Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.alessandromargonari.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.alessandromargonari.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.alessandromargonari.com/nu06/www.languageforall.africa |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.alessandromargonari.comReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.alexwright.xyz |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.alexwright.xyz/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.alexwright.xyz/nu06/www.ballinc.online |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.alexwright.xyzReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.arrindellnotary.com |
Source: explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.arrindellnotary.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.arrindellnotary.comReferer: |
Source: explorer.exe, 00000001.00000000.308784009.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.573479962.0000000000921000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.autoitscript.com/autoit3/J |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.ballinc.online |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.ballinc.online/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.ballinc.online/nu06/www.hervelegerdressshop.co.uk |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.ballinc.onlineReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.coiffeur-kosmetik-basel1.ch |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.coiffeur-kosmetik-basel1.ch/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.coiffeur-kosmetik-basel1.ch/nu06/www.pyvob.xyz |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.coiffeur-kosmetik-basel1.chReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.edu-degrees-89998.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.edu-degrees-89998.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.edu-degrees-89998.com/nu06/www.arrindellnotary.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.edu-degrees-89998.comReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.eltres-iot.info |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.eltres-iot.info/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.eltres-iot.info/nu06/www.smartmetersystems.co.uk |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.eltres-iot.infoReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.evaluatemyathlete.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.evaluatemyathlete.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.evaluatemyathlete.com/nu06/www.coiffeur-kosmetik-basel1.ch |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.evaluatemyathlete.comReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.gonulserezart.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.gonulserezart.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.gonulserezart.com/nu06/www.evaluatemyathlete.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.gonulserezart.comReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.heikeshuwu.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.heikeshuwu.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.heikeshuwu.com/nu06/www.alessandromargonari.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.heikeshuwu.comReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.hervelegerdressshop.co.uk |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.hervelegerdressshop.co.uk/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.hervelegerdressshop.co.uk/nu06/www.edu-degrees-89998.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.hervelegerdressshop.co.ukReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.languageforall.africa |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.languageforall.africa/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.languageforall.africa/nu06/www.eltres-iot.info |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.languageforall.africaReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.letstalkreparation.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.letstalkreparation.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.letstalkreparation.com/nu06/www.zwangerschapvanweektotweek.net |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.letstalkreparation.comReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.pyvob.xyz |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.pyvob.xyz/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.pyvob.xyz/nu06/www.heikeshuwu.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.pyvob.xyzReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.smartmetersystems.co.uk |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.smartmetersystems.co.uk/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.smartmetersystems.co.uk/nu06/www.alexwright.xyz |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.smartmetersystems.co.ukReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.zwangerschapvanweektotweek.net |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.zwangerschapvanweektotweek.net/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.zwangerschapvanweektotweek.net/nu06/www.gonulserezart.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.zwangerschapvanweektotweek.netReferer: |
Source: Hbi8WUpShm.exe, type: SAMPLE |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: Hbi8WUpShm.exe, type: SAMPLE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: Hbi8WUpShm.exe, type: SAMPLE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 0.2.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0.2.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0.0.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 0.0.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0.0.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.340187458.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000000.00000002.340187458.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000000.00000002.340187458.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.573760954.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000002.00000002.573760954.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.573760954.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.573525615.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000002.00000002.573525615.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.573525615.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000000.304875108.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000000.00000000.304875108.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000000.00000000.304875108.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.573684424.0000000000D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000002.00000002.573684424.0000000000D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.573684424.0000000000D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.575081559.00000000058AF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000002.00000002.575081559.00000000058AF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.575081559.00000000058AF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000002.585228598.000000000FBA3000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_772cc62d Author: unknown |
Source: 00000000.00000002.343561110.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000000.00000002.343561110.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000000.00000002.343561110.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.343352693.0000000000D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000000.00000002.343352693.0000000000D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000000.00000002.343352693.0000000000D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.573431641.00000000008F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000002.00000002.573431641.00000000008F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.573431641.00000000008F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000002.586228708.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000001.00000002.586228708.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000001.00000002.586228708.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: Process Memory Space: Hbi8WUpShm.exe PID: 5868, type: MEMORYSTR |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: Process Memory Space: explorer.exe PID: 3324, type: MEMORYSTR |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: Process Memory Space: chkdsk.exe PID: 6012, type: MEMORYSTR |
Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: Hbi8WUpShm.exe, type: SAMPLE |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: Hbi8WUpShm.exe, type: SAMPLE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: Hbi8WUpShm.exe, type: SAMPLE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0.2.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.2.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.0.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0.0.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.0.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.340187458.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000002.340187458.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.340187458.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.573760954.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.573760954.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.573760954.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.573525615.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.573525615.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.573525615.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000000.304875108.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000000.304875108.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000000.304875108.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.573684424.0000000000D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.573684424.0000000000D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.573684424.0000000000D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.575081559.00000000058AF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.575081559.00000000058AF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.575081559.00000000058AF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000002.585228598.000000000FBA3000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_772cc62d os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8343b5d02d74791ba2d5d52d19a759f761de2b5470d935000bc27ea6c0633f5, id = 772cc62d-345c-42d8-97ab-f67e447ddca4, last_modified = 2022-07-18 |
Source: 00000000.00000002.343561110.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000002.343561110.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.343561110.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.343352693.0000000000D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000002.343352693.0000000000D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.343352693.0000000000D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.573431641.00000000008F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.573431641.00000000008F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.573431641.00000000008F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000002.586228708.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000001.00000002.586228708.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000001.00000002.586228708.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: Process Memory Space: Hbi8WUpShm.exe PID: 5868, type: MEMORYSTR |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: Process Memory Space: explorer.exe PID: 3324, type: MEMORYSTR |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: Process Memory Space: chkdsk.exe PID: 6012, type: MEMORYSTR |
Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe |
Code function: 0_2_0084A360 NtCreateFile, |
0_2_0084A360 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe |
Code function: 0_2_0084A490 NtClose, |
0_2_0084A490 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe |
Code function: 0_2_0084A410 NtReadFile, |
0_2_0084A410 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe |
Code function: 0_2_0084A540 NtAllocateVirtualMemory, |
0_2_0084A540 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe |
Code function: 0_2_0084A35A NtCreateFile, |
0_2_0084A35A |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe |
Code function: 0_2_0084A48A NtClose, |
0_2_0084A48A |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe |
Code function: 0_2_0084A40C NtReadFile, |
0_2_0084A40C |
Source: C:\Windows\explorer.exe |
Code function: 1_2_0FB8B232 NtCreateFile, |
1_2_0FB8B232 |
Source: C:\Windows\explorer.exe |
Code function: 1_2_0FB8CE12 NtProtectVirtualMemory, |
1_2_0FB8CE12 |
Source: C:\Windows\explorer.exe |
Code function: 1_2_0FB8CE0A NtProtectVirtualMemory, |
1_2_0FB8CE0A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9540 NtReadFile,LdrInitializeThunk, |
2_2_053E9540 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E95D0 NtClose,LdrInitializeThunk, |
2_2_053E95D0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9710 NtQueryInformationToken,LdrInitializeThunk, |
2_2_053E9710 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9780 NtMapViewOfSection,LdrInitializeThunk, |
2_2_053E9780 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9FE0 NtCreateMutant,LdrInitializeThunk, |
2_2_053E9FE0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9660 NtAllocateVirtualMemory,LdrInitializeThunk, |
2_2_053E9660 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9650 NtQueryValueKey,LdrInitializeThunk, |
2_2_053E9650 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E96E0 NtFreeVirtualMemory,LdrInitializeThunk, |
2_2_053E96E0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E96D0 NtCreateKey,LdrInitializeThunk, |
2_2_053E96D0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9910 NtAdjustPrivilegesToken,LdrInitializeThunk, |
2_2_053E9910 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E99A0 NtCreateSection,LdrInitializeThunk, |
2_2_053E99A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9860 NtQuerySystemInformation,LdrInitializeThunk, |
2_2_053E9860 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9840 NtDelayExecution,LdrInitializeThunk, |
2_2_053E9840 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9A50 NtCreateFile,LdrInitializeThunk, |
2_2_053E9A50 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053EAD30 NtSetContextThread, |
2_2_053EAD30 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9520 NtWaitForSingleObject, |
2_2_053E9520 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9560 NtWriteFile, |
2_2_053E9560 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E95F0 NtQueryInformationFile, |
2_2_053E95F0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9730 NtQueryVirtualMemory, |
2_2_053E9730 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053EA710 NtOpenProcessToken, |
2_2_053EA710 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053EA770 NtOpenThread, |
2_2_053EA770 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9770 NtSetInformationFile, |
2_2_053E9770 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9760 NtOpenProcess, |
2_2_053E9760 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E97A0 NtUnmapViewOfSection, |
2_2_053E97A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9610 NtEnumerateValueKey, |
2_2_053E9610 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9670 NtQueryInformationProcess, |
2_2_053E9670 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9950 NtQueueApcThread, |
2_2_053E9950 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E99D0 NtCreateProcessEx, |
2_2_053E99D0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9820 NtEnumerateKey, |
2_2_053E9820 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053EB040 NtSuspendThread, |
2_2_053EB040 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E98A0 NtWriteVirtualMemory, |
2_2_053E98A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E98F0 NtReadVirtualMemory, |
2_2_053E98F0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9B00 NtSetValueKey, |
2_2_053E9B00 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053EA3B0 NtGetContextThread, |
2_2_053EA3B0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9A20 NtResumeThread, |
2_2_053E9A20 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9A10 NtQuerySection, |
2_2_053E9A10 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9A00 NtProtectVirtualMemory, |
2_2_053E9A00 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E9A80 NtOpenDirectoryObject, |
2_2_053E9A80 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0090A360 NtCreateFile, |
2_2_0090A360 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0090A490 NtClose, |
2_2_0090A490 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0090A410 NtReadFile, |
2_2_0090A410 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0090A540 NtAllocateVirtualMemory, |
2_2_0090A540 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0090A35A NtCreateFile, |
2_2_0090A35A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0090A48A NtClose, |
2_2_0090A48A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0090A40C NtReadFile, |
2_2_0090A40C |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05423540 mov eax, dword ptr fs:[00000030h] |
2_2_05423540 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D4D3B mov eax, dword ptr fs:[00000030h] |
2_2_053D4D3B |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D4D3B mov eax, dword ptr fs:[00000030h] |
2_2_053D4D3B |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D4D3B mov eax, dword ptr fs:[00000030h] |
2_2_053D4D3B |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AAD30 mov eax, dword ptr fs:[00000030h] |
2_2_053AAD30 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
2_2_053B3D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053CC577 mov eax, dword ptr fs:[00000030h] |
2_2_053CC577 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053CC577 mov eax, dword ptr fs:[00000030h] |
2_2_053CC577 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053C7D50 mov eax, dword ptr fs:[00000030h] |
2_2_053C7D50 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05478D34 mov eax, dword ptr fs:[00000030h] |
2_2_05478D34 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0542A537 mov eax, dword ptr fs:[00000030h] |
2_2_0542A537 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E3D43 mov eax, dword ptr fs:[00000030h] |
2_2_053E3D43 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0546E539 mov eax, dword ptr fs:[00000030h] |
2_2_0546E539 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D1DB5 mov eax, dword ptr fs:[00000030h] |
2_2_053D1DB5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D1DB5 mov eax, dword ptr fs:[00000030h] |
2_2_053D1DB5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D1DB5 mov eax, dword ptr fs:[00000030h] |
2_2_053D1DB5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426DC9 mov eax, dword ptr fs:[00000030h] |
2_2_05426DC9 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426DC9 mov eax, dword ptr fs:[00000030h] |
2_2_05426DC9 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426DC9 mov eax, dword ptr fs:[00000030h] |
2_2_05426DC9 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426DC9 mov ecx, dword ptr fs:[00000030h] |
2_2_05426DC9 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426DC9 mov eax, dword ptr fs:[00000030h] |
2_2_05426DC9 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426DC9 mov eax, dword ptr fs:[00000030h] |
2_2_05426DC9 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D35A1 mov eax, dword ptr fs:[00000030h] |
2_2_053D35A1 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0546FDE2 mov eax, dword ptr fs:[00000030h] |
2_2_0546FDE2 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0546FDE2 mov eax, dword ptr fs:[00000030h] |
2_2_0546FDE2 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0546FDE2 mov eax, dword ptr fs:[00000030h] |
2_2_0546FDE2 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0546FDE2 mov eax, dword ptr fs:[00000030h] |
2_2_0546FDE2 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DFD9B mov eax, dword ptr fs:[00000030h] |
2_2_053DFD9B |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DFD9B mov eax, dword ptr fs:[00000030h] |
2_2_053DFD9B |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A2D8A mov eax, dword ptr fs:[00000030h] |
2_2_053A2D8A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A2D8A mov eax, dword ptr fs:[00000030h] |
2_2_053A2D8A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A2D8A mov eax, dword ptr fs:[00000030h] |
2_2_053A2D8A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A2D8A mov eax, dword ptr fs:[00000030h] |
2_2_053A2D8A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A2D8A mov eax, dword ptr fs:[00000030h] |
2_2_053A2D8A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05458DF1 mov eax, dword ptr fs:[00000030h] |
2_2_05458DF1 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D2581 mov eax, dword ptr fs:[00000030h] |
2_2_053D2581 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D2581 mov eax, dword ptr fs:[00000030h] |
2_2_053D2581 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D2581 mov eax, dword ptr fs:[00000030h] |
2_2_053D2581 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D2581 mov eax, dword ptr fs:[00000030h] |
2_2_053D2581 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053BD5E0 mov eax, dword ptr fs:[00000030h] |
2_2_053BD5E0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053BD5E0 mov eax, dword ptr fs:[00000030h] |
2_2_053BD5E0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_054705AC mov eax, dword ptr fs:[00000030h] |
2_2_054705AC |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_054705AC mov eax, dword ptr fs:[00000030h] |
2_2_054705AC |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DBC2C mov eax, dword ptr fs:[00000030h] |
2_2_053DBC2C |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0543C450 mov eax, dword ptr fs:[00000030h] |
2_2_0543C450 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0543C450 mov eax, dword ptr fs:[00000030h] |
2_2_0543C450 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
2_2_05461C06 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426C0A mov eax, dword ptr fs:[00000030h] |
2_2_05426C0A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426C0A mov eax, dword ptr fs:[00000030h] |
2_2_05426C0A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426C0A mov eax, dword ptr fs:[00000030h] |
2_2_05426C0A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426C0A mov eax, dword ptr fs:[00000030h] |
2_2_05426C0A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0547740D mov eax, dword ptr fs:[00000030h] |
2_2_0547740D |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0547740D mov eax, dword ptr fs:[00000030h] |
2_2_0547740D |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0547740D mov eax, dword ptr fs:[00000030h] |
2_2_0547740D |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053C746D mov eax, dword ptr fs:[00000030h] |
2_2_053C746D |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DA44B mov eax, dword ptr fs:[00000030h] |
2_2_053DA44B |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05478CD6 mov eax, dword ptr fs:[00000030h] |
2_2_05478CD6 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B849B mov eax, dword ptr fs:[00000030h] |
2_2_053B849B |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426CF0 mov eax, dword ptr fs:[00000030h] |
2_2_05426CF0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426CF0 mov eax, dword ptr fs:[00000030h] |
2_2_05426CF0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05426CF0 mov eax, dword ptr fs:[00000030h] |
2_2_05426CF0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_054614FB mov eax, dword ptr fs:[00000030h] |
2_2_054614FB |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DE730 mov eax, dword ptr fs:[00000030h] |
2_2_053DE730 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A4F2E mov eax, dword ptr fs:[00000030h] |
2_2_053A4F2E |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A4F2E mov eax, dword ptr fs:[00000030h] |
2_2_053A4F2E |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053CF716 mov eax, dword ptr fs:[00000030h] |
2_2_053CF716 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05478F6A mov eax, dword ptr fs:[00000030h] |
2_2_05478F6A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DA70E mov eax, dword ptr fs:[00000030h] |
2_2_053DA70E |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DA70E mov eax, dword ptr fs:[00000030h] |
2_2_053DA70E |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0547070D mov eax, dword ptr fs:[00000030h] |
2_2_0547070D |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0547070D mov eax, dword ptr fs:[00000030h] |
2_2_0547070D |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0543FF10 mov eax, dword ptr fs:[00000030h] |
2_2_0543FF10 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0543FF10 mov eax, dword ptr fs:[00000030h] |
2_2_0543FF10 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053BFF60 mov eax, dword ptr fs:[00000030h] |
2_2_053BFF60 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053BEF40 mov eax, dword ptr fs:[00000030h] |
2_2_053BEF40 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B8794 mov eax, dword ptr fs:[00000030h] |
2_2_053B8794 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E37F5 mov eax, dword ptr fs:[00000030h] |
2_2_053E37F5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05427794 mov eax, dword ptr fs:[00000030h] |
2_2_05427794 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05427794 mov eax, dword ptr fs:[00000030h] |
2_2_05427794 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05427794 mov eax, dword ptr fs:[00000030h] |
2_2_05427794 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0546AE44 mov eax, dword ptr fs:[00000030h] |
2_2_0546AE44 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0546AE44 mov eax, dword ptr fs:[00000030h] |
2_2_0546AE44 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AE620 mov eax, dword ptr fs:[00000030h] |
2_2_053AE620 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DA61C mov eax, dword ptr fs:[00000030h] |
2_2_053DA61C |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DA61C mov eax, dword ptr fs:[00000030h] |
2_2_053DA61C |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AC600 mov eax, dword ptr fs:[00000030h] |
2_2_053AC600 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AC600 mov eax, dword ptr fs:[00000030h] |
2_2_053AC600 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AC600 mov eax, dword ptr fs:[00000030h] |
2_2_053AC600 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D8E00 mov eax, dword ptr fs:[00000030h] |
2_2_053D8E00 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05461608 mov eax, dword ptr fs:[00000030h] |
2_2_05461608 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053CAE73 mov eax, dword ptr fs:[00000030h] |
2_2_053CAE73 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053CAE73 mov eax, dword ptr fs:[00000030h] |
2_2_053CAE73 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053CAE73 mov eax, dword ptr fs:[00000030h] |
2_2_053CAE73 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053CAE73 mov eax, dword ptr fs:[00000030h] |
2_2_053CAE73 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053CAE73 mov eax, dword ptr fs:[00000030h] |
2_2_053CAE73 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B766D mov eax, dword ptr fs:[00000030h] |
2_2_053B766D |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0545FE3F mov eax, dword ptr fs:[00000030h] |
2_2_0545FE3F |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B7E41 mov eax, dword ptr fs:[00000030h] |
2_2_053B7E41 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B7E41 mov eax, dword ptr fs:[00000030h] |
2_2_053B7E41 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B7E41 mov eax, dword ptr fs:[00000030h] |
2_2_053B7E41 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B7E41 mov eax, dword ptr fs:[00000030h] |
2_2_053B7E41 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B7E41 mov eax, dword ptr fs:[00000030h] |
2_2_053B7E41 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B7E41 mov eax, dword ptr fs:[00000030h] |
2_2_053B7E41 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0545FEC0 mov eax, dword ptr fs:[00000030h] |
2_2_0545FEC0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05478ED6 mov eax, dword ptr fs:[00000030h] |
2_2_05478ED6 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0543FE87 mov eax, dword ptr fs:[00000030h] |
2_2_0543FE87 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B76E2 mov eax, dword ptr fs:[00000030h] |
2_2_053B76E2 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D16E0 mov ecx, dword ptr fs:[00000030h] |
2_2_053D16E0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05470EA5 mov eax, dword ptr fs:[00000030h] |
2_2_05470EA5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05470EA5 mov eax, dword ptr fs:[00000030h] |
2_2_05470EA5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05470EA5 mov eax, dword ptr fs:[00000030h] |
2_2_05470EA5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_054246A7 mov eax, dword ptr fs:[00000030h] |
2_2_054246A7 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D36CC mov eax, dword ptr fs:[00000030h] |
2_2_053D36CC |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E8EC7 mov eax, dword ptr fs:[00000030h] |
2_2_053E8EC7 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D513A mov eax, dword ptr fs:[00000030h] |
2_2_053D513A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D513A mov eax, dword ptr fs:[00000030h] |
2_2_053D513A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053C4120 mov eax, dword ptr fs:[00000030h] |
2_2_053C4120 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053C4120 mov eax, dword ptr fs:[00000030h] |
2_2_053C4120 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053C4120 mov eax, dword ptr fs:[00000030h] |
2_2_053C4120 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053C4120 mov eax, dword ptr fs:[00000030h] |
2_2_053C4120 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053C4120 mov ecx, dword ptr fs:[00000030h] |
2_2_053C4120 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A9100 mov eax, dword ptr fs:[00000030h] |
2_2_053A9100 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A9100 mov eax, dword ptr fs:[00000030h] |
2_2_053A9100 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A9100 mov eax, dword ptr fs:[00000030h] |
2_2_053A9100 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AB171 mov eax, dword ptr fs:[00000030h] |
2_2_053AB171 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AB171 mov eax, dword ptr fs:[00000030h] |
2_2_053AB171 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AC962 mov eax, dword ptr fs:[00000030h] |
2_2_053AC962 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053CB944 mov eax, dword ptr fs:[00000030h] |
2_2_053CB944 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053CB944 mov eax, dword ptr fs:[00000030h] |
2_2_053CB944 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D61A0 mov eax, dword ptr fs:[00000030h] |
2_2_053D61A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D61A0 mov eax, dword ptr fs:[00000030h] |
2_2_053D61A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_054341E8 mov eax, dword ptr fs:[00000030h] |
2_2_054341E8 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D2990 mov eax, dword ptr fs:[00000030h] |
2_2_053D2990 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DA185 mov eax, dword ptr fs:[00000030h] |
2_2_053DA185 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053CC182 mov eax, dword ptr fs:[00000030h] |
2_2_053CC182 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AB1E1 mov eax, dword ptr fs:[00000030h] |
2_2_053AB1E1 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AB1E1 mov eax, dword ptr fs:[00000030h] |
2_2_053AB1E1 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AB1E1 mov eax, dword ptr fs:[00000030h] |
2_2_053AB1E1 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_054269A6 mov eax, dword ptr fs:[00000030h] |
2_2_054269A6 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_054251BE mov eax, dword ptr fs:[00000030h] |
2_2_054251BE |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_054251BE mov eax, dword ptr fs:[00000030h] |
2_2_054251BE |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_054251BE mov eax, dword ptr fs:[00000030h] |
2_2_054251BE |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_054251BE mov eax, dword ptr fs:[00000030h] |
2_2_054251BE |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D002D mov eax, dword ptr fs:[00000030h] |
2_2_053D002D |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D002D mov eax, dword ptr fs:[00000030h] |
2_2_053D002D |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D002D mov eax, dword ptr fs:[00000030h] |
2_2_053D002D |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D002D mov eax, dword ptr fs:[00000030h] |
2_2_053D002D |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D002D mov eax, dword ptr fs:[00000030h] |
2_2_053D002D |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053BB02A mov eax, dword ptr fs:[00000030h] |
2_2_053BB02A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053BB02A mov eax, dword ptr fs:[00000030h] |
2_2_053BB02A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053BB02A mov eax, dword ptr fs:[00000030h] |
2_2_053BB02A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053BB02A mov eax, dword ptr fs:[00000030h] |
2_2_053BB02A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05471074 mov eax, dword ptr fs:[00000030h] |
2_2_05471074 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05462073 mov eax, dword ptr fs:[00000030h] |
2_2_05462073 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05474015 mov eax, dword ptr fs:[00000030h] |
2_2_05474015 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05474015 mov eax, dword ptr fs:[00000030h] |
2_2_05474015 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05427016 mov eax, dword ptr fs:[00000030h] |
2_2_05427016 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05427016 mov eax, dword ptr fs:[00000030h] |
2_2_05427016 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05427016 mov eax, dword ptr fs:[00000030h] |
2_2_05427016 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053C0050 mov eax, dword ptr fs:[00000030h] |
2_2_053C0050 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053C0050 mov eax, dword ptr fs:[00000030h] |
2_2_053C0050 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DF0BF mov ecx, dword ptr fs:[00000030h] |
2_2_053DF0BF |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DF0BF mov eax, dword ptr fs:[00000030h] |
2_2_053DF0BF |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DF0BF mov eax, dword ptr fs:[00000030h] |
2_2_053DF0BF |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E90AF mov eax, dword ptr fs:[00000030h] |
2_2_053E90AF |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0543B8D0 mov eax, dword ptr fs:[00000030h] |
2_2_0543B8D0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0543B8D0 mov ecx, dword ptr fs:[00000030h] |
2_2_0543B8D0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0543B8D0 mov eax, dword ptr fs:[00000030h] |
2_2_0543B8D0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0543B8D0 mov eax, dword ptr fs:[00000030h] |
2_2_0543B8D0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0543B8D0 mov eax, dword ptr fs:[00000030h] |
2_2_0543B8D0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0543B8D0 mov eax, dword ptr fs:[00000030h] |
2_2_0543B8D0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D20A0 mov eax, dword ptr fs:[00000030h] |
2_2_053D20A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D20A0 mov eax, dword ptr fs:[00000030h] |
2_2_053D20A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D20A0 mov eax, dword ptr fs:[00000030h] |
2_2_053D20A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D20A0 mov eax, dword ptr fs:[00000030h] |
2_2_053D20A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D20A0 mov eax, dword ptr fs:[00000030h] |
2_2_053D20A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D20A0 mov eax, dword ptr fs:[00000030h] |
2_2_053D20A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A9080 mov eax, dword ptr fs:[00000030h] |
2_2_053A9080 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05423884 mov eax, dword ptr fs:[00000030h] |
2_2_05423884 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05423884 mov eax, dword ptr fs:[00000030h] |
2_2_05423884 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A58EC mov eax, dword ptr fs:[00000030h] |
2_2_053A58EC |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05478B58 mov eax, dword ptr fs:[00000030h] |
2_2_05478B58 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D3B7A mov eax, dword ptr fs:[00000030h] |
2_2_053D3B7A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D3B7A mov eax, dword ptr fs:[00000030h] |
2_2_053D3B7A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053ADB60 mov ecx, dword ptr fs:[00000030h] |
2_2_053ADB60 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0546131B mov eax, dword ptr fs:[00000030h] |
2_2_0546131B |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AF358 mov eax, dword ptr fs:[00000030h] |
2_2_053AF358 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053ADB40 mov eax, dword ptr fs:[00000030h] |
2_2_053ADB40 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_054253CA mov eax, dword ptr fs:[00000030h] |
2_2_054253CA |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_054253CA mov eax, dword ptr fs:[00000030h] |
2_2_054253CA |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D4BAD mov eax, dword ptr fs:[00000030h] |
2_2_053D4BAD |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D4BAD mov eax, dword ptr fs:[00000030h] |
2_2_053D4BAD |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D4BAD mov eax, dword ptr fs:[00000030h] |
2_2_053D4BAD |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D2397 mov eax, dword ptr fs:[00000030h] |
2_2_053D2397 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DB390 mov eax, dword ptr fs:[00000030h] |
2_2_053DB390 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B1B8F mov eax, dword ptr fs:[00000030h] |
2_2_053B1B8F |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B1B8F mov eax, dword ptr fs:[00000030h] |
2_2_053B1B8F |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0545D380 mov ecx, dword ptr fs:[00000030h] |
2_2_0545D380 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0546138A mov eax, dword ptr fs:[00000030h] |
2_2_0546138A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053CDBE9 mov eax, dword ptr fs:[00000030h] |
2_2_053CDBE9 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D03E2 mov eax, dword ptr fs:[00000030h] |
2_2_053D03E2 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D03E2 mov eax, dword ptr fs:[00000030h] |
2_2_053D03E2 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D03E2 mov eax, dword ptr fs:[00000030h] |
2_2_053D03E2 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D03E2 mov eax, dword ptr fs:[00000030h] |
2_2_053D03E2 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D03E2 mov eax, dword ptr fs:[00000030h] |
2_2_053D03E2 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D03E2 mov eax, dword ptr fs:[00000030h] |
2_2_053D03E2 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05475BA5 mov eax, dword ptr fs:[00000030h] |
2_2_05475BA5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E4A2C mov eax, dword ptr fs:[00000030h] |
2_2_053E4A2C |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E4A2C mov eax, dword ptr fs:[00000030h] |
2_2_053E4A2C |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0546EA55 mov eax, dword ptr fs:[00000030h] |
2_2_0546EA55 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05434257 mov eax, dword ptr fs:[00000030h] |
2_2_05434257 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053C3A1C mov eax, dword ptr fs:[00000030h] |
2_2_053C3A1C |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0545B260 mov eax, dword ptr fs:[00000030h] |
2_2_0545B260 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0545B260 mov eax, dword ptr fs:[00000030h] |
2_2_0545B260 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_05478A62 mov eax, dword ptr fs:[00000030h] |
2_2_05478A62 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A5210 mov eax, dword ptr fs:[00000030h] |
2_2_053A5210 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A5210 mov ecx, dword ptr fs:[00000030h] |
2_2_053A5210 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A5210 mov eax, dword ptr fs:[00000030h] |
2_2_053A5210 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A5210 mov eax, dword ptr fs:[00000030h] |
2_2_053A5210 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AAA16 mov eax, dword ptr fs:[00000030h] |
2_2_053AAA16 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053AAA16 mov eax, dword ptr fs:[00000030h] |
2_2_053AAA16 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053B8A0A mov eax, dword ptr fs:[00000030h] |
2_2_053B8A0A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053E927A mov eax, dword ptr fs:[00000030h] |
2_2_053E927A |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0546AA16 mov eax, dword ptr fs:[00000030h] |
2_2_0546AA16 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_0546AA16 mov eax, dword ptr fs:[00000030h] |
2_2_0546AA16 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A9240 mov eax, dword ptr fs:[00000030h] |
2_2_053A9240 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A9240 mov eax, dword ptr fs:[00000030h] |
2_2_053A9240 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A9240 mov eax, dword ptr fs:[00000030h] |
2_2_053A9240 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A9240 mov eax, dword ptr fs:[00000030h] |
2_2_053A9240 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053BAAB0 mov eax, dword ptr fs:[00000030h] |
2_2_053BAAB0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053BAAB0 mov eax, dword ptr fs:[00000030h] |
2_2_053BAAB0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DFAB0 mov eax, dword ptr fs:[00000030h] |
2_2_053DFAB0 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A52A5 mov eax, dword ptr fs:[00000030h] |
2_2_053A52A5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A52A5 mov eax, dword ptr fs:[00000030h] |
2_2_053A52A5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A52A5 mov eax, dword ptr fs:[00000030h] |
2_2_053A52A5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A52A5 mov eax, dword ptr fs:[00000030h] |
2_2_053A52A5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053A52A5 mov eax, dword ptr fs:[00000030h] |
2_2_053A52A5 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DD294 mov eax, dword ptr fs:[00000030h] |
2_2_053DD294 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053DD294 mov eax, dword ptr fs:[00000030h] |
2_2_053DD294 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D2AE4 mov eax, dword ptr fs:[00000030h] |
2_2_053D2AE4 |
Source: C:\Windows\SysWOW64\chkdsk.exe |
Code function: 2_2_053D2ACB mov eax, dword ptr fs:[00000030h] |
2_2_053D2ACB |