| Source: explorer.exe, 00000021.00000002.672058340.00007FFD77B49000.00000002.00020000.sdmp |
String found in binary or memory: http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov |
| Source: explorer.exe, 00000021.00000002.672058340.00007FFD77B49000.00000002.00020000.sdmp |
String found in binary or memory: http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro |
| Source: explorer.exe, 00000013.00000000.603040111.0000000007341000.00000004.00000001.sdmp, explorer.exe, 00000013.00000000.541707510.00000000073BD000.00000004.00000001.sdmp, explorer.exe, 00000013.00000003.542503961.00000000073BD000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
| Source: Ziraat Bankasi Swift Mesaji.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_Error |
| Source: Ziraat Bankasi Swift Mesaji.exe |
String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.autocarbying101.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.autocarbying101.com/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.autocarbying101.com/a0p6/www.progressiveprizes.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.autocarbying101.comReferer: |
| Source: explorer.exe, 00000005.00000000.380852977.000000000095C000.00000004.00000020.sdmp, explorer.exe, 00000005.00000000.396097413.000000000095C000.00000004.00000020.sdmp, explorer.exe, 00000005.00000000.416041190.000000000095C000.00000004.00000020.sdmp |
String found in binary or memory: http://www.autoitscript.com/autoit3/J |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.barterlinealarmselect.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.barterlinealarmselect.com/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.barterlinealarmselect.com/a0p6/www.autocarbying101.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.barterlinealarmselect.comReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.digitalmedicinetechnologies.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.digitalmedicinetechnologies.com/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.digitalmedicinetechnologies.comReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fastvpnreward.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fastvpnreward.com/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fastvpnreward.com/a0p6/www.digitalmedicinetechnologies.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.fastvpnreward.comReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.freedomwoofpackcom.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.freedomwoofpackcom.com/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.freedomwoofpackcom.com/a0p6/www.taxlaws.info |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.freedomwoofpackcom.comReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.gridironagriculturist.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.gridironagriculturist.com/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.gridironagriculturist.com/a0p6/www.hpessoa.website |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.gridironagriculturist.comReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.hpessoa.website |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.hpessoa.website/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.hpessoa.website/a0p6/www.freedomwoofpackcom.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.hpessoa.websiteReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.pawsitiveclosings.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.pawsitiveclosings.com/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.pawsitiveclosings.com/a0p6/www.ruokanetti.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.pawsitiveclosings.comReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.progressiveprizes.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.progressiveprizes.com/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.progressiveprizes.com/a0p6/www.fastvpnreward.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.progressiveprizes.comReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.ruokanetti.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.ruokanetti.com/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.ruokanetti.com/a0p6/www.barterlinealarmselect.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.ruokanetti.comReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.surpmel.xyz |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.surpmel.xyz/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.surpmel.xyz/a0p6/www.pawsitiveclosings.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.surpmel.xyzReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.taxlaws.info |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.taxlaws.info/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.taxlaws.info/a0p6/www.wu8g8aerxgjr.xyz |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.taxlaws.infoReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.transformselfhypnosis.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.transformselfhypnosis.com/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.transformselfhypnosis.com/a0p6/www.www37118.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.transformselfhypnosis.comReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.wu8g8aerxgjr.xyz |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.wu8g8aerxgjr.xyz/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.wu8g8aerxgjr.xyz/a0p6/www.surpmel.xyz |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.wu8g8aerxgjr.xyzReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.www37118.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.www37118.com/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.www37118.com/a0p6/www.gridironagriculturist.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.www37118.comReferer: |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.ys688.xyz |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.ys688.xyz/a0p6/ |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.ys688.xyz/a0p6/www.transformselfhypnosis.com |
| Source: explorer.exe, 00000021.00000002.666305724.0000000009719000.00000004.00000001.sdmp |
String found in binary or memory: http://www.ys688.xyzReferer: |
| Source: 3.1.Ziraat Bankasi Swift Mesaji.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.1.Ziraat Bankasi Swift Mesaji.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.0.Ziraat Bankasi Swift Mesaji.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.0.Ziraat Bankasi Swift Mesaji.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.1.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.1.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 1.2.Ziraat Bankasi Swift Mesaji.exe.3050000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.2.Ziraat Bankasi Swift Mesaji.exe.3050000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 1.2.Ziraat Bankasi Swift Mesaji.exe.3050000.4.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.2.Ziraat Bankasi Swift Mesaji.exe.3050000.4.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.0.Ziraat Bankasi Swift Mesaji.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.0.Ziraat Bankasi Swift Mesaji.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.0.Ziraat Bankasi Swift Mesaji.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.0.Ziraat Bankasi Swift Mesaji.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.0.Ziraat Bankasi Swift Mesaji.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.0.Ziraat Bankasi Swift Mesaji.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.2.Ziraat Bankasi Swift Mesaji.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.0.Ziraat Bankasi Swift Mesaji.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.0.Ziraat Bankasi Swift Mesaji.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000003.00000001.376553796.0000000000400000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000003.00000001.376553796.0000000000400000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000003.00000002.436846842.0000000000490000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000003.00000002.436846842.0000000000490000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000005.00000000.412084086.000000000F0C5000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000005.00000000.412084086.000000000F0C5000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000001.00000002.377484332.0000000003050000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000001.00000002.377484332.0000000003050000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000B.00000002.647118949.0000000000880000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000B.00000002.647118949.0000000000880000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000003.00000000.374508026.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000003.00000000.374508026.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000003.00000000.375573868.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000003.00000000.375573868.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000003.00000002.436931041.00000000004C0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000003.00000002.436931041.00000000004C0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000B.00000002.649679782.00000000010F0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000B.00000002.649679782.00000000010F0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000003.00000002.436115346.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000003.00000002.436115346.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000B.00000002.649486951.00000000010C0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000B.00000002.649486951.00000000010C0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_0041A360 NtCreateFile, |
3_2_0041A360 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_0041A410 NtReadFile, |
3_2_0041A410 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_0041A490 NtClose, |
3_2_0041A490 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_0041A540 NtAllocateVirtualMemory, |
3_2_0041A540 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_0041A35E NtCreateFile, |
3_2_0041A35E |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_0041A3BA NtCreateFile, |
3_2_0041A3BA |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_0041A40A NtReadFile, |
3_2_0041A40A |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_0041A48D NtClose, |
3_2_0041A48D |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_0041A53A NtAllocateVirtualMemory, |
3_2_0041A53A |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD98F0 NtReadVirtualMemory,LdrInitializeThunk, |
3_2_00AD98F0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9860 NtQuerySystemInformation,LdrInitializeThunk, |
3_2_00AD9860 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9840 NtDelayExecution,LdrInitializeThunk, |
3_2_00AD9840 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD99A0 NtCreateSection,LdrInitializeThunk, |
3_2_00AD99A0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9910 NtAdjustPrivilegesToken,LdrInitializeThunk, |
3_2_00AD9910 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9A20 NtResumeThread,LdrInitializeThunk, |
3_2_00AD9A20 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9A00 NtProtectVirtualMemory,LdrInitializeThunk, |
3_2_00AD9A00 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9A50 NtCreateFile,LdrInitializeThunk, |
3_2_00AD9A50 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD95D0 NtClose,LdrInitializeThunk, |
3_2_00AD95D0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9540 NtReadFile,LdrInitializeThunk, |
3_2_00AD9540 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD96E0 NtFreeVirtualMemory,LdrInitializeThunk, |
3_2_00AD96E0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9660 NtAllocateVirtualMemory,LdrInitializeThunk, |
3_2_00AD9660 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD97A0 NtUnmapViewOfSection,LdrInitializeThunk, |
3_2_00AD97A0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9780 NtMapViewOfSection,LdrInitializeThunk, |
3_2_00AD9780 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9710 NtQueryInformationToken,LdrInitializeThunk, |
3_2_00AD9710 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD98A0 NtWriteVirtualMemory, |
3_2_00AD98A0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9820 NtEnumerateKey, |
3_2_00AD9820 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ADB040 NtSuspendThread, |
3_2_00ADB040 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD99D0 NtCreateProcessEx, |
3_2_00AD99D0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9950 NtQueueApcThread, |
3_2_00AD9950 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9A80 NtOpenDirectoryObject, |
3_2_00AD9A80 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD9A10 NtQuerySection, |
3_2_00AD9A10 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ADA3B0 NtGetContextThread, |
3_2_00ADA3B0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049295D0 NtClose,LdrInitializeThunk, |
11_2_049295D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929540 NtReadFile,LdrInitializeThunk, |
11_2_04929540 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049296D0 NtCreateKey,LdrInitializeThunk, |
11_2_049296D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049296E0 NtFreeVirtualMemory,LdrInitializeThunk, |
11_2_049296E0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929650 NtQueryValueKey,LdrInitializeThunk, |
11_2_04929650 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929660 NtAllocateVirtualMemory,LdrInitializeThunk, |
11_2_04929660 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929780 NtMapViewOfSection,LdrInitializeThunk, |
11_2_04929780 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929FE0 NtCreateMutant,LdrInitializeThunk, |
11_2_04929FE0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929710 NtQueryInformationToken,LdrInitializeThunk, |
11_2_04929710 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929840 NtDelayExecution,LdrInitializeThunk, |
11_2_04929840 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929860 NtQuerySystemInformation,LdrInitializeThunk, |
11_2_04929860 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049299A0 NtCreateSection,LdrInitializeThunk, |
11_2_049299A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929910 NtAdjustPrivilegesToken,LdrInitializeThunk, |
11_2_04929910 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929A50 NtCreateFile,LdrInitializeThunk, |
11_2_04929A50 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049295F0 NtQueryInformationFile, |
11_2_049295F0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0492AD30 NtSetContextThread, |
11_2_0492AD30 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929520 NtWaitForSingleObject, |
11_2_04929520 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929560 NtWriteFile, |
11_2_04929560 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929610 NtEnumerateValueKey, |
11_2_04929610 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929670 NtQueryInformationProcess, |
11_2_04929670 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049297A0 NtUnmapViewOfSection, |
11_2_049297A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0492A710 NtOpenProcessToken, |
11_2_0492A710 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929730 NtQueryVirtualMemory, |
11_2_04929730 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0492A770 NtOpenThread, |
11_2_0492A770 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929770 NtSetInformationFile, |
11_2_04929770 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929760 NtOpenProcess, |
11_2_04929760 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049298A0 NtWriteVirtualMemory, |
11_2_049298A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049298F0 NtReadVirtualMemory, |
11_2_049298F0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929820 NtEnumerateKey, |
11_2_04929820 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0492B040 NtSuspendThread, |
11_2_0492B040 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049299D0 NtCreateProcessEx, |
11_2_049299D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929950 NtQueueApcThread, |
11_2_04929950 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929A80 NtOpenDirectoryObject, |
11_2_04929A80 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929A10 NtQuerySection, |
11_2_04929A10 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929A00 NtProtectVirtualMemory, |
11_2_04929A00 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929A20 NtResumeThread, |
11_2_04929A20 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0492A3B0 NtGetContextThread, |
11_2_0492A3B0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04929B00 NtSetValueKey, |
11_2_04929B00 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0089A360 NtCreateFile, |
11_2_0089A360 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0089A490 NtClose, |
11_2_0089A490 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0089A410 NtReadFile, |
11_2_0089A410 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0089A540 NtAllocateVirtualMemory, |
11_2_0089A540 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0089A3BA NtCreateFile, |
11_2_0089A3BA |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0089A35E NtCreateFile, |
11_2_0089A35E |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0089A48D NtClose, |
11_2_0089A48D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0089A40A NtReadFile, |
11_2_0089A40A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0089A53A NtAllocateVirtualMemory, |
11_2_0089A53A |
| Source: explorer.exe, 00000013.00000003.590614314.000000000FD9A000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}neer |
| Source: explorer.exe, 00000005.00000000.425513181.00000000083E9000.00000004.00000001.sdmp |
Binary or memory string: VMware SATA CD00dRom0 |
| Source: explorer.exe, 00000013.00000003.535674507.0000000006A27000.00000004.00000001.sdmp |
Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000 |
| Source: explorer.exe, 00000021.00000002.665822941.000000000957C000.00000004.00000001.sdmp |
Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000OW |
| Source: explorer.exe, 00000013.00000003.590983457.0000000006C46000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
| Source: explorer.exe, 00000013.00000003.565805806.0000000006BBC000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}BeN |
| Source: explorer.exe, 00000005.00000000.420968283.0000000006410000.00000004.00000001.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
| Source: explorer.exe, 00000021.00000002.666401363.0000000009754000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW |
| Source: explorer.exe, 00000013.00000003.584991409.0000000006A45000.00000004.00000001.sdmp |
Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000 |
| Source: explorer.exe, 00000013.00000000.603040111.0000000007341000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}57 |
| Source: explorer.exe, 00000021.00000002.665913010.00000000095F7000.00000004.00000001.sdmp |
Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000r: |
| Source: explorer.exe, 00000013.00000003.545751829.0000000006B7F000.00000004.00000001.sdmp |
Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}b} |
| Source: explorer.exe, 00000013.00000000.536102345.000000000697D000.00000004.00000001.sdmp |
Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000370N%\ |
| Source: explorer.exe, 00000013.00000003.544843845.0000000006B94000.00000004.00000001.sdmp |
Binary or memory string: NECVMWarVMware SATA CD001.00'_ |
| Source: explorer.exe, 00000013.00000003.593585088.000000000FD85000.00000004.00000001.sdmp |
Binary or memory string: 00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
| Source: explorer.exe, 00000013.00000003.588709134.000000000FCC0000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/3K |
| Source: explorer.exe, 00000013.00000003.593310949.000000000FD85000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}yt |
| Source: explorer.exe, 00000013.00000003.562362034.000000000FCBB000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}+7O |
| Source: explorer.exe, 00000005.00000000.424457777.00000000082E2000.00000004.00000001.sdmp |
Binary or memory string: c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&+ |
| Source: explorer.exe, 00000013.00000000.602440774.0000000006B2E000.00000004.00000001.sdmp |
Binary or memory string: VMware SATA CD00CE |
| Source: explorer.exe, 00000013.00000000.536102345.000000000697D000.00000004.00000001.sdmp |
Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000~ |
| Source: explorer.exe, 00000013.00000003.535674507.0000000006A27000.00000004.00000001.sdmp |
Binary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000 |
| Source: explorer.exe, 00000013.00000003.592381868.000000000FD85000.00000004.00000001.sdmp |
Binary or memory string: 00#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Users |
| Source: explorer.exe, 00000013.00000000.602440774.0000000006B2E000.00000004.00000001.sdmp |
Binary or memory string: VMware SATA CD00 |
| Source: explorer.exe, 00000013.00000000.568908450.000000000FCC0000.00000004.00000001.sdmp |
Binary or memory string: \?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
| Source: explorer.exe, 00000021.00000002.665438809.0000000009480000.00000004.00000001.sdmp |
Binary or memory string: AASCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000 |
| Source: explorer.exe, 00000013.00000003.590983457.0000000006C46000.00000004.00000001.sdmp |
Binary or memory string: 63}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
| Source: explorer.exe, 00000013.00000003.553939027.000000000FCBB000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G4 |
| Source: explorer.exe, 00000013.00000000.602950824.00000000072F6000.00000004.00000001.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}} |
| Source: explorer.exe, 00000013.00000003.593310949.000000000FD85000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},tE |
| Source: explorer.exe, 00000013.00000003.562362034.000000000FCBB000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}(6N |
| Source: explorer.exe, 00000021.00000002.666014023.0000000009676000.00000004.00000001.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}{ |
| Source: explorer.exe, 00000013.00000003.562362034.000000000FCBB000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}x3 |
| Source: explorer.exe, 00000013.00000003.544843845.0000000006B94000.00000004.00000001.sdmp |
Binary or memory string: #cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
| Source: explorer.exe, 00000021.00000002.647185612.0000000001378000.00000004.00000020.sdmp |
Binary or memory string: k\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}9: |
| Source: explorer.exe, 00000005.00000000.416041190.000000000095C000.00000004.00000020.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G |
| Source: explorer.exe, 00000013.00000003.588709134.000000000FCC0000.00000004.00000001.sdmp |
Binary or memory string: War&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}x3 |
| Source: explorer.exe, 00000013.00000003.593585088.000000000FD85000.00000004.00000001.sdmp |
Binary or memory string: 630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}PackagesB |
| Source: explorer.exe, 00000013.00000000.536102345.000000000697D000.00000004.00000001.sdmp |
Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000Z |
| Source: explorer.exe, 00000021.00000002.665870216.0000000009596000.00000004.00000001.sdmp |
Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000[ |
| Source: explorer.exe, 00000013.00000003.544843845.0000000006B94000.00000004.00000001.sdmp |
Binary or memory string: NECVMWarVMware SATA CD001.00 |
| Source: explorer.exe, 00000013.00000003.562362034.000000000FCBB000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}D7 |
| Source: explorer.exe, 00000013.00000003.591014153.000000000FD99000.00000004.00000001.sdmp |
Binary or memory string: 63}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}H1 |
| Source: explorer.exe, 00000013.00000003.544843845.0000000006B94000.00000004.00000001.sdmp |
Binary or memory string: NECVMWarVMware SATA CD001.00 |
| Source: explorer.exe, 00000013.00000003.601967435.0000000006C45000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}soft.Windows.ContentDeliveryManager_cw5n1h2txyewy |
| Source: explorer.exe, 00000013.00000003.588709134.000000000FCC0000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}!1E |
| Source: explorer.exe, 00000013.00000003.592190476.000000000FD9A000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}H1 |
| Source: explorer.exe, 00000013.00000000.603040111.0000000007341000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}/ |
| Source: explorer.exe, 00000013.00000003.593294091.0000000006C45000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Bo |
| Source: explorer.exe, 00000013.00000003.546030446.0000000006BBC000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}`N |
| Source: explorer.exe, 00000013.00000003.545122290.0000000006B7E000.00000004.00000001.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\ |
| Source: explorer.exe, 00000013.00000003.592190476.000000000FD9A000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B |
| Source: explorer.exe, 00000013.00000003.592190476.000000000FD9A000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Bsk |
| Source: explorer.exe, 00000021.00000002.665913010.00000000095F7000.00000004.00000001.sdmp |
Binary or memory string: VMware SATA CD004% |
| Source: explorer.exe, 00000013.00000003.546030446.0000000006BBC000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9 |
| Source: explorer.exe, 00000021.00000002.659426654.00000000072CE000.00000004.00000001.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}( |
| Source: explorer.exe, 00000013.00000003.562362034.000000000FCBB000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y2 |
| Source: explorer.exe, 00000013.00000003.582323799.0000000006BBD000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B&L |
| Source: explorer.exe, 00000013.00000000.603040111.0000000007341000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}< |
| Source: explorer.exe, 00000013.00000003.588709134.000000000FCC0000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}-5I |
| Source: explorer.exe, 00000013.00000000.602660117.0000000006C44000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb |
| Source: explorer.exe, 00000013.00000003.535832651.000000000556D000.00000004.00000001.sdmp |
Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000@v |
| Source: explorer.exe, 00000021.00000002.647185612.0000000001378000.00000004.00000020.sdmp |
Binary or memory string: k\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}Wbem |
| Source: explorer.exe, 00000013.00000003.535674507.0000000006A27000.00000004.00000001.sdmp |
Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000N%\ |
| Source: explorer.exe, 00000021.00000002.665913010.00000000095F7000.00000004.00000001.sdmp |
Binary or memory string: VMware SATA CD00dRom0 >A |
| Source: explorer.exe, 00000013.00000003.582323799.0000000006BBD000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}BhO |
| Source: explorer.exe, 00000021.00000002.666014023.0000000009676000.00000004.00000001.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
| Source: explorer.exe, 00000013.00000003.562362034.000000000FCBB000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}{0 |
| Source: explorer.exe, 00000013.00000003.582323799.0000000006BBD000.00000004.00000001.sdmp |
Binary or memory string: 630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}B |
| Source: explorer.exe, 00000021.00000002.659697197.0000000007359000.00000004.00000001.sdmp |
Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000@v |
| Source: explorer.exe, 00000013.00000003.562362034.000000000FCBB000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}*4H |
| Source: explorer.exe, 00000013.00000003.544717660.0000000006AFC000.00000004.00000001.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
| Source: explorer.exe, 00000005.00000000.424457777.00000000082E2000.00000004.00000001.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}> |
| Source: explorer.exe, 00000013.00000003.592190476.000000000FD9A000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Blj |
| Source: explorer.exe, 00000013.00000003.590320155.0000000006C11000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}& |
| Source: explorer.exe, 00000013.00000003.587445417.00000000101BD000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}BHL |
| Source: explorer.exe, 00000013.00000003.535674507.0000000006A27000.00000004.00000001.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&1ec51bf7&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}} |
| Source: explorer.exe, 00000013.00000003.562362034.000000000FCBB000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.0D |
| Source: explorer.exe, 00000013.00000003.593310949.000000000FD85000.00000004.00000001.sdmp |
Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}PackagesB |
| Source: explorer.exe, 00000013.00000000.602745772.0000000007250000.00000004.00000001.sdmp |
Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000 |
| Source: explorer.exe, 00000005.00000000.389306018.0000000008430000.00000004.00000001.sdmp |
Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-; |
| Source: explorer.exe, 00000013.00000000.602675635.0000000006C47000.00000004.00000001.sdmp |
Binary or memory string: 0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}soft.Windows.ContentDeliveryManager_cw5n1h2txyewy |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 1_2_0019E7DA mov eax, dword ptr fs:[00000030h] |
1_2_0019E7DA |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 1_2_0019EB1C mov eax, dword ptr fs:[00000030h] |
1_2_0019EB1C |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 1_2_0019EA9F mov eax, dword ptr fs:[00000030h] |
1_2_0019EA9F |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 1_2_0019EADE mov eax, dword ptr fs:[00000030h] |
1_2_0019EADE |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 1_2_0019E9EE mov eax, dword ptr fs:[00000030h] |
1_2_0019E9EE |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD90AF mov eax, dword ptr fs:[00000030h] |
3_2_00AD90AF |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC20A0 mov eax, dword ptr fs:[00000030h] |
3_2_00AC20A0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC20A0 mov eax, dword ptr fs:[00000030h] |
3_2_00AC20A0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC20A0 mov eax, dword ptr fs:[00000030h] |
3_2_00AC20A0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC20A0 mov eax, dword ptr fs:[00000030h] |
3_2_00AC20A0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC20A0 mov eax, dword ptr fs:[00000030h] |
3_2_00AC20A0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC20A0 mov eax, dword ptr fs:[00000030h] |
3_2_00AC20A0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ACF0BF mov ecx, dword ptr fs:[00000030h] |
3_2_00ACF0BF |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ACF0BF mov eax, dword ptr fs:[00000030h] |
3_2_00ACF0BF |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ACF0BF mov eax, dword ptr fs:[00000030h] |
3_2_00ACF0BF |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A99080 mov eax, dword ptr fs:[00000030h] |
3_2_00A99080 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B13884 mov eax, dword ptr fs:[00000030h] |
3_2_00B13884 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B13884 mov eax, dword ptr fs:[00000030h] |
3_2_00B13884 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A958EC mov eax, dword ptr fs:[00000030h] |
3_2_00A958EC |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B2B8D0 mov eax, dword ptr fs:[00000030h] |
3_2_00B2B8D0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B2B8D0 mov ecx, dword ptr fs:[00000030h] |
3_2_00B2B8D0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B2B8D0 mov eax, dword ptr fs:[00000030h] |
3_2_00B2B8D0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B2B8D0 mov eax, dword ptr fs:[00000030h] |
3_2_00B2B8D0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B2B8D0 mov eax, dword ptr fs:[00000030h] |
3_2_00B2B8D0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B2B8D0 mov eax, dword ptr fs:[00000030h] |
3_2_00B2B8D0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AAB02A mov eax, dword ptr fs:[00000030h] |
3_2_00AAB02A |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AAB02A mov eax, dword ptr fs:[00000030h] |
3_2_00AAB02A |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AAB02A mov eax, dword ptr fs:[00000030h] |
3_2_00AAB02A |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AAB02A mov eax, dword ptr fs:[00000030h] |
3_2_00AAB02A |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC002D mov eax, dword ptr fs:[00000030h] |
3_2_00AC002D |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC002D mov eax, dword ptr fs:[00000030h] |
3_2_00AC002D |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC002D mov eax, dword ptr fs:[00000030h] |
3_2_00AC002D |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC002D mov eax, dword ptr fs:[00000030h] |
3_2_00AC002D |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC002D mov eax, dword ptr fs:[00000030h] |
3_2_00AC002D |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B64015 mov eax, dword ptr fs:[00000030h] |
3_2_00B64015 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B64015 mov eax, dword ptr fs:[00000030h] |
3_2_00B64015 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B17016 mov eax, dword ptr fs:[00000030h] |
3_2_00B17016 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B17016 mov eax, dword ptr fs:[00000030h] |
3_2_00B17016 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B17016 mov eax, dword ptr fs:[00000030h] |
3_2_00B17016 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B61074 mov eax, dword ptr fs:[00000030h] |
3_2_00B61074 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B52073 mov eax, dword ptr fs:[00000030h] |
3_2_00B52073 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AB0050 mov eax, dword ptr fs:[00000030h] |
3_2_00AB0050 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AB0050 mov eax, dword ptr fs:[00000030h] |
3_2_00AB0050 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC61A0 mov eax, dword ptr fs:[00000030h] |
3_2_00AC61A0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC61A0 mov eax, dword ptr fs:[00000030h] |
3_2_00AC61A0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B151BE mov eax, dword ptr fs:[00000030h] |
3_2_00B151BE |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B151BE mov eax, dword ptr fs:[00000030h] |
3_2_00B151BE |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B151BE mov eax, dword ptr fs:[00000030h] |
3_2_00B151BE |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B151BE mov eax, dword ptr fs:[00000030h] |
3_2_00B151BE |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B169A6 mov eax, dword ptr fs:[00000030h] |
3_2_00B169A6 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ACA185 mov eax, dword ptr fs:[00000030h] |
3_2_00ACA185 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ABC182 mov eax, dword ptr fs:[00000030h] |
3_2_00ABC182 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC2990 mov eax, dword ptr fs:[00000030h] |
3_2_00AC2990 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A9B1E1 mov eax, dword ptr fs:[00000030h] |
3_2_00A9B1E1 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A9B1E1 mov eax, dword ptr fs:[00000030h] |
3_2_00A9B1E1 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A9B1E1 mov eax, dword ptr fs:[00000030h] |
3_2_00A9B1E1 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B241E8 mov eax, dword ptr fs:[00000030h] |
3_2_00B241E8 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AB4120 mov eax, dword ptr fs:[00000030h] |
3_2_00AB4120 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AB4120 mov eax, dword ptr fs:[00000030h] |
3_2_00AB4120 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AB4120 mov eax, dword ptr fs:[00000030h] |
3_2_00AB4120 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AB4120 mov eax, dword ptr fs:[00000030h] |
3_2_00AB4120 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AB4120 mov ecx, dword ptr fs:[00000030h] |
3_2_00AB4120 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC513A mov eax, dword ptr fs:[00000030h] |
3_2_00AC513A |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC513A mov eax, dword ptr fs:[00000030h] |
3_2_00AC513A |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A99100 mov eax, dword ptr fs:[00000030h] |
3_2_00A99100 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A99100 mov eax, dword ptr fs:[00000030h] |
3_2_00A99100 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A99100 mov eax, dword ptr fs:[00000030h] |
3_2_00A99100 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A9C962 mov eax, dword ptr fs:[00000030h] |
3_2_00A9C962 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A9B171 mov eax, dword ptr fs:[00000030h] |
3_2_00A9B171 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A9B171 mov eax, dword ptr fs:[00000030h] |
3_2_00A9B171 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ABB944 mov eax, dword ptr fs:[00000030h] |
3_2_00ABB944 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ABB944 mov eax, dword ptr fs:[00000030h] |
3_2_00ABB944 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A952A5 mov eax, dword ptr fs:[00000030h] |
3_2_00A952A5 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A952A5 mov eax, dword ptr fs:[00000030h] |
3_2_00A952A5 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A952A5 mov eax, dword ptr fs:[00000030h] |
3_2_00A952A5 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A952A5 mov eax, dword ptr fs:[00000030h] |
3_2_00A952A5 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A952A5 mov eax, dword ptr fs:[00000030h] |
3_2_00A952A5 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AAAAB0 mov eax, dword ptr fs:[00000030h] |
3_2_00AAAAB0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AAAAB0 mov eax, dword ptr fs:[00000030h] |
3_2_00AAAAB0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ACFAB0 mov eax, dword ptr fs:[00000030h] |
3_2_00ACFAB0 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ACD294 mov eax, dword ptr fs:[00000030h] |
3_2_00ACD294 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ACD294 mov eax, dword ptr fs:[00000030h] |
3_2_00ACD294 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC2AE4 mov eax, dword ptr fs:[00000030h] |
3_2_00AC2AE4 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC2ACB mov eax, dword ptr fs:[00000030h] |
3_2_00AC2ACB |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD4A2C mov eax, dword ptr fs:[00000030h] |
3_2_00AD4A2C |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD4A2C mov eax, dword ptr fs:[00000030h] |
3_2_00AD4A2C |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AA8A0A mov eax, dword ptr fs:[00000030h] |
3_2_00AA8A0A |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B5AA16 mov eax, dword ptr fs:[00000030h] |
3_2_00B5AA16 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B5AA16 mov eax, dword ptr fs:[00000030h] |
3_2_00B5AA16 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AB3A1C mov eax, dword ptr fs:[00000030h] |
3_2_00AB3A1C |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A95210 mov eax, dword ptr fs:[00000030h] |
3_2_00A95210 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A95210 mov ecx, dword ptr fs:[00000030h] |
3_2_00A95210 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A95210 mov eax, dword ptr fs:[00000030h] |
3_2_00A95210 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A95210 mov eax, dword ptr fs:[00000030h] |
3_2_00A95210 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A9AA16 mov eax, dword ptr fs:[00000030h] |
3_2_00A9AA16 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A9AA16 mov eax, dword ptr fs:[00000030h] |
3_2_00A9AA16 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B4B260 mov eax, dword ptr fs:[00000030h] |
3_2_00B4B260 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B4B260 mov eax, dword ptr fs:[00000030h] |
3_2_00B4B260 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B68A62 mov eax, dword ptr fs:[00000030h] |
3_2_00B68A62 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AD927A mov eax, dword ptr fs:[00000030h] |
3_2_00AD927A |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B5EA55 mov eax, dword ptr fs:[00000030h] |
3_2_00B5EA55 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B24257 mov eax, dword ptr fs:[00000030h] |
3_2_00B24257 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A99240 mov eax, dword ptr fs:[00000030h] |
3_2_00A99240 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A99240 mov eax, dword ptr fs:[00000030h] |
3_2_00A99240 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A99240 mov eax, dword ptr fs:[00000030h] |
3_2_00A99240 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00A99240 mov eax, dword ptr fs:[00000030h] |
3_2_00A99240 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC4BAD mov eax, dword ptr fs:[00000030h] |
3_2_00AC4BAD |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC4BAD mov eax, dword ptr fs:[00000030h] |
3_2_00AC4BAD |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC4BAD mov eax, dword ptr fs:[00000030h] |
3_2_00AC4BAD |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B65BA5 mov eax, dword ptr fs:[00000030h] |
3_2_00B65BA5 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AA1B8F mov eax, dword ptr fs:[00000030h] |
3_2_00AA1B8F |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AA1B8F mov eax, dword ptr fs:[00000030h] |
3_2_00AA1B8F |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B4D380 mov ecx, dword ptr fs:[00000030h] |
3_2_00B4D380 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC2397 mov eax, dword ptr fs:[00000030h] |
3_2_00AC2397 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ACB390 mov eax, dword ptr fs:[00000030h] |
3_2_00ACB390 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00B5138A mov eax, dword ptr fs:[00000030h] |
3_2_00B5138A |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00ABDBE9 mov eax, dword ptr fs:[00000030h] |
3_2_00ABDBE9 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC03E2 mov eax, dword ptr fs:[00000030h] |
3_2_00AC03E2 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC03E2 mov eax, dword ptr fs:[00000030h] |
3_2_00AC03E2 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC03E2 mov eax, dword ptr fs:[00000030h] |
3_2_00AC03E2 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC03E2 mov eax, dword ptr fs:[00000030h] |
3_2_00AC03E2 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC03E2 mov eax, dword ptr fs:[00000030h] |
3_2_00AC03E2 |
| Source: C:\Users\user\Desktop\Ziraat Bankasi Swift Mesaji.exe |
Code function: 3_2_00AC03E2 mov eax, dword ptr fs:[00000030h] |
3_2_00AC03E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F849B mov eax, dword ptr fs:[00000030h] |
11_2_048F849B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B8CD6 mov eax, dword ptr fs:[00000030h] |
11_2_049B8CD6 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A14FB mov eax, dword ptr fs:[00000030h] |
11_2_049A14FB |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966CF0 mov eax, dword ptr fs:[00000030h] |
11_2_04966CF0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966CF0 mov eax, dword ptr fs:[00000030h] |
11_2_04966CF0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966CF0 mov eax, dword ptr fs:[00000030h] |
11_2_04966CF0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B740D mov eax, dword ptr fs:[00000030h] |
11_2_049B740D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B740D mov eax, dword ptr fs:[00000030h] |
11_2_049B740D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B740D mov eax, dword ptr fs:[00000030h] |
11_2_049B740D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1C06 mov eax, dword ptr fs:[00000030h] |
11_2_049A1C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966C0A mov eax, dword ptr fs:[00000030h] |
11_2_04966C0A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966C0A mov eax, dword ptr fs:[00000030h] |
11_2_04966C0A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966C0A mov eax, dword ptr fs:[00000030h] |
11_2_04966C0A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966C0A mov eax, dword ptr fs:[00000030h] |
11_2_04966C0A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491BC2C mov eax, dword ptr fs:[00000030h] |
11_2_0491BC2C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0497C450 mov eax, dword ptr fs:[00000030h] |
11_2_0497C450 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0497C450 mov eax, dword ptr fs:[00000030h] |
11_2_0497C450 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491A44B mov eax, dword ptr fs:[00000030h] |
11_2_0491A44B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490746D mov eax, dword ptr fs:[00000030h] |
11_2_0490746D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E2D8A mov eax, dword ptr fs:[00000030h] |
11_2_048E2D8A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E2D8A mov eax, dword ptr fs:[00000030h] |
11_2_048E2D8A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E2D8A mov eax, dword ptr fs:[00000030h] |
11_2_048E2D8A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E2D8A mov eax, dword ptr fs:[00000030h] |
11_2_048E2D8A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E2D8A mov eax, dword ptr fs:[00000030h] |
11_2_048E2D8A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491FD9B mov eax, dword ptr fs:[00000030h] |
11_2_0491FD9B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491FD9B mov eax, dword ptr fs:[00000030h] |
11_2_0491FD9B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04912581 mov eax, dword ptr fs:[00000030h] |
11_2_04912581 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04912581 mov eax, dword ptr fs:[00000030h] |
11_2_04912581 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04912581 mov eax, dword ptr fs:[00000030h] |
11_2_04912581 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04912581 mov eax, dword ptr fs:[00000030h] |
11_2_04912581 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04911DB5 mov eax, dword ptr fs:[00000030h] |
11_2_04911DB5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04911DB5 mov eax, dword ptr fs:[00000030h] |
11_2_04911DB5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04911DB5 mov eax, dword ptr fs:[00000030h] |
11_2_04911DB5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049135A1 mov eax, dword ptr fs:[00000030h] |
11_2_049135A1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B05AC mov eax, dword ptr fs:[00000030h] |
11_2_049B05AC |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B05AC mov eax, dword ptr fs:[00000030h] |
11_2_049B05AC |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966DC9 mov eax, dword ptr fs:[00000030h] |
11_2_04966DC9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966DC9 mov eax, dword ptr fs:[00000030h] |
11_2_04966DC9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966DC9 mov eax, dword ptr fs:[00000030h] |
11_2_04966DC9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966DC9 mov ecx, dword ptr fs:[00000030h] |
11_2_04966DC9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966DC9 mov eax, dword ptr fs:[00000030h] |
11_2_04966DC9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04966DC9 mov eax, dword ptr fs:[00000030h] |
11_2_04966DC9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04998DF1 mov eax, dword ptr fs:[00000030h] |
11_2_04998DF1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048FD5E0 mov eax, dword ptr fs:[00000030h] |
11_2_048FD5E0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048FD5E0 mov eax, dword ptr fs:[00000030h] |
11_2_048FD5E0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049AFDE2 mov eax, dword ptr fs:[00000030h] |
11_2_049AFDE2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049AFDE2 mov eax, dword ptr fs:[00000030h] |
11_2_049AFDE2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049AFDE2 mov eax, dword ptr fs:[00000030h] |
11_2_049AFDE2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049AFDE2 mov eax, dword ptr fs:[00000030h] |
11_2_049AFDE2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0496A537 mov eax, dword ptr fs:[00000030h] |
11_2_0496A537 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049AE539 mov eax, dword ptr fs:[00000030h] |
11_2_049AE539 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04914D3B mov eax, dword ptr fs:[00000030h] |
11_2_04914D3B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04914D3B mov eax, dword ptr fs:[00000030h] |
11_2_04914D3B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04914D3B mov eax, dword ptr fs:[00000030h] |
11_2_04914D3B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B8D34 mov eax, dword ptr fs:[00000030h] |
11_2_049B8D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F3D34 mov eax, dword ptr fs:[00000030h] |
11_2_048F3D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EAD30 mov eax, dword ptr fs:[00000030h] |
11_2_048EAD30 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04907D50 mov eax, dword ptr fs:[00000030h] |
11_2_04907D50 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04923D43 mov eax, dword ptr fs:[00000030h] |
11_2_04923D43 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04963540 mov eax, dword ptr fs:[00000030h] |
11_2_04963540 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04993D40 mov eax, dword ptr fs:[00000030h] |
11_2_04993D40 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490C577 mov eax, dword ptr fs:[00000030h] |
11_2_0490C577 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490C577 mov eax, dword ptr fs:[00000030h] |
11_2_0490C577 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0497FE87 mov eax, dword ptr fs:[00000030h] |
11_2_0497FE87 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049646A7 mov eax, dword ptr fs:[00000030h] |
11_2_049646A7 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B0EA5 mov eax, dword ptr fs:[00000030h] |
11_2_049B0EA5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B0EA5 mov eax, dword ptr fs:[00000030h] |
11_2_049B0EA5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B0EA5 mov eax, dword ptr fs:[00000030h] |
11_2_049B0EA5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B8ED6 mov eax, dword ptr fs:[00000030h] |
11_2_049B8ED6 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04928EC7 mov eax, dword ptr fs:[00000030h] |
11_2_04928EC7 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0499FEC0 mov eax, dword ptr fs:[00000030h] |
11_2_0499FEC0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049136CC mov eax, dword ptr fs:[00000030h] |
11_2_049136CC |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F76E2 mov eax, dword ptr fs:[00000030h] |
11_2_048F76E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049116E0 mov ecx, dword ptr fs:[00000030h] |
11_2_049116E0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491A61C mov eax, dword ptr fs:[00000030h] |
11_2_0491A61C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491A61C mov eax, dword ptr fs:[00000030h] |
11_2_0491A61C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EC600 mov eax, dword ptr fs:[00000030h] |
11_2_048EC600 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EC600 mov eax, dword ptr fs:[00000030h] |
11_2_048EC600 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EC600 mov eax, dword ptr fs:[00000030h] |
11_2_048EC600 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04918E00 mov eax, dword ptr fs:[00000030h] |
11_2_04918E00 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A1608 mov eax, dword ptr fs:[00000030h] |
11_2_049A1608 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0499FE3F mov eax, dword ptr fs:[00000030h] |
11_2_0499FE3F |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EE620 mov eax, dword ptr fs:[00000030h] |
11_2_048EE620 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F7E41 mov eax, dword ptr fs:[00000030h] |
11_2_048F7E41 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F7E41 mov eax, dword ptr fs:[00000030h] |
11_2_048F7E41 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F7E41 mov eax, dword ptr fs:[00000030h] |
11_2_048F7E41 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F7E41 mov eax, dword ptr fs:[00000030h] |
11_2_048F7E41 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F7E41 mov eax, dword ptr fs:[00000030h] |
11_2_048F7E41 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F7E41 mov eax, dword ptr fs:[00000030h] |
11_2_048F7E41 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049AAE44 mov eax, dword ptr fs:[00000030h] |
11_2_049AAE44 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049AAE44 mov eax, dword ptr fs:[00000030h] |
11_2_049AAE44 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F766D mov eax, dword ptr fs:[00000030h] |
11_2_048F766D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490AE73 mov eax, dword ptr fs:[00000030h] |
11_2_0490AE73 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490AE73 mov eax, dword ptr fs:[00000030h] |
11_2_0490AE73 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490AE73 mov eax, dword ptr fs:[00000030h] |
11_2_0490AE73 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490AE73 mov eax, dword ptr fs:[00000030h] |
11_2_0490AE73 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490AE73 mov eax, dword ptr fs:[00000030h] |
11_2_0490AE73 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04967794 mov eax, dword ptr fs:[00000030h] |
11_2_04967794 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04967794 mov eax, dword ptr fs:[00000030h] |
11_2_04967794 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04967794 mov eax, dword ptr fs:[00000030h] |
11_2_04967794 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F8794 mov eax, dword ptr fs:[00000030h] |
11_2_048F8794 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049237F5 mov eax, dword ptr fs:[00000030h] |
11_2_049237F5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490F716 mov eax, dword ptr fs:[00000030h] |
11_2_0490F716 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0497FF10 mov eax, dword ptr fs:[00000030h] |
11_2_0497FF10 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0497FF10 mov eax, dword ptr fs:[00000030h] |
11_2_0497FF10 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B070D mov eax, dword ptr fs:[00000030h] |
11_2_049B070D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B070D mov eax, dword ptr fs:[00000030h] |
11_2_049B070D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491A70E mov eax, dword ptr fs:[00000030h] |
11_2_0491A70E |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491A70E mov eax, dword ptr fs:[00000030h] |
11_2_0491A70E |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E4F2E mov eax, dword ptr fs:[00000030h] |
11_2_048E4F2E |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E4F2E mov eax, dword ptr fs:[00000030h] |
11_2_048E4F2E |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491E730 mov eax, dword ptr fs:[00000030h] |
11_2_0491E730 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490B73D mov eax, dword ptr fs:[00000030h] |
11_2_0490B73D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490B73D mov eax, dword ptr fs:[00000030h] |
11_2_0490B73D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048FEF40 mov eax, dword ptr fs:[00000030h] |
11_2_048FEF40 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048FFF60 mov eax, dword ptr fs:[00000030h] |
11_2_048FFF60 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B8F6A mov eax, dword ptr fs:[00000030h] |
11_2_049B8F6A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E9080 mov eax, dword ptr fs:[00000030h] |
11_2_048E9080 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04963884 mov eax, dword ptr fs:[00000030h] |
11_2_04963884 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04963884 mov eax, dword ptr fs:[00000030h] |
11_2_04963884 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491F0BF mov ecx, dword ptr fs:[00000030h] |
11_2_0491F0BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491F0BF mov eax, dword ptr fs:[00000030h] |
11_2_0491F0BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491F0BF mov eax, dword ptr fs:[00000030h] |
11_2_0491F0BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049120A0 mov eax, dword ptr fs:[00000030h] |
11_2_049120A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049120A0 mov eax, dword ptr fs:[00000030h] |
11_2_049120A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049120A0 mov eax, dword ptr fs:[00000030h] |
11_2_049120A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049120A0 mov eax, dword ptr fs:[00000030h] |
11_2_049120A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049120A0 mov eax, dword ptr fs:[00000030h] |
11_2_049120A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049120A0 mov eax, dword ptr fs:[00000030h] |
11_2_049120A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049290AF mov eax, dword ptr fs:[00000030h] |
11_2_049290AF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0497B8D0 mov eax, dword ptr fs:[00000030h] |
11_2_0497B8D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0497B8D0 mov ecx, dword ptr fs:[00000030h] |
11_2_0497B8D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0497B8D0 mov eax, dword ptr fs:[00000030h] |
11_2_0497B8D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0497B8D0 mov eax, dword ptr fs:[00000030h] |
11_2_0497B8D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0497B8D0 mov eax, dword ptr fs:[00000030h] |
11_2_0497B8D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0497B8D0 mov eax, dword ptr fs:[00000030h] |
11_2_0497B8D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E58EC mov eax, dword ptr fs:[00000030h] |
11_2_048E58EC |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E40E1 mov eax, dword ptr fs:[00000030h] |
11_2_048E40E1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E40E1 mov eax, dword ptr fs:[00000030h] |
11_2_048E40E1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E40E1 mov eax, dword ptr fs:[00000030h] |
11_2_048E40E1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490B8E4 mov eax, dword ptr fs:[00000030h] |
11_2_0490B8E4 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490B8E4 mov eax, dword ptr fs:[00000030h] |
11_2_0490B8E4 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04967016 mov eax, dword ptr fs:[00000030h] |
11_2_04967016 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04967016 mov eax, dword ptr fs:[00000030h] |
11_2_04967016 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04967016 mov eax, dword ptr fs:[00000030h] |
11_2_04967016 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B4015 mov eax, dword ptr fs:[00000030h] |
11_2_049B4015 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B4015 mov eax, dword ptr fs:[00000030h] |
11_2_049B4015 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A830 mov eax, dword ptr fs:[00000030h] |
11_2_0490A830 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A830 mov eax, dword ptr fs:[00000030h] |
11_2_0490A830 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A830 mov eax, dword ptr fs:[00000030h] |
11_2_0490A830 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A830 mov eax, dword ptr fs:[00000030h] |
11_2_0490A830 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048FB02A mov eax, dword ptr fs:[00000030h] |
11_2_048FB02A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048FB02A mov eax, dword ptr fs:[00000030h] |
11_2_048FB02A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048FB02A mov eax, dword ptr fs:[00000030h] |
11_2_048FB02A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048FB02A mov eax, dword ptr fs:[00000030h] |
11_2_048FB02A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491002D mov eax, dword ptr fs:[00000030h] |
11_2_0491002D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491002D mov eax, dword ptr fs:[00000030h] |
11_2_0491002D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491002D mov eax, dword ptr fs:[00000030h] |
11_2_0491002D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491002D mov eax, dword ptr fs:[00000030h] |
11_2_0491002D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491002D mov eax, dword ptr fs:[00000030h] |
11_2_0491002D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04900050 mov eax, dword ptr fs:[00000030h] |
11_2_04900050 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04900050 mov eax, dword ptr fs:[00000030h] |
11_2_04900050 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A2073 mov eax, dword ptr fs:[00000030h] |
11_2_049A2073 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B1074 mov eax, dword ptr fs:[00000030h] |
11_2_049B1074 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04912990 mov eax, dword ptr fs:[00000030h] |
11_2_04912990 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490C182 mov eax, dword ptr fs:[00000030h] |
11_2_0490C182 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491A185 mov eax, dword ptr fs:[00000030h] |
11_2_0491A185 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049651BE mov eax, dword ptr fs:[00000030h] |
11_2_049651BE |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049651BE mov eax, dword ptr fs:[00000030h] |
11_2_049651BE |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049651BE mov eax, dword ptr fs:[00000030h] |
11_2_049651BE |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049651BE mov eax, dword ptr fs:[00000030h] |
11_2_049651BE |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049099BF mov ecx, dword ptr fs:[00000030h] |
11_2_049099BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049099BF mov ecx, dword ptr fs:[00000030h] |
11_2_049099BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049099BF mov eax, dword ptr fs:[00000030h] |
11_2_049099BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049099BF mov ecx, dword ptr fs:[00000030h] |
11_2_049099BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049099BF mov ecx, dword ptr fs:[00000030h] |
11_2_049099BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049099BF mov eax, dword ptr fs:[00000030h] |
11_2_049099BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049099BF mov ecx, dword ptr fs:[00000030h] |
11_2_049099BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049099BF mov ecx, dword ptr fs:[00000030h] |
11_2_049099BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049099BF mov eax, dword ptr fs:[00000030h] |
11_2_049099BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049099BF mov ecx, dword ptr fs:[00000030h] |
11_2_049099BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049099BF mov ecx, dword ptr fs:[00000030h] |
11_2_049099BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049099BF mov eax, dword ptr fs:[00000030h] |
11_2_049099BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049669A6 mov eax, dword ptr fs:[00000030h] |
11_2_049669A6 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049161A0 mov eax, dword ptr fs:[00000030h] |
11_2_049161A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049161A0 mov eax, dword ptr fs:[00000030h] |
11_2_049161A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A49A4 mov eax, dword ptr fs:[00000030h] |
11_2_049A49A4 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A49A4 mov eax, dword ptr fs:[00000030h] |
11_2_049A49A4 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A49A4 mov eax, dword ptr fs:[00000030h] |
11_2_049A49A4 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A49A4 mov eax, dword ptr fs:[00000030h] |
11_2_049A49A4 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EB1E1 mov eax, dword ptr fs:[00000030h] |
11_2_048EB1E1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EB1E1 mov eax, dword ptr fs:[00000030h] |
11_2_048EB1E1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EB1E1 mov eax, dword ptr fs:[00000030h] |
11_2_048EB1E1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049741E8 mov eax, dword ptr fs:[00000030h] |
11_2_049741E8 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E9100 mov eax, dword ptr fs:[00000030h] |
11_2_048E9100 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E9100 mov eax, dword ptr fs:[00000030h] |
11_2_048E9100 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E9100 mov eax, dword ptr fs:[00000030h] |
11_2_048E9100 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491513A mov eax, dword ptr fs:[00000030h] |
11_2_0491513A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491513A mov eax, dword ptr fs:[00000030h] |
11_2_0491513A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04904120 mov eax, dword ptr fs:[00000030h] |
11_2_04904120 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04904120 mov eax, dword ptr fs:[00000030h] |
11_2_04904120 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04904120 mov eax, dword ptr fs:[00000030h] |
11_2_04904120 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04904120 mov eax, dword ptr fs:[00000030h] |
11_2_04904120 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04904120 mov ecx, dword ptr fs:[00000030h] |
11_2_04904120 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490B944 mov eax, dword ptr fs:[00000030h] |
11_2_0490B944 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490B944 mov eax, dword ptr fs:[00000030h] |
11_2_0490B944 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EC962 mov eax, dword ptr fs:[00000030h] |
11_2_048EC962 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EB171 mov eax, dword ptr fs:[00000030h] |
11_2_048EB171 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EB171 mov eax, dword ptr fs:[00000030h] |
11_2_048EB171 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491D294 mov eax, dword ptr fs:[00000030h] |
11_2_0491D294 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491D294 mov eax, dword ptr fs:[00000030h] |
11_2_0491D294 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491FAB0 mov eax, dword ptr fs:[00000030h] |
11_2_0491FAB0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E52A5 mov eax, dword ptr fs:[00000030h] |
11_2_048E52A5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E52A5 mov eax, dword ptr fs:[00000030h] |
11_2_048E52A5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E52A5 mov eax, dword ptr fs:[00000030h] |
11_2_048E52A5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E52A5 mov eax, dword ptr fs:[00000030h] |
11_2_048E52A5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E52A5 mov eax, dword ptr fs:[00000030h] |
11_2_048E52A5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048FAAB0 mov eax, dword ptr fs:[00000030h] |
11_2_048FAAB0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048FAAB0 mov eax, dword ptr fs:[00000030h] |
11_2_048FAAB0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04912ACB mov eax, dword ptr fs:[00000030h] |
11_2_04912ACB |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04912AE4 mov eax, dword ptr fs:[00000030h] |
11_2_04912AE4 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F8A0A mov eax, dword ptr fs:[00000030h] |
11_2_048F8A0A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04903A1C mov eax, dword ptr fs:[00000030h] |
11_2_04903A1C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049AAA16 mov eax, dword ptr fs:[00000030h] |
11_2_049AAA16 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049AAA16 mov eax, dword ptr fs:[00000030h] |
11_2_049AAA16 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EAA16 mov eax, dword ptr fs:[00000030h] |
11_2_048EAA16 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EAA16 mov eax, dword ptr fs:[00000030h] |
11_2_048EAA16 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E5210 mov eax, dword ptr fs:[00000030h] |
11_2_048E5210 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E5210 mov ecx, dword ptr fs:[00000030h] |
11_2_048E5210 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E5210 mov eax, dword ptr fs:[00000030h] |
11_2_048E5210 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E5210 mov eax, dword ptr fs:[00000030h] |
11_2_048E5210 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A229 mov eax, dword ptr fs:[00000030h] |
11_2_0490A229 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A229 mov eax, dword ptr fs:[00000030h] |
11_2_0490A229 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A229 mov eax, dword ptr fs:[00000030h] |
11_2_0490A229 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A229 mov eax, dword ptr fs:[00000030h] |
11_2_0490A229 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A229 mov eax, dword ptr fs:[00000030h] |
11_2_0490A229 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A229 mov eax, dword ptr fs:[00000030h] |
11_2_0490A229 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A229 mov eax, dword ptr fs:[00000030h] |
11_2_0490A229 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A229 mov eax, dword ptr fs:[00000030h] |
11_2_0490A229 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490A229 mov eax, dword ptr fs:[00000030h] |
11_2_0490A229 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04924A2C mov eax, dword ptr fs:[00000030h] |
11_2_04924A2C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04924A2C mov eax, dword ptr fs:[00000030h] |
11_2_04924A2C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04974257 mov eax, dword ptr fs:[00000030h] |
11_2_04974257 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E9240 mov eax, dword ptr fs:[00000030h] |
11_2_048E9240 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E9240 mov eax, dword ptr fs:[00000030h] |
11_2_048E9240 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E9240 mov eax, dword ptr fs:[00000030h] |
11_2_048E9240 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048E9240 mov eax, dword ptr fs:[00000030h] |
11_2_048E9240 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049AEA55 mov eax, dword ptr fs:[00000030h] |
11_2_049AEA55 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0492927A mov eax, dword ptr fs:[00000030h] |
11_2_0492927A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0499B260 mov eax, dword ptr fs:[00000030h] |
11_2_0499B260 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0499B260 mov eax, dword ptr fs:[00000030h] |
11_2_0499B260 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B8A62 mov eax, dword ptr fs:[00000030h] |
11_2_049B8A62 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F1B8F mov eax, dword ptr fs:[00000030h] |
11_2_048F1B8F |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048F1B8F mov eax, dword ptr fs:[00000030h] |
11_2_048F1B8F |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0491B390 mov eax, dword ptr fs:[00000030h] |
11_2_0491B390 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04912397 mov eax, dword ptr fs:[00000030h] |
11_2_04912397 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A138A mov eax, dword ptr fs:[00000030h] |
11_2_049A138A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0499D380 mov ecx, dword ptr fs:[00000030h] |
11_2_0499D380 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04914BAD mov eax, dword ptr fs:[00000030h] |
11_2_04914BAD |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04914BAD mov eax, dword ptr fs:[00000030h] |
11_2_04914BAD |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04914BAD mov eax, dword ptr fs:[00000030h] |
11_2_04914BAD |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B5BA5 mov eax, dword ptr fs:[00000030h] |
11_2_049B5BA5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049653CA mov eax, dword ptr fs:[00000030h] |
11_2_049653CA |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049653CA mov eax, dword ptr fs:[00000030h] |
11_2_049653CA |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049103E2 mov eax, dword ptr fs:[00000030h] |
11_2_049103E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049103E2 mov eax, dword ptr fs:[00000030h] |
11_2_049103E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049103E2 mov eax, dword ptr fs:[00000030h] |
11_2_049103E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049103E2 mov eax, dword ptr fs:[00000030h] |
11_2_049103E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049103E2 mov eax, dword ptr fs:[00000030h] |
11_2_049103E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049103E2 mov eax, dword ptr fs:[00000030h] |
11_2_049103E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_0490DBE9 mov eax, dword ptr fs:[00000030h] |
11_2_0490DBE9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049A131B mov eax, dword ptr fs:[00000030h] |
11_2_049A131B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_049B8B58 mov eax, dword ptr fs:[00000030h] |
11_2_049B8B58 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EDB40 mov eax, dword ptr fs:[00000030h] |
11_2_048EDB40 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EF358 mov eax, dword ptr fs:[00000030h] |
11_2_048EF358 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04913B7A mov eax, dword ptr fs:[00000030h] |
11_2_04913B7A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_04913B7A mov eax, dword ptr fs:[00000030h] |
11_2_04913B7A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 11_2_048EDB60 mov ecx, dword ptr fs:[00000030h] |
11_2_048EDB60 |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet