.exe, 00000223.00000001.14993436130.0000000000649000.00000020.00000001.01000000.00000009.sdmp
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Directory queried: number of queries: 1001
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 0_2_00406268 FindFirstFileA,FindClose, 0_2_00406268
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 0_2_0040572D GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_0040572D
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 0_2_004026F8 FindFirstFileA, 0_2_004026F8
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe File opened: C:\Users\user Jump to behavior
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates Jump to behavior
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe File opened: C:\Users\user\AppData\Roaming\Microsoft Jump to behavior
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe File opened: C:\Users\user\AppData Jump to behavior
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe File opened: C:\Users\user\AppData\Roaming Jump to behavior
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows Jump to behavior

Networking

barindex
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50389 -> 3.33.130.190:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50393 -> 3.33.130.190:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50397 -> 122.10.51.226:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50401 -> 45.205.2.38:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50405 -> 65.181.132.188:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50409 -> 38.173.29.32:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50413 -> 198.177.123.106:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50417 -> 142.250.65.211:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50421 -> 46.30.215.97:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50426 -> 209.124.66.11:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50430 -> 194.58.112.174:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50434 -> 183.181.79.111:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50438 -> 194.58.112.174:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50443 -> 185.27.134.155:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50447 -> 3.33.130.190:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50448 -> 3.33.130.190:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50452 -> 3.33.130.190:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50456 -> 122.10.51.226:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50460 -> 45.205.2.38:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50464 -> 65.181.132.188:80
Source: Traffic Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50468 -> 38.173.29.32:80
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /uc?export=download&id=1VirI3BbuQKTaxGu1SQZGGLkm8DemZFot HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /download?id=1VirI3BbuQKTaxGu1SQZGGLkm8DemZFot&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /9s7p/?D80XLFNh=iDD5DZIpHBKwC3fUs2+dweSj3L/Jc1TvnQA5Dk5E9UV53KOnngl3KjAOAJ/+bY6yLnIXHFzkM2NbnoYddNxkDMaR6Yx+R6wrTOEuZi92Rr99LElNF3fYpfg=&KF=i4PXV8BX8 HTTP/1.1Host: www.isrninjas.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /a9n4/?D80XLFNh=Z6NeJWCAO4UWkQQZnIW3J6ShlWnr/mWxlv/v5WLzX4nFKsBSQwEAPdr7iKFkWsdWt1b7OqVzoLxdNpYogVex4pRwyWXNM2BCxH4E51wmZhGfueLt7Rj8IQA=&KF=i4PXV8BX8 HTTP/1.1Host: www.hilfe24x7.deAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /puca/?D80XLFNh=0ZaTP653MFYaNpLm0ddUsoB5BM+TvwTr8t3R21wscio1DPQxaYcdBdHAlBRg5HIF10RIIMRw0WacknLijFHBtGSe9I3f4SUofKpnwM7q1oakPR2JMNCu5s4=&KF=i4PXV8BX8 HTTP/1.1Host: www.1401qs.ccAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /ccfm/?D80XLFNh=NgmGl6A4toP5vjD4UAHmzjt+U2T+1ccmUPgVUCqm+//uyhGMt/GX+ndtEqRzaFVdkOYQlK98kKfHhxP6W7j+zX8W8c3D5vK1I3z9YMBg50s9AAHC74uxnJ4=&KF=i4PXV8BX8 HTTP/1.1Host: www.meikhaof23.ccAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /1f8k/?D80XLFNh=QhX0EGGYplx+FzEhC39pebdgTSyI92/iz6qx2lO1iBZqIUQcG58nXSYW5JnsqL34Z2PG2Si8koxzc8hZGd6LuUYka3FiNdkGgDhZSs4cWReGV1Sd7g8C/yk=&KF=i4PXV8BX8 HTTP/1.1Host: www.jl800.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /t7qk/?D80XLFNh=Kb3sbt59Ht5f9Q1h1sFXRC4j6nryo9u3djDhDh9p88f7GAlroKHENhzESgj9YPuDcOMO12qdigNZoqeXTeTYsmYtERwq0/AbFviNzEwUIhyfRWaw7mh8kVw=&KF=i4PXV8BX8 HTTP/1.1Host: www.jiffad.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /u3mn/?D80XLFNh=nSsYYb7WXXBS266Eml+Y5PdZAuLb9H7GgybXGBvnmAj0+Kqv+gLVG017TzQmkZvOvvR4TUluUcDw+kFCzbxcDhyGe4jJW7ZpifX62Ne9qf5JQk93uU93Eac=&KF=i4PXV8BX8 HTTP/1.1Host: www.hunterpur.lifeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /8rkh/?D80XLFNh=vmmJHeFw5nvl69b8CbFTFU3YKXxtRr9AtMJBnyO3UFLOYhHqctbe8l5iObcZJWXr1wzkaO7vkvIrJU/SkdmR3bTJJCYeYWaVoDbBjkkAsNIuPKr3n79Ufqg=&KF=i4PXV8BX8 HTTP/1.1Host: www.auronhouse.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /glaz/?D80XLFNh=k8ZCK4mb5hR7Ax9dLYqvgeRpCDF4laYM3Hrv7gV7FmhBp1AET1rRYhWPVs8cFCc+X0g5WpBjRoj7ZFfxcdlHlzFVQSklu6eMQml87za41m1BkG+7m+mtgF4=&KF=i4PXV8BX8 HTTP/1.1Host: www.dichbornholm.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /j32z/?D80XLFNh=plO+W3/VdlLNqMrGxUVnJzhjPnkKfuSvLBdGJ8+CNa+EddNwjkQbJNP1tGgw3EqHNM9wBRZ2rTMcuD/81bmrFFgcNBKK0kDq/beQOIEvOREpy4cfFJe80CE=&KF=i4PXV8BX8 HTTP/1.1Host: www.tsamparlishop.grAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /s3pw/?D80XLFNh=NwxaQaJsAK68DiszuFUIY+REn4y1zs0UlgA5H5FJiNYglZ0ymN6ZMAr6oJ9cBVPJOVF0fGBJyQQoApJN/tXtPMJrELNXqISlk3O8UH2PSRA10r17P1omjMI=&KF=i4PXV8BX8 HTTP/1.1Host: www.dexiangovernment.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /9s7p/?D80XLFNh=iDD5DZIpHBKwC3fUs2+dweSj3L/Jc1TvnQA5Dk5E9UV53KOnngl3KjAOAJ/+bY6yLnIXHFzkM2NbnoYddNxkDMaR6Yx+R6wrTOEuZi92Rr99LElNF3fYpfg=&KF=i4PXV8BX8 HTTP/1.1Host: www.isrninjas.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /a9n4/?D80XLFNh=Z6NeJWCAO4UWkQQZnIW3J6ShlWnr/mWxlv/v5WLzX4nFKsBSQwEAPdr7iKFkWsdWt1b7OqVzoLxdNpYogVex4pRwyWXNM2BCxH4E51wmZhGfueLt7Rj8IQA=&KF=i4PXV8BX8 HTTP/1.1Host: www.hilfe24x7.deAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /puca/?D80XLFNh=0ZaTP653MFYaNpLm0ddUsoB5BM+TvwTr8t3R21wscio1DPQxaYcdBdHAlBRg5HIF10RIIMRw0WacknLijFHBtGSe9I3f4SUofKpnwM7q1oakPR2JMNCu5s4=&KF=i4PXV8BX8 HTTP/1.1Host: www.1401qs.ccAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /ccfm/?D80XLFNh=NgmGl6A4toP5vjD4UAHmzjt+U2T+1ccmUPgVUCqm+//uyhGMt/GX+ndtEqRzaFVdkOYQlK98kKfHhxP6W7j+zX8W8c3D5vK1I3z9YMBg50s9AAHC74uxnJ4=&KF=i4PXV8BX8 HTTP/1.1Host: www.meikhaof23.ccAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /1f8k/?D80XLFNh=QhX0EGGYplx+FzEhC39pebdgTSyI92/iz6qx2lO1iBZqIUQcG58nXSYW5JnsqL34Z2PG2Si8koxzc8hZGd6LuUYka3FiNdkGgDhZSs4cWReGV1Sd7g8C/yk=&KF=i4PXV8BX8 HTTP/1.1Host: www.jl800.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic HTTP traffic detected: GET /t7qk/?D80XLFNh=Kb3sbt59Ht5f9Q1h1sFXRC4j6nryo9u3djDhDh9p88f7GAlroKHENhzESgj9YPuDcOMO12qdigNZoqeXTeTYsmYtERwq0/AbFviNzEwUIhyfRWaw7mh8kVw=&KF=i4PXV8BX8 HTTP/1.1Host: www.jiffad.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Source: global traffic DNS traffic detected: DNS query: drive.google.com
Source: global traffic DNS traffic detected: DNS query: drive.usercontent.google.com
Source: global traffic DNS traffic detected: DNS query: www.isrninjas.com
Source: global traffic DNS traffic detected: DNS query: www.hilfe24x7.de
Source: global traffic DNS traffic detected: DNS query: www.1401qs.cc
Source: global traffic DNS traffic detected: DNS query: www.meikhaof23.cc
Source: global traffic DNS traffic detected: DNS query: www.jl800.vip
Source: global traffic DNS traffic detected: DNS query: www.jiffad.com
Source: global traffic DNS traffic detected: DNS query: www.hunterpur.life
Source: global traffic DNS traffic detected: DNS query: www.auronhouse.com
Source: global traffic DNS traffic detected: DNS query: www.dichbornholm.com
Source: global traffic DNS traffic detected: DNS query: www.jnurou.sbs
Source: global traffic DNS traffic detected: DNS query: www.tsamparlishop.gr
Source: global traffic DNS traffic detected: DNS query: www.theppelin.online
Source: global traffic DNS traffic detected: DNS query: www.cica-rank.com
Source: global traffic DNS traffic detected: DNS query: www.businessbots.shop
Source: global traffic DNS traffic detected: DNS query: www.j24.top
Source: global traffic DNS traffic detected: DNS query: www.dexiangovernment.org
Source: unknown HTTP traffic detected: POST /a9n4/ HTTP/1.1Host: www.hilfe24x7.deAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflateOrigin: http://www.hilfe24x7.deCache-Control: no-cacheConnection: closeContent-Length: 205Content-Type: application/x-www-form-urlencodedReferer: http://www.hilfe24x7.de/a9n4/User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoData Raw: 44 38 30 58 4c 46 4e 68 3d 55 34 6c 2b 4b 68 57 47 4f 62 77 47 71 42 42 56 75 36 62 46 4b 2b 32 74 75 56 44 45 39 6d 75 48 6d 73 76 76 79 58 6e 61 42 75 7a 58 43 64 31 74 43 30 51 6a 41 73 66 2f 38 4a 31 59 59 2b 39 39 6f 32 4b 69 44 6f 56 78 71 4f 68 72 64 6f 45 6e 6c 6a 6a 6b 32 49 78 50 69 52 44 6e 44 56 5a 69 38 33 30 34 37 57 52 68 4f 51 47 39 73 4e 76 6d 2b 6a 48 58 47 51 2f 45 47 42 4c 35 55 74 68 43 49 4a 46 6b 7a 61 78 54 77 44 55 42 45 44 79 38 54 6b 37 50 44 47 75 77 6b 52 33 38 79 30 67 58 73 38 42 75 69 44 66 34 66 34 46 2f 34 74 6e 39 4d 56 2f 6b 72 71 48 2f 52 45 72 52 4d 6e 56 64 45 51 3d 3d Data Ascii: D80XLFNh=U4l+KhWGObwGqBBVu6bFK+2tuVDE9muHmsvvyXnaBuzXCd1tC0QjAsf/8J1YY+99o2KiDoVxqOhrdoEnljjk2IxPiRDnDVZi83047WRhOQG9sNvm+jHXGQ/EGBL5UthCIJFkzaxTwDUBEDy8Tk7PDGuwkR38y0gXs8BuiDf4f4F/4tn9MV/krqH/RErRMnVdEQ==
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 17:48:00 GMTContent-Type: text/plainContent-Length: 18Connection: closeAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,Authorization,Content-Length,X-CSRF-Token,Token,sessionAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-HeadersData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 17:48:02 GMTContent-Type: text/plainContent-Length: 18Connection: closeAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,Authorization,Content-Length,X-CSRF-Token,Token,sessionAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-HeadersData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 17:48:06 GMTContent-Type: text/plainContent-Length: 18Connection: closeAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,Authorization,Content-Length,X-CSRF-Token,Token,sessionAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-HeadersData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 17:48:08 GMTContent-Type: text/plainContent-Length: 18Connection: closeAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,Authorization,Content-Length,X-CSRF-Token,Token,sessionAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-HeadersData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 18:07:18 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 18:07:21 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 18:07:23 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 18:07:26 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Jun 2024 18:07:32 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Jun 2024 18:07:35 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Jun 2024 18:07:37 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Jun 2024 18:07:40 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Jun 2024 18:07:59 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 7367985975Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Jun 2024 18:08:02 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 7422379776Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Jun 2024 18:08:04 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 7462685019Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Jun 2024 18:08:07 GMTServer: ApacheContent-Length: 196Content-Type: text/html; charset=iso-8859-1X-Onecom-Cluster-Name: X-Varnish: 7442304565Age: 0Via: 1.1 webcache2 (Varnish/trunk)Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8x-ua-compatible: IE=edgelink: <https://tsamparlishop.gr/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 11 Jun 2024 18:09:46 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 35 64 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 6b 93 e4 b6 91 28 fa 59 13 e1 ff 00 51 c7 33 dd eb 22 eb fd ea e9 6e 87 34 1a d9 3a 2b 69 74 34 92 bd 7b 34 8a 0a 14 89 aa 42 37 8b e0 10 ac ae ae 69 f5 0d 3f a4 dd bb 27 bc 27 42 c7 ab eb 95 1f d7 76 f8 15 1b b1 5e 87 76 ad eb 95 6d 5d 45 dc f3 9d fd 97 6e 24 00 92 20 8b f5 e8 ea 87 46 d6 8c ec ea 2a 3c 32 13 89 44 22 01 24 12 bb 4f 3f 7f ef ce eb 7f fb ea 5d 34 0a c7 ee fe 8d 5d f8 83 6c 17 73 be 67 c0 77 03 b9 d8 1b ee 19 c4 35 20 97 60 67 ff c6 53 bb 63 12 62 64 8f 70 c0 49 b8 67 bc f1 fa 0b 66 c7 80 74 97 7a 87 28 20 ee 9e e1 07 6c 40 5d 62 a0 51 40 06 00 2a f4 f9 4e b9 3c 1c fb 43 8b 05 c3 f2 f1 c0 2b 57 ab c6 fe 8d 1b 4f ed 86 34 74 c9 7e f4 03 74 f6 dd e8 a3 e8 4f d1 ef a2 df 47 1f a2 e8 f7 d1 47 d1 27 28 fa f7 b3 6f 47 bf 8d fe 33 fa 43 f4 c7 e8 23 74 f3 99 4e ad 5a bd 8d 5e e7 78 ec e3 c0 a5 1c dd 1f 31 1f bd 8d fe fa 7f ff 32 b0 47 24 40 6f a3 7b 9e 4b 3d 22 32 76 cb 12 fa 0d 49 b3 87 c7 64 ef 56 c0 fa 2c e4 b7 90 cd bc 90 78 e1 de ad 31 3e 36 e9 18 0f 89 e9 07 e4 88 92 e9 8e 8b 83 21 b9 85 ca 99 8a 06 64 f9 2c 08 8d a4 aa 31 a5 4e 38 da 73 c8 11 b5 89 29 7e 94 10 f5 68 48 b1 6b 72 1b bb 64 af 6a ec a7 8c b9 e5 78 1c 90 0c 48 68 8f 6e 49 ee dc 2a 97 c3 a4 39 23 e6 5b c3 40 62 4e d9 89 dd 90 04 1e 0e 89 81 c2 99 4f f6 0c ec fb 2e b5 71 48 99 57 0e 38 ff ca 31 74 95 68 ea 9e 11 fd 3c fa 34 fa 37 f4 da fd fb e8 66 80 1f 4e d8 fa ec ca f7 57 9e ae f2 80 10 a7 6c 5c 02 75 d1 2f ce fe 3e fa 14 7a fb ec 1f a2 4f 2e 9f 50 9b 8d c7 c4 0b b9 4e 31 b7 03 ea 87 fb 37 a6 d4 73 d8 d4 ea 4d 7d 32 66 07 f4 3e 09 43 ea 0d 39 da 43 27 46 1f 73 f2 46 e0 1a 3b 0a f4 83 f2 83 32 b7 a6 20 b4 0f ca 42 46 f8 83 b2 cd 02 f2 a0 2c 2a 3f 28 57 1b 56 c5 aa 3c 28 b7 6b c7 ed da 83 b2 51 32 c8 71 68 ec 18 96 ef 0d 8d 92 c1 8f 86 9b c1 e3 47 43 01 8d 1f 0d ef 4a 80 fc 48 00 64 93 c0 26 c6 ce 89 61 33 cf c6 a1 a8 a6 e0 0b f0 79 5e 3c 28 4f 7d 93 7a b6 3b 71 00 d9 01 17 09 a2 9a 19 10 97 60 4e ac 31 f5 ac 03 fe d5 23 12 ec b5 ac 86 d5 30 4e 4f 6f df 28 ff d5 d3 e8 f5 11 e5 08 86 32 a2 1c e1 49 c8 cc 21 f1 48 80 43 e2 a0 bf 2a df 78 7a 30 f1 6c e8 e7 2d 5a f2 b6 4f 8e 70 80 58 89 97 c8 ed 38 1d d9 5b 64 fb 24 0c 66 22 2f dc 3b e1 Data Ascii: 5d36k(YQ3"n4:+it4{4B7i?''Bv^vm]En$ F*<2D"$O?]4]lsgw5 `gScbdpIgftz( l@]bQ@*N<C+
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8x-ua-compatible: IE=edgelink: <https://tsamparlishop.gr/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 11 Jun 2024 18:09:49 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 35 64 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 6b 93 e4 b6 91 28 fa 59 13 e1 ff 00 51 c7 33 dd eb 22 eb fd ea e9 6e 87 34 1a d9 3a 2b 69 74 34 92 bd 7b 34 8a 0a 14 89 aa 42 37 8b e0 10 ac ae ae 69 f5 0d 3f a4 dd bb 27 bc 27 42 c7 ab eb 95 1f d7 76 f8 15 1b b1 5e 87 76 ad eb 95 6d 5d 45 dc f3 9d fd 97 6e 24 00 92 20 8b f5 e8 ea 87 46 d6 8c ec ea 2a 3c 32 13 89 44 22 01 24 12 bb 4f 3f 7f ef ce eb 7f fb ea 5d 34 0a c7 ee fe 8d 5d f8 83 6c 17 73 be 67 c0 77 03 b9 d8 1b ee 19 c4 35 20 97 60 67 ff c6 53 bb 63 12 62 64 8f 70 c0 49 b8 67 bc f1 fa 0b 66 c7 80 74 97 7a 87 28 20 ee 9e e1 07 6c 40 5d 62 a0 51 40 06 00 2a f4 f9 4e b9 3c 1c fb 43 8b 05 c3 f2 f1 c0 2b 57 ab c6 fe 8d 1b 4f ed 86 34 74 c9 7e f4 03 74 f6 dd e8 a3 e8 4f d1 ef a2 df 47 1f a2 e8 f7 d1 47 d1 27 28 fa f7 b3 6f 47 bf 8d fe 33 fa 43 f4 c7 e8 23 74 f3 99 4e ad 5a bd 8d 5e e7 78 ec e3 c0 a5 1c dd 1f 31 1f bd 8d fe fa 7f ff 32 b0 47 24 40 6f a3 7b 9e 4b 3d 22 32 76 cb 12 fa 0d 49 b3 87 c7 64 ef 56 c0 fa 2c e4 b7 90 cd bc 90 78 e1 de ad 31 3e 36 e9 18 0f 89 e9 07 e4 88 92 e9 8e 8b 83 21 b9 85 ca 99 8a 06 64 f9 2c 08 8d a4 aa 31 a5 4e 38 da 73 c8 11 b5 89 29 7e 94 10 f5 68 48 b1 6b 72 1b bb 64 af 6a ec a7 8c b9 e5 78 1c 90 0c 48 68 8f 6e 49 ee dc 2a 97 c3 a4 39 23 e6 5b c3 40 62 4e d9 89 dd 90 04 1e 0e 89 81 c2 99 4f f6 0c ec fb 2e b5 71 48 99 57 0e 38 ff ca 31 74 95 68 ea 9e 11 fd 3c fa 34 fa 37 f4 da fd fb e8 66 80 1f 4e d8 fa ec ca f7 57 9e ae f2 80 10 a7 6c 5c 02 75 d1 2f ce fe 3e fa 14 7a fb ec 1f a2 4f 2e 9f 50 9b 8d c7 c4 0b b9 4e 31 b7 03 ea 87 fb 37 a6 d4 73 d8 d4 ea 4d 7d 32 66 07 f4 3e 09 43 ea 0d 39 da 43 27 46 1f 73 f2 46 e0 1a 3b 0a f4 83 f2 83 32 b7 a6 20 b4 0f ca 42 46 f8 83 b2 cd 02 f2 a0 2c 2a 3f 28 57 1b 56 c5 aa 3c 28 b7 6b c7 ed da 83 b2 51 32 c8 71 68 ec 18 96 ef 0d 8d 92 c1 8f 86 9b c1 e3 47 43 01 8d 1f 0d ef 4a 80 fc 48 00 64 93 c0 26 c6 ce 89 61 33 cf c6 a1 a8 a6 e0 0b f0 79 5e 3c 28 4f 7d 93 7a b6 3b 71 00 d9 01 17 09 a2 9a 19 10 97 60 4e ac 31 f5 ac 03 fe d5 23 12 ec b5 ac 86 d5 30 4e 4f 6f df 28 ff d5 d3 e8 f5 11 e5 08 86 32 a2 1c e1 49 c8 cc 21 f1 48 80 43 e2 a0 bf 2a df 78 7a 30 f1 6c e8 e7 2d 5a f2 b6 4f 8e 70 80 58 89 97 c8 ed 38 1d d9 5b 64 fb 24 0c 66 22 2f dc 3b e1 Data Ascii: 5d36k(YQ3"n4:+it4{4B7i?''Bv^vm]En$ F*<2D"$O?]4]lsgw5 `gScbdpIgftz( l@]bQ@*N<C+
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closex-powered-by: PHP/7.4.33expires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8x-ua-compatible: IE=edgelink: <https://tsamparlishop.gr/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Tue, 11 Jun 2024 18:09:52 GMTserver: LiteSpeedstrict-transport-security: max-age=63072000; includeSubDomainsx-frame-options: SAMEORIGINx-content-type-options: nosniffData Raw: 35 64 33 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 6b 93 e4 b6 91 28 fa 59 13 e1 ff 00 51 c7 33 dd eb 22 eb fd ea e9 6e 87 34 1a d9 3a 2b 69 74 34 92 bd 7b 34 8a 0a 14 89 aa 42 37 8b e0 10 ac ae ae 69 f5 0d 3f a4 dd bb 27 bc 27 42 c7 ab eb 95 1f d7 76 f8 15 1b b1 5e 87 76 ad eb 95 6d 5d 45 dc f3 9d fd 97 6e 24 00 92 20 8b f5 e8 ea 87 46 d6 8c ec ea 2a 3c 32 13 89 44 22 01 24 12 bb 4f 3f 7f ef ce eb 7f fb ea 5d 34 0a c7 ee fe 8d 5d f8 83 6c 17 73 be 67 c0 77 03 b9 d8 1b ee 19 c4 35 20 97 60 67 ff c6 53 bb 63 12 62 64 8f 70 c0 49 b8 67 bc f1 fa 0b 66 c7 80 74 97 7a 87 28 20 ee 9e e1 07 6c 40 5d 62 a0 51 40 06 00 2a f4 f9 4e b9 3c 1c fb 43 8b 05 c3 f2 f1 c0 2b 57 ab c6 fe 8d 1b 4f ed 86 34 74 c9 7e f4 03 74 f6 dd e8 a3 e8 4f d1 ef a2 df 47 1f a2 e8 f7 d1 47 d1 27 28 fa f7 b3 6f 47 bf 8d fe 33 fa 43 f4 c7 e8 23 74 f3 99 4e ad 5a bd 8d 5e e7 78 ec e3 c0 a5 1c dd 1f 31 1f bd 8d fe fa 7f ff 32 b0 47 24 40 6f a3 7b 9e 4b 3d 22 32 76 cb 12 fa 0d 49 b3 87 c7 64 ef 56 c0 fa 2c e4 b7 90 cd bc 90 78 e1 de ad 31 3e 36 e9 18 0f 89 e9 07 e4 88 92 e9 8e 8b 83 21 b9 85 ca 99 8a 06 64 f9 2c 08 8d a4 aa 31 a5 4e 38 da 73 c8 11 b5 89 29 7e 94 10 f5 68 48 b1 6b 72 1b bb 64 af 6a ec a7 8c b9 e5 78 1c 90 0c 48 68 8f 6e 49 ee dc 2a 97 c3 a4 39 23 e6 5b c3 40 62 4e d9 89 dd 90 04 1e 0e 89 81 c2 99 4f f6 0c ec fb 2e b5 71 48 99 57 0e 38 ff ca 31 74 95 68 ea 9e 11 fd 3c fa 34 fa 37 f4 da fd fb e8 66 80 1f 4e d8 fa ec ca f7 57 9e ae f2 80 10 a7 6c 5c 02 75 d1 2f ce fe 3e fa 14 7a fb ec 1f a2 4f 2e 9f 50 9b 8d c7 c4 0b b9 4e 31 b7 03 ea 87 fb 37 a6 d4 73 d8 d4 ea 4d 7d 32 66 07 f4 3e 09 43 ea 0d 39 da 43 27 46 1f 73 f2 46 e0 1a 3b 0a f4 83 f2 83 32 b7 a6 20 b4 0f ca 42 46 f8 83 b2 cd 02 f2 a0 2c 2a 3f 28 57 1b 56 c5 aa 3c 28 b7 6b c7 ed da 83 b2 51 32 c8 71 68 ec 18 96 ef 0d 8d 92 c1 8f 86 9b c1 e3 47 43 01 8d 1f 0d ef 4a 80 fc 48 00 64 93 c0 26 c6 ce 89 61 33 cf c6 a1 a8 a6 e0 0b f0 79 5e 3c 28 4f 7d 93 7a b6 3b 71 00 d9 01 17 09 a2 9a 19 10 97 60 4e ac 31 f5 ac 03 fe d5 23 12 ec b5 ac 86 d5 30 4e 4f 6f df 28 ff d5 d3 e8 f5 11 e5 08 86 32 a2 1c e1 49 c8 cc 21 f1 48 80 43 e2 a0 bf 2a df 78 7a 30 f1 6c e8 e7 2d 5a f2 b6 4f 8e 70 80 58 89 97 c8 ed 38 1d d9 5b 64 fb 24 0c 66 22 2f dc 3b e1 Data Ascii: 5d36k(YQ3"n4:+it4{4B7i?''Bv^vm]En$ F*<2D"$O?]4]lsgw5 `gScbdpIgftz( l@]bQ@*N<C+
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 17:52:57 GMTContent-Type: text/plainContent-Length: 18Connection: closeAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,Authorization,Content-Length,X-CSRF-Token,Token,sessionAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-HeadersData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 17:53:00 GMTContent-Type: text/plainContent-Length: 18Connection: closeAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,Authorization,Content-Length,X-CSRF-Token,Token,sessionAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-HeadersData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 17:53:03 GMTContent-Type: text/plainContent-Length: 18Connection: closeAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,Authorization,Content-Length,X-CSRF-Token,Token,sessionAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-HeadersData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 17:53:08 GMTContent-Type: text/plainContent-Length: 18Connection: closeAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Headers: Content-Type,Authorization,Content-Length,X-CSRF-Token,Token,sessionAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE,UPDATEAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-HeadersData Raw: 34 30 34 20 70 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 Data Ascii: 404 page not found
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 18:12:16 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 18:12:18 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 18:12:21 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 11 Jun 2024 18:12:24 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 11 Jun 2024 18:12:29 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: r14836901-5B4A-.exe, 00000223.00000002.15184899375.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15083345539.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068818411.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15054471310.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15054982696.0000000004041000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: r14836901-5B4A-.exe, 00000223.00000002.15184899375.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15083345539.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068818411.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15054471310.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15054982696.0000000004041000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: r14836901-5B4A-.exe, 00000223.00000001.14993436130.0000000000649000.00000020.00000001.01000000.00000009.sdmp String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: r14836901-5B4A-.exe, r14836901-5B4A-.exe, 00000000.00000002.15069634123.000000000040A000.00000004.00000001.01000000.00000003.sdmp, r14836901-5B4A-.exe, 00000000.00000000.13754360438.000000000040A000.00000008.00000001.01000000.00000003.sdmp, r14836901-5B4A-.exe, 00000223.00000000.14992341921.000000000040A000.00000008.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: r14836901-5B4A-.exe, 00000000.00000002.15069634123.000000000040A000.00000004.00000001.01000000.00000003.sdmp, r14836901-5B4A-.exe, 00000000.00000000.13754360438.000000000040A000.00000008.00000001.01000000.00000003.sdmp, r14836901-5B4A-.exe, 00000223.00000000.14992341921.000000000040A000.00000008.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: r14836901-5B4A-.exe, 00000223.00000001.14993436130.0000000000649000.00000020.00000001.01000000.00000009.sdmp String found in binary or memory: http://www.gopher.ftp://ftp.
Source: r14836901-5B4A-.exe, 00000223.00000001.14993436130.0000000000626000.00000020.00000001.01000000.00000009.sdmp String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: r14836901-5B4A-.exe, 00000223.00000002.15184899375.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15083345539.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068818411.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15054471310.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15054982696.0000000004041000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadis.bm0
Source: r14836901-5B4A-.exe, 00000223.00000001.14993436130.00000000005F2000.00000020.00000001.01000000.00000009.sdmp String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
Source: r14836901-5B4A-.exe, 00000223.00000001.14993436130.00000000005F2000.00000020.00000001.01000000.00000009.sdmp String found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
Source: r14836901-5B4A-.exe, 00000223.00000003.15054471310.000000000408A000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068267733.000000000408A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://apis.google.com
Source: r14836901-5B4A-.exe, 00000223.00000002.15184275300.0000000003FB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/
Source: r14836901-5B4A-.exe, 00000223.00000002.15184275300.0000000003FB8000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000002.15196705042.00000000334D0000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/uc?export=download&id=1VirI3BbuQKTaxGu1SQZGGLkm8DemZFot
Source: r14836901-5B4A-.exe, 00000223.00000002.15184275300.0000000003FB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/uc?export=download&id=1VirI3BbuQKTaxGu1SQZGGLkm8DemZFot3
Source: r14836901-5B4A-.exe, 00000223.00000002.15184275300.0000000003FB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/uc?export=download&id=1VirI3BbuQKTaxGu1SQZGGLkm8DemZFotN
Source: r14836901-5B4A-.exe, 00000223.00000002.15184275300.0000000003FB8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.google.com/uc?export=download&id=1VirI3BbuQKTaxGu1SQZGGLkm8DemZFotx
Source: r14836901-5B4A-.exe, 00000223.00000002.15184899375.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15083345539.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068818411.0000000004041000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.usercontent.google.com/
Source: r14836901-5B4A-.exe, 00000223.00000002.15184899375.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15083345539.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068818411.0000000004041000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.usercontent.google.com/J
Source: r14836901-5B4A-.exe, 00000223.00000003.15054471310.000000000408A000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068267733.000000000408A000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000002.15184899375.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000002.15184275300.000000000400F000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15083589691.0000000004016000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15083345539.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068818411.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15082866182.000000000400D000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15083589691.000000000400D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.usercontent.google.com/download?id=1VirI3BbuQKTaxGu1SQZGGLkm8DemZFot&export=download
Source: r14836901-5B4A-.exe, 00000223.00000002.15184275300.0000000004016000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://drive.usercontent.google.com/download?id=1VirI3BbuQKTaxGu1SQZGGLkm8DemZFot&export=download-H
Source: r14836901-5B4A-.exe, 00000223.00000001.14993436130.0000000000649000.00000020.00000001.01000000.00000009.sdmp String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: r14836901-5B4A-.exe, 00000223.00000002.15184899375.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15083345539.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068818411.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15054471310.0000000004041000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15054982696.0000000004041000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: r14836901-5B4A-.exe, 00000223.00000003.15054471310.000000000408A000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068267733.000000000408A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ssl.gstatic.com
Source: r14836901-5B4A-.exe, 00000223.00000003.15054471310.000000000408A000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068267733.000000000408A000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15083589691.0000000004016000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000002.15184275300.0000000004016000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google-analytics.com;report-uri
Source: r14836901-5B4A-.exe, 00000223.00000003.15054471310.000000000408A000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068267733.000000000408A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com
Source: r14836901-5B4A-.exe, 00000223.00000003.15054471310.000000000408A000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068267733.000000000408A000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15083589691.0000000004016000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000002.15184275300.0000000004016000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.googletagmanager.com
Source: r14836901-5B4A-.exe, 00000223.00000003.15054471310.000000000408A000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15068267733.000000000408A000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000003.15083589691.0000000004016000.00000004.00000020.00020000.00000000.sdmp, r14836901-5B4A-.exe, 00000223.00000002.15184275300.0000000004016000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com
Source: unknown Network traffic detected: HTTP traffic on port 50387 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50388 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50388
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50387
Source: unknown HTTPS traffic detected: 142.250.65.174:443 -> 192.168.11.20:50387 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.251.35.161:443 -> 192.168.11.20:50388 version: TLS 1.2
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 0_2_004051CA GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_004051CA

E-Banking Fraud

barindex
Source: Yara match File source: 00000227.00000002.18838668946.00000000014B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000223.00000002.15198144068.0000000033DE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000226.00000002.18840181821.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000226.00000002.18840696565.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000226.00000002.18830755989.0000000000540000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000223.00000002.15199197968.0000000035840000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000225.00000002.18840425519.00000000042D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: conhost.exe Process created: 270

System Summary

barindex
Source: 00000227.00000002.18838668946.00000000014B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000223.00000002.15198144068.0000000033DE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000226.00000002.18840181821.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000226.00000002.18840696565.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000226.00000002.18830755989.0000000000540000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000223.00000002.15199197968.0000000035840000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000225.00000002.18840425519.00000000042D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Dropped file: MD5: b38561661a7164e3bbb04edc3718fe89 Family: Chafer Alias: APT39, Chafer Description: Chafers (also known as APT39) focus on the telecommunications and travel industries suggests intent to perform monitoring, tracking, or surveillance operations against specific individuals. While its targeting scope is global, the activities are concentrated in the Middle East. Government entities targeting suggests a potential secondary intent to collect geopolitical data that may benefit nation-state decision making. References: https://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html https://mp.weixin.qq.com/s/c2z4laJ0oq5y0BAEFM3Y9wData Source: https://github.com/RedDrip7/APT_Digital_Weapon
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341634E0 NtCreateMutant,LdrInitializeThunk, 547_2_341634E0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34162D10 NtQuerySystemInformation,LdrInitializeThunk, 547_2_34162D10
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34162B90 NtFreeVirtualMemory,LdrInitializeThunk, 547_2_34162B90
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34163C30 NtOpenProcessToken, 547_2_34163C30
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34163C90 NtOpenThread, 547_2_34163C90
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341638D0 NtGetContextThread, 547_2_341638D0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34164570 NtSuspendThread, 547_2_34164570
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34164260 NtSetContextThread, 547_2_34164260
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34162C10 NtOpenProcess, 547_2_34162C10
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34162C30 NtMapViewOfSection, 547_2_34162C30
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34162C20 NtSetInformationFile, 547_2_34162C20
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34162C50 NtUnmapViewOfSection, 547_2_34162C50
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34162CD0 NtEnumerateKey, 547_2_34162CD0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 0_2_004031F1 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_004031F1
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 0_2_00406742 0_2_00406742
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 0_2_00404A09 0_2_00404A09
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 0_2_00406F19 0_2_00406F19
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341C5490 547_2_341C5490
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3419D480 547_2_3419D480
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34175550 547_2_34175550
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341EF5C9 547_2_341EF5C9
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341E75C6 547_2_341E75C6
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341CD62C 547_2_341CD62C
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341D1623 547_2_341D1623
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341DD646 547_2_341DD646
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341EF6F6 547_2_341EF6F6
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341A36EC 547_2_341A36EC
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_340F1707 547_2_340F1707
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3416508C 547_2_3416508C
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3413B0D0 547_2_3413B0D0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341E70F1 547_2_341E70F1
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3411F113 547_2_3411F113
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341CD130 547_2_341CD130
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3417717A 547_2_3417717A
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341351C0 547_2_341351C0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3414B1E0 547_2_3414B1E0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341E124C 547_2_341E124C
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3411D2EC 547_2_3411D2EC
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341EF330 547_2_341EF330
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34121380 547_2_34121380
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34133C60 547_2_34133C60
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341C9C98 547_2_341C9C98
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_340F1C9F 547_2_340F1C9F
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341B7CE8 547_2_341B7CE8
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3414FCE0 547_2_3414FCE0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341EFD27 547_2_341EFD27
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341E3D22 547_2_341E3D22
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341E7D4C 547_2_341E7D4C
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34139DD0 547_2_34139DD0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341CFDF4 547_2_341CFDF4
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34131EB2 547_2_34131EB2
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341E9ED2 547_2_341E9ED2
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341AFF40 547_2_341AFF40
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341EFF63 547_2_341EFF63
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341D3FA0 547_2_341D3FA0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341E1FC6 547_2_341E1FC6
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34133800 547_2_34133800
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34139870 547_2_34139870
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3414B870 547_2_3414B870
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341A5870 547_2_341A5870
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341EF872 547_2_341EF872
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341A98B2 547_2_341A98B2
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341E18DA 547_2_341E18DA
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341E78F3 547_2_341E78F3
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341759C0 547_2_341759C0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_340F99E8 547_2_340F99E8
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341EFA89 547_2_341EFA89
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3414FAA0 547_2_3414FAA0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3416DB19 547_2_3416DB19
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341EFB2E 547_2_341EFB2E
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341C1B80 547_2_341C1B80
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34130445 547_2_34130445
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341FA526 547_2_341FA526
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3414C600 547_2_3414C600
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34154670 547_2_34154670
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34130680 547_2_34130680
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341EA6C0 547_2_341EA6C0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3412C6E0 547_2_3412C6E0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341E6757 547_2_341E6757
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3413A760 547_2_3413A760
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34132760 547_2_34132760
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341DE076 547_2_341DE076
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341200A0 547_2_341200A0
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341F010E 547_2_341F010E
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_340F2245 547_2_340F2245
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3413E310 547_2_3413E310
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34120C12 547_2_34120C12
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_3413AC20 547_2_3413AC20
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341AEC20 547_2_341AEC20
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341DEC4C 547_2_341DEC4C
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341E6C69 547_2_341E6C69
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_341EEC60 547_2_341EEC60
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 547_2_34148CDF 547_2_34148CDF
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: String function: 3411B910 appears 191 times
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: String function: 341AEF10 appears 61 times
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: String function: 3419E692 appears 76 times
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: String function: 34177BE4 appears 91 times
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: String function: 34165050 appears 48 times
Source: r14836901-5B4A-.exe, 00000000.00000000.13754425340.0000000000456000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenametilhvisker.exe` vs r14836901-5B4A-.exe
Source: r14836901-5B4A-.exe, 00000223.00000003.15086066257.000000003406E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs r14836901-5B4A-.exe
Source: r14836901-5B4A-.exe, 00000223.00000003.15081364748.0000000033EC3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs r14836901-5B4A-.exe
Source: r14836901-5B4A-.exe, 00000223.00000002.15198251060.00000000343C0000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs r14836901-5B4A-.exe
Source: r14836901-5B4A-.exe, 00000223.00000002.15198251060.000000003421D000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs r14836901-5B4A-.exe
Source: r14836901-5B4A-.exe, 00000223.00000003.15143317532.0000000033F40000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamermactivate.exej% vs r14836901-5B4A-.exe
Source: r14836901-5B4A-.exe, 00000223.00000000.14992438473.0000000000456000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenametilhvisker.exe` vs r14836901-5B4A-.exe
Source: r14836901-5B4A-.exe, 00000223.00000003.15142897085.0000000033E23000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamermactivate.exej% vs r14836901-5B4A-.exe
Source: r14836901-5B4A-.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: 00000227.00000002.18838668946.00000000014B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000223.00000002.15198144068.0000000033DE0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000226.00000002.18840181821.0000000002D80000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000226.00000002.18840696565.0000000002DD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000226.00000002.18830755989.0000000000540000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000223.00000002.15199197968.0000000035840000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000225.00000002.18840425519.00000000042D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: classification engine Classification label: mal100.troj.evad.winEXE@700/22@20/12
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 0_2_004031F1 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_004031F1
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 0_2_00404496 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, 0_2_00404496
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe Code function: 0_2_004020CB CoCreateInstance,MultiByteToWideChar, 0_2_004020CB
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe File created: C:\Program Files (x86)\Common Files\carbonite.ini Jump to behavior
Source: C:\Users\user\Desktop\r14836901-5B4A-.exe File created: C:\Users\user\AppData\Local\outline Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6952:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7180:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5760:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2484:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2772:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2720:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3628:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6088:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4400:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3804:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5796:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2196:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4684:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3520:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8172:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7080:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:928:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4796:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7336:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5656:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2076:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1832:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4612:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3308:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1628:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7392:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5040:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4652:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6132:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7192:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6320:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1248:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6264:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4400:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1576:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7400:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7412:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6276:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8004:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4900:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1424:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3608:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7392:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1284:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5460:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:612:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7708:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7336:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5648:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5992:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4332:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5040:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7048:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1648:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6948:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3632:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2072:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4900:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7632:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8060:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7920:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2072:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7048:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6588:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1768:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4472:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3464:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2792:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7088:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6520:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5792:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7692:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5828:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5444:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7612:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4780:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6152:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3508:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3464:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6804:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2784:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4416:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5448:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6152:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7060:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5796:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1932:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3708:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6800:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3584:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2152:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7968:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6780:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1500:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1864:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2096:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7944:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6720:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4244:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7300:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4300:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5548:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1784:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4980:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2152:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7964:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6032:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7692:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8036:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6772:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7612:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2564:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7260:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5932:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7808:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:908:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4332:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6692:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1296:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3656:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2724:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6844:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5288:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2408:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3092:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3092:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6292:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8060:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1332:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2076:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3328:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7608:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1648:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5320:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4260:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5036:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6704:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7344:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7412:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6320:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1328:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1932:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7808:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3412:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7620:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4552:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7080:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5276:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7608:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5288:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1832:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5412:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6368:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7060:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3424:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6492:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5856:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8172:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3348:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6064:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5008:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1940:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8052:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5448:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3156:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6800:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2624:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6948:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5132:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6368:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6484:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5596:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:284:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1756:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3156:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1500:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1896:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6224:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1408:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5548:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1248:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7988:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7504:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1488:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2124:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1204:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7744:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7704:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3328:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5792:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1340:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4260:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2096:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2420:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7480:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1768:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7008:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4812:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2500:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6264:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6492:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7744:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5008:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6588:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6224:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2768:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4492:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5132:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6836:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7176:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7400:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5904:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7536:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5760:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3412:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7708:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7620:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3516:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1816:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7964:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:628:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7944:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:628:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6044:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2644:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4652:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6064:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3708:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3584:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7340:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2456:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7968:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7536:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5444:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7508:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5828:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:928:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2644:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4796:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5480:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2456:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5276:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2932:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6424:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6712:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3428:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3748:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2484:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3632:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7928:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2772:304:WilStaging_02
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1308:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2068:120:WilError_03
Source: C:\Windows\System32\conhost.exe