Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.alessandromargonari.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.alessandromargonari.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.alessandromargonari.com/nu06/www.languageforall.africa |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.alessandromargonari.comReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.alexwright.xyz |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.alexwright.xyz/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.alexwright.xyz/nu06/www.ballinc.online |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.alexwright.xyzReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.arrindellnotary.com |
Source: explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.arrindellnotary.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.arrindellnotary.comReferer: |
Source: explorer.exe, 00000001.00000000.308784009.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.573479962.0000000000921000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.autoitscript.com/autoit3/J |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ballinc.online |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ballinc.online/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ballinc.online/nu06/www.hervelegerdressshop.co.uk |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ballinc.onlineReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.coiffeur-kosmetik-basel1.ch |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.coiffeur-kosmetik-basel1.ch/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.coiffeur-kosmetik-basel1.ch/nu06/www.pyvob.xyz |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.coiffeur-kosmetik-basel1.chReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.edu-degrees-89998.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.edu-degrees-89998.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.edu-degrees-89998.com/nu06/www.arrindellnotary.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.edu-degrees-89998.comReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.eltres-iot.info |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.eltres-iot.info/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.eltres-iot.info/nu06/www.smartmetersystems.co.uk |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.eltres-iot.infoReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.evaluatemyathlete.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.evaluatemyathlete.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.evaluatemyathlete.com/nu06/www.coiffeur-kosmetik-basel1.ch |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.evaluatemyathlete.comReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.gonulserezart.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.gonulserezart.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.gonulserezart.com/nu06/www.evaluatemyathlete.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.gonulserezart.comReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.heikeshuwu.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.heikeshuwu.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.heikeshuwu.com/nu06/www.alessandromargonari.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.heikeshuwu.comReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.hervelegerdressshop.co.uk |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.hervelegerdressshop.co.uk/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.hervelegerdressshop.co.uk/nu06/www.edu-degrees-89998.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.hervelegerdressshop.co.ukReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.languageforall.africa |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.languageforall.africa/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.languageforall.africa/nu06/www.eltres-iot.info |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.languageforall.africaReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.letstalkreparation.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.letstalkreparation.com/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.letstalkreparation.com/nu06/www.zwangerschapvanweektotweek.net |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.letstalkreparation.comReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.pyvob.xyz |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.pyvob.xyz/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.pyvob.xyz/nu06/www.heikeshuwu.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.pyvob.xyzReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.smartmetersystems.co.uk |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.smartmetersystems.co.uk/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.smartmetersystems.co.uk/nu06/www.alexwright.xyz |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.smartmetersystems.co.ukReferer: |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.zwangerschapvanweektotweek.net |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.zwangerschapvanweektotweek.net/nu06/ |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.zwangerschapvanweektotweek.net/nu06/www.gonulserezart.com |
Source: explorer.exe, 00000001.00000003.533978211.000000000ED66000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.584394622.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.533800571.000000000ED55000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.zwangerschapvanweektotweek.netReferer: |
Source: Hbi8WUpShm.exe, type: SAMPLE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: Hbi8WUpShm.exe, type: SAMPLE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: Hbi8WUpShm.exe, type: SAMPLE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 0.2.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0.2.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0.0.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 0.0.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0.0.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.340187458.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000000.00000002.340187458.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000000.00000002.340187458.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.573760954.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000002.00000002.573760954.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.573760954.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.573525615.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000002.00000002.573525615.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.573525615.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000000.304875108.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000000.00000000.304875108.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000000.00000000.304875108.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.573684424.0000000000D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000002.00000002.573684424.0000000000D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.573684424.0000000000D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.575081559.00000000058AF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000002.00000002.575081559.00000000058AF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.575081559.00000000058AF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000002.585228598.000000000FBA3000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_772cc62d Author: unknown |
Source: 00000000.00000002.343561110.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000000.00000002.343561110.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000000.00000002.343561110.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.343352693.0000000000D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000000.00000002.343352693.0000000000D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000000.00000002.343352693.0000000000D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.573431641.00000000008F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000002.00000002.573431641.00000000008F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.573431641.00000000008F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000002.586228708.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: 00000001.00000002.586228708.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000001.00000002.586228708.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: Process Memory Space: Hbi8WUpShm.exe PID: 5868, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: Process Memory Space: explorer.exe PID: 3324, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: Process Memory Space: chkdsk.exe PID: 6012, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown |
Source: Hbi8WUpShm.exe, type: SAMPLE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: Hbi8WUpShm.exe, type: SAMPLE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: Hbi8WUpShm.exe, type: SAMPLE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0.2.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.2.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.0.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0.0.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.0.Hbi8WUpShm.exe.830000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.340187458.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000002.340187458.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.340187458.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.573760954.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.573760954.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.573760954.0000000000DC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.573525615.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.573525615.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.573525615.0000000000AE4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000000.304875108.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000000.304875108.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000000.304875108.0000000000831000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.573684424.0000000000D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.573684424.0000000000D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.573684424.0000000000D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.575081559.00000000058AF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.575081559.00000000058AF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.575081559.00000000058AF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000002.585228598.000000000FBA3000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_772cc62d os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8343b5d02d74791ba2d5d52d19a759f761de2b5470d935000bc27ea6c0633f5, id = 772cc62d-345c-42d8-97ab-f67e447ddca4, last_modified = 2022-07-18 |
Source: 00000000.00000002.343561110.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000002.343561110.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.343561110.0000000000D50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.343352693.0000000000D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000002.343352693.0000000000D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.343352693.0000000000D20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.573431641.00000000008F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.573431641.00000000008F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.573431641.00000000008F0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000002.586228708.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000001.00000002.586228708.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000001.00000002.586228708.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: Process Memory Space: Hbi8WUpShm.exe PID: 5868, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: Process Memory Space: explorer.exe PID: 3324, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: Process Memory Space: chkdsk.exe PID: 6012, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_00831030 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084E1AB |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084D9FC |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084DABE |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084EBE1 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_00832D87 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_00832D90 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084D5A6 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084D5A3 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084E55F |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_00839E5B |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_00839E60 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_00832FB0 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084E7E3 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0E44F232 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0E449B30 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0E449B32 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0E44E036 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0E445082 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0E446D02 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0E44C912 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0E4525CD |
Source: C:\Windows\explorer.exe | Code function: 1_2_0FB8B232 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0FB8E5CD |
Source: C:\Windows\explorer.exe | Code function: 1_2_0FB85B30 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0FB85B32 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0FB88912 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0FB82D02 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0FB81082 |
Source: C:\Windows\explorer.exe | Code function: 1_2_0FB8A036 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05471D55 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A0D20 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05472D07 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054725DD |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D2581 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053BD5E0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546D466 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B841F |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05471FF1 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053C6E30 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546D616 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05472EF7 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053C4120 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AF900 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461002 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D20A0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053BB090 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054728EC |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054720A8 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05472B28 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DEBB0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546DBD2 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054722AE |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_008F2D87 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_008F2D90 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0090D5A3 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0090D5A6 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_008F9E5B |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_008F9E60 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_008F2FB0 |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0090E7E3 |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084A360 NtCreateFile, |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084A490 NtClose, |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084A410 NtReadFile, |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084A540 NtAllocateVirtualMemory, |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084A35A NtCreateFile, |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084A48A NtClose, |
Source: C:\Users\user\Desktop\Hbi8WUpShm.exe | Code function: 0_2_0084A40C NtReadFile, |
Source: C:\Windows\explorer.exe | Code function: 1_2_0FB8B232 NtCreateFile, |
Source: C:\Windows\explorer.exe | Code function: 1_2_0FB8CE12 NtProtectVirtualMemory, |
Source: C:\Windows\explorer.exe | Code function: 1_2_0FB8CE0A NtProtectVirtualMemory, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9540 NtReadFile,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E95D0 NtClose,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9710 NtQueryInformationToken,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9780 NtMapViewOfSection,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9FE0 NtCreateMutant,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9660 NtAllocateVirtualMemory,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9650 NtQueryValueKey,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E96E0 NtFreeVirtualMemory,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E96D0 NtCreateKey,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9910 NtAdjustPrivilegesToken,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E99A0 NtCreateSection,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9860 NtQuerySystemInformation,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9840 NtDelayExecution,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9A50 NtCreateFile,LdrInitializeThunk, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053EAD30 NtSetContextThread, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9520 NtWaitForSingleObject, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9560 NtWriteFile, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E95F0 NtQueryInformationFile, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9730 NtQueryVirtualMemory, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053EA710 NtOpenProcessToken, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053EA770 NtOpenThread, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9770 NtSetInformationFile, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9760 NtOpenProcess, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E97A0 NtUnmapViewOfSection, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9610 NtEnumerateValueKey, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9670 NtQueryInformationProcess, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9950 NtQueueApcThread, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E99D0 NtCreateProcessEx, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9820 NtEnumerateKey, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053EB040 NtSuspendThread, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E98A0 NtWriteVirtualMemory, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E98F0 NtReadVirtualMemory, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9B00 NtSetValueKey, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053EA3B0 NtGetContextThread, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9A20 NtResumeThread, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9A10 NtQuerySection, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9A00 NtProtectVirtualMemory, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E9A80 NtOpenDirectoryObject, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0090A360 NtCreateFile, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0090A490 NtClose, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0090A410 NtReadFile, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0090A540 NtAllocateVirtualMemory, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0090A35A NtCreateFile, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0090A48A NtClose, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0090A40C NtReadFile, |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05423540 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D4D3B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D4D3B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D4D3B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AAD30 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B3D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053CC577 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053CC577 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053C7D50 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05478D34 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0542A537 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E3D43 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546E539 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D1DB5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D1DB5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D1DB5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426DC9 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426DC9 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426DC9 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426DC9 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426DC9 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426DC9 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D35A1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546FDE2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546FDE2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546FDE2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546FDE2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DFD9B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DFD9B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A2D8A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A2D8A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A2D8A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A2D8A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A2D8A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05458DF1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D2581 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D2581 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D2581 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D2581 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053BD5E0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053BD5E0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054705AC mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054705AC mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DBC2C mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0543C450 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0543C450 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461C06 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426C0A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426C0A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426C0A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426C0A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0547740D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0547740D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0547740D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053C746D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DA44B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05478CD6 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B849B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426CF0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426CF0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05426CF0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054614FB mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DE730 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A4F2E mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A4F2E mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053CF716 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05478F6A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DA70E mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DA70E mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0547070D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0547070D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0543FF10 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0543FF10 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053BFF60 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053BEF40 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B8794 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E37F5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05427794 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05427794 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05427794 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546AE44 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546AE44 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AE620 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DA61C mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DA61C mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AC600 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AC600 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AC600 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D8E00 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05461608 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053CAE73 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053CAE73 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053CAE73 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053CAE73 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053CAE73 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B766D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0545FE3F mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B7E41 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B7E41 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B7E41 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B7E41 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B7E41 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B7E41 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0545FEC0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05478ED6 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0543FE87 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B76E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D16E0 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05470EA5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05470EA5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05470EA5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054246A7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D36CC mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E8EC7 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D513A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D513A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053C4120 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053C4120 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053C4120 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053C4120 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053C4120 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A9100 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A9100 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A9100 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AB171 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AB171 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AC962 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053CB944 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053CB944 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D61A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D61A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054341E8 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D2990 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DA185 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053CC182 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AB1E1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AB1E1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AB1E1 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054269A6 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054251BE mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054251BE mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054251BE mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054251BE mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D002D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D002D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D002D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D002D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D002D mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053BB02A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053BB02A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053BB02A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053BB02A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05471074 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05462073 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05474015 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05474015 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05427016 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05427016 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05427016 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053C0050 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053C0050 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DF0BF mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DF0BF mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DF0BF mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E90AF mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0543B8D0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0543B8D0 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0543B8D0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0543B8D0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0543B8D0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0543B8D0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D20A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D20A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D20A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D20A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D20A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D20A0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A9080 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05423884 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05423884 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A58EC mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05478B58 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D3B7A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D3B7A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053ADB60 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546131B mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AF358 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053ADB40 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054253CA mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_054253CA mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D4BAD mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D4BAD mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D4BAD mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D2397 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DB390 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B1B8F mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B1B8F mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0545D380 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546138A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053CDBE9 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D03E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D03E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D03E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D03E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D03E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D03E2 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05475BA5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E4A2C mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E4A2C mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546EA55 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05434257 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053C3A1C mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0545B260 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0545B260 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_05478A62 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A5210 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A5210 mov ecx, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A5210 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A5210 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AAA16 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053AAA16 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053B8A0A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053E927A mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546AA16 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_0546AA16 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A9240 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A9240 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A9240 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A9240 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053BAAB0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053BAAB0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DFAB0 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A52A5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A52A5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A52A5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A52A5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053A52A5 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DD294 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053DD294 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D2AE4 mov eax, dword ptr fs:[00000030h] |
Source: C:\Windows\SysWOW64\chkdsk.exe | Code function: 2_2_053D2ACB mov eax, dword ptr fs:[00000030h] |