Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.1wwuwa.top |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.1wwuwa.top/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.1wwuwa.top/ar73/www.echadholisticbar.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.1wwuwa.topReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.2348x.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.2348x.com/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.2348x.com/ar73/www.b708.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.2348x.comReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.arredobagno.club |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.arredobagno.club/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.arredobagno.club/ar73/www.mtevz.online |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.arredobagno.clubReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.authenticityhacking.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.authenticityhacking.com/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.authenticityhacking.com/ar73/www.ckpconsulting.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.authenticityhacking.comReferer: |
Source: explorer.exe, 00000001.00000003.461649448.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.292213498.000000000F5A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461216185.000000000F53F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.267709513.000000000F5A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.462393796.000000000F5B3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.254183869.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.289061192.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.526453234.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.517440543.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000002.530310030.000000000F5B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.288711256.000000000F5A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.263735895.0000000008442000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.autoitscript.com/autoit3/J |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.b708.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.b708.com/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.b708.com/ar73/www.hurricanevalleyatvjamboree.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.b708.comReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ckpconsulting.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ckpconsulting.com/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ckpconsulting.com/ar73/www.2348x.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ckpconsulting.comReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.controlplus.systems |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.controlplus.systems/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.controlplus.systems/ar73/www.quickhealcareltd.co.uk |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.controlplus.systemsReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.echadholisticbar.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.echadholisticbar.com/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.echadholisticbar.com/ar73/www.jacksontcpassettlement.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.echadholisticbar.comReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.hurricanevalleyatvjamboree.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.hurricanevalleyatvjamboree.com/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.hurricanevalleyatvjamboree.com/ar73/www.innovantexclusive.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.hurricanevalleyatvjamboree.comReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ingrambaby.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ingrambaby.com/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ingrambaby.com/ar73/www.arredobagno.club |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ingrambaby.comReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.innovantexclusive.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.innovantexclusive.com/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.innovantexclusive.com/ar73/www.1wwuwa.top |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.innovantexclusive.comReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.jacksontcpassettlement.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.jacksontcpassettlement.com/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.jacksontcpassettlement.com/ar73/www.ingrambaby.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.jacksontcpassettlement.comReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.kellnovaglobalfood.info |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.kellnovaglobalfood.info/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.kellnovaglobalfood.info/ar73/www.controlplus.systems |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.kellnovaglobalfood.infoReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.mogi.africa |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.mogi.africa/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.mogi.africa/ar73/www.kellnovaglobalfood.info |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.mogi.africaReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.mtevz.online |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.mtevz.online/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.mtevz.online/ar73/r |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.mtevz.onlineReferer: |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.quickhealcareltd.co.uk |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.quickhealcareltd.co.uk/ar73/ |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.quickhealcareltd.co.uk/ar73/www.authenticityhacking.com |
Source: explorer.exe, 00000001.00000002.525713546.000000000833A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.461649448.0000000008356000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.quickhealcareltd.co.ukReferer: |
Source: 7pECKdsaig.exe, type: SAMPLE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 7pECKdsaig.exe, type: SAMPLE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 7pECKdsaig.exe, type: SAMPLE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.7pECKdsaig.exe.a80000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0.2.7pECKdsaig.exe.a80000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.2.7pECKdsaig.exe.a80000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.0.7pECKdsaig.exe.a80000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 0.0.7pECKdsaig.exe.a80000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.0.7pECKdsaig.exe.a80000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.288830411.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000002.288830411.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.288830411.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.289101701.0000000001370000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000002.289101701.0000000001370000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.289101701.0000000001370000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.520351827.0000000004FCF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.520351827.0000000004FCF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.520351827.0000000004FCF000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.518766538.0000000002EE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.518766538.0000000002EE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.518766538.0000000002EE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.289007135.0000000001210000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000002.289007135.0000000001210000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.289007135.0000000001210000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000000.249149614.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000000.00000000.249149614.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000000.249149614.0000000000A81000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000002.531047978.000000001389F000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000001.00000002.531047978.000000001389F000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000001.00000002.531047978.000000001389F000.00000004.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.518698032.0000000002EB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.518698032.0000000002EB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.518698032.0000000002EB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.517165647.0000000000580000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.517165647.0000000000580000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.517165647.0000000000580000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.517610096.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: 00000002.00000002.517610096.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.517610096.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: Process Memory Space: 7pECKdsaig.exe PID: 6000, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: Process Memory Space: explorer.exe PID: 3452, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: Process Memory Space: msdt.exe PID: 5148, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_00A9A350 NtCreateFile, | 0_2_00A9A350 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_00A9A480 NtClose, | 0_2_00A9A480 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_00A9A400 NtReadFile, | 0_2_00A9A400 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_00A9A530 NtAllocateVirtualMemory, | 0_2_00A9A530 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_00A9A3FB NtReadFile, | 0_2_00A9A3FB |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_00A9A47A NtClose, | 0_2_00A9A47A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759910 NtAdjustPrivilegesToken,LdrInitializeThunk, | 0_2_01759910 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017599A0 NtCreateSection,LdrInitializeThunk, | 0_2_017599A0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759860 NtQuerySystemInformation,LdrInitializeThunk, | 0_2_01759860 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759840 NtDelayExecution,LdrInitializeThunk, | 0_2_01759840 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017598F0 NtReadVirtualMemory,LdrInitializeThunk, | 0_2_017598F0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759A50 NtCreateFile,LdrInitializeThunk, | 0_2_01759A50 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759A20 NtResumeThread,LdrInitializeThunk, | 0_2_01759A20 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759A00 NtProtectVirtualMemory,LdrInitializeThunk, | 0_2_01759A00 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759540 NtReadFile,LdrInitializeThunk, | 0_2_01759540 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017595D0 NtClose,LdrInitializeThunk, | 0_2_017595D0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759710 NtQueryInformationToken,LdrInitializeThunk, | 0_2_01759710 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017597A0 NtUnmapViewOfSection,LdrInitializeThunk, | 0_2_017597A0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759780 NtMapViewOfSection,LdrInitializeThunk, | 0_2_01759780 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759660 NtAllocateVirtualMemory,LdrInitializeThunk, | 0_2_01759660 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017596E0 NtFreeVirtualMemory,LdrInitializeThunk, | 0_2_017596E0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759950 NtQueueApcThread, | 0_2_01759950 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017599D0 NtCreateProcessEx, | 0_2_017599D0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0175B040 NtSuspendThread, | 0_2_0175B040 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759820 NtEnumerateKey, | 0_2_01759820 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017598A0 NtWriteVirtualMemory, | 0_2_017598A0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759B00 NtSetValueKey, | 0_2_01759B00 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0175A3B0 NtGetContextThread, | 0_2_0175A3B0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759A10 NtQuerySection, | 0_2_01759A10 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759A80 NtOpenDirectoryObject, | 0_2_01759A80 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759560 NtWriteFile, | 0_2_01759560 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0175AD30 NtSetContextThread, | 0_2_0175AD30 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01759520 NtWaitForSingleObject, | 0_2_01759520 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017595F0 NtQueryInformationFile, | 0_2_017595F0 |
Source: C:\Windows\explorer.exe | Code function: 1_2_100D9E12 NtProtectVirtualMemory, | 1_2_100D9E12 |
Source: C:\Windows\explorer.exe | Code function: 1_2_100D8232 NtCreateFile, | 1_2_100D8232 |
Source: C:\Windows\explorer.exe | Code function: 1_2_100D9E0A NtProtectVirtualMemory, | 1_2_100D9E0A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09860 NtQuerySystemInformation,LdrInitializeThunk, | 2_2_04B09860 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09840 NtDelayExecution,LdrInitializeThunk, | 2_2_04B09840 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B099A0 NtCreateSection,LdrInitializeThunk, | 2_2_04B099A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B095D0 NtClose,LdrInitializeThunk, | 2_2_04B095D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09910 NtAdjustPrivilegesToken,LdrInitializeThunk, | 2_2_04B09910 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09540 NtReadFile,LdrInitializeThunk, | 2_2_04B09540 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B096E0 NtFreeVirtualMemory,LdrInitializeThunk, | 2_2_04B096E0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B096D0 NtCreateKey,LdrInitializeThunk, | 2_2_04B096D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09660 NtAllocateVirtualMemory,LdrInitializeThunk, | 2_2_04B09660 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09650 NtQueryValueKey,LdrInitializeThunk, | 2_2_04B09650 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09A50 NtCreateFile,LdrInitializeThunk, | 2_2_04B09A50 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09780 NtMapViewOfSection,LdrInitializeThunk, | 2_2_04B09780 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09FE0 NtCreateMutant,LdrInitializeThunk, | 2_2_04B09FE0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09710 NtQueryInformationToken,LdrInitializeThunk, | 2_2_04B09710 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B098A0 NtWriteVirtualMemory, | 2_2_04B098A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B098F0 NtReadVirtualMemory, | 2_2_04B098F0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09820 NtEnumerateKey, | 2_2_04B09820 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B0B040 NtSuspendThread, | 2_2_04B0B040 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B095F0 NtQueryInformationFile, | 2_2_04B095F0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B099D0 NtCreateProcessEx, | 2_2_04B099D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B0AD30 NtSetContextThread, | 2_2_04B0AD30 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09520 NtWaitForSingleObject, | 2_2_04B09520 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09560 NtWriteFile, | 2_2_04B09560 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09950 NtQueueApcThread, | 2_2_04B09950 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09A80 NtOpenDirectoryObject, | 2_2_04B09A80 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09A20 NtResumeThread, | 2_2_04B09A20 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09610 NtEnumerateValueKey, | 2_2_04B09610 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09A10 NtQuerySection, | 2_2_04B09A10 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09A00 NtProtectVirtualMemory, | 2_2_04B09A00 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09670 NtQueryInformationProcess, | 2_2_04B09670 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B0A3B0 NtGetContextThread, | 2_2_04B0A3B0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B097A0 NtUnmapViewOfSection, | 2_2_04B097A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09730 NtQueryVirtualMemory, | 2_2_04B09730 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B0A710 NtOpenProcessToken, | 2_2_04B0A710 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09B00 NtSetValueKey, | 2_2_04B09B00 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09770 NtSetInformationFile, | 2_2_04B09770 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B0A770 NtOpenThread, | 2_2_04B0A770 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B09760 NtOpenProcess, | 2_2_04B09760 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_0059A350 NtCreateFile, | 2_2_0059A350 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_0059A400 NtReadFile, | 2_2_0059A400 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_0059A480 NtClose, | 2_2_0059A480 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_0059A530 NtAllocateVirtualMemory, | 2_2_0059A530 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_0059A3FB NtReadFile, | 2_2_0059A3FB |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_0059A47A NtClose, | 2_2_0059A47A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0171B171 mov eax, dword ptr fs:[00000030h] | 0_2_0171B171 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0171B171 mov eax, dword ptr fs:[00000030h] | 0_2_0171B171 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0171C962 mov eax, dword ptr fs:[00000030h] | 0_2_0171C962 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0173B944 mov eax, dword ptr fs:[00000030h] | 0_2_0173B944 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0173B944 mov eax, dword ptr fs:[00000030h] | 0_2_0173B944 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174513A mov eax, dword ptr fs:[00000030h] | 0_2_0174513A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174513A mov eax, dword ptr fs:[00000030h] | 0_2_0174513A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01734120 mov eax, dword ptr fs:[00000030h] | 0_2_01734120 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01734120 mov eax, dword ptr fs:[00000030h] | 0_2_01734120 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01734120 mov eax, dword ptr fs:[00000030h] | 0_2_01734120 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01734120 mov eax, dword ptr fs:[00000030h] | 0_2_01734120 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01734120 mov ecx, dword ptr fs:[00000030h] | 0_2_01734120 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01719100 mov eax, dword ptr fs:[00000030h] | 0_2_01719100 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01719100 mov eax, dword ptr fs:[00000030h] | 0_2_01719100 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01719100 mov eax, dword ptr fs:[00000030h] | 0_2_01719100 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0171B1E1 mov eax, dword ptr fs:[00000030h] | 0_2_0171B1E1 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0171B1E1 mov eax, dword ptr fs:[00000030h] | 0_2_0171B1E1 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0171B1E1 mov eax, dword ptr fs:[00000030h] | 0_2_0171B1E1 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017A41E8 mov eax, dword ptr fs:[00000030h] | 0_2_017A41E8 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017951BE mov eax, dword ptr fs:[00000030h] | 0_2_017951BE |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017951BE mov eax, dword ptr fs:[00000030h] | 0_2_017951BE |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017951BE mov eax, dword ptr fs:[00000030h] | 0_2_017951BE |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017951BE mov eax, dword ptr fs:[00000030h] | 0_2_017951BE |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017461A0 mov eax, dword ptr fs:[00000030h] | 0_2_017461A0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017461A0 mov eax, dword ptr fs:[00000030h] | 0_2_017461A0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017969A6 mov eax, dword ptr fs:[00000030h] | 0_2_017969A6 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01742990 mov eax, dword ptr fs:[00000030h] | 0_2_01742990 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174A185 mov eax, dword ptr fs:[00000030h] | 0_2_0174A185 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0173C182 mov eax, dword ptr fs:[00000030h] | 0_2_0173C182 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017E1074 mov eax, dword ptr fs:[00000030h] | 0_2_017E1074 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017D2073 mov eax, dword ptr fs:[00000030h] | 0_2_017D2073 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01730050 mov eax, dword ptr fs:[00000030h] | 0_2_01730050 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01730050 mov eax, dword ptr fs:[00000030h] | 0_2_01730050 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0172B02A mov eax, dword ptr fs:[00000030h] | 0_2_0172B02A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0172B02A mov eax, dword ptr fs:[00000030h] | 0_2_0172B02A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0172B02A mov eax, dword ptr fs:[00000030h] | 0_2_0172B02A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0172B02A mov eax, dword ptr fs:[00000030h] | 0_2_0172B02A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174002D mov eax, dword ptr fs:[00000030h] | 0_2_0174002D |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174002D mov eax, dword ptr fs:[00000030h] | 0_2_0174002D |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174002D mov eax, dword ptr fs:[00000030h] | 0_2_0174002D |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174002D mov eax, dword ptr fs:[00000030h] | 0_2_0174002D |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174002D mov eax, dword ptr fs:[00000030h] | 0_2_0174002D |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017E4015 mov eax, dword ptr fs:[00000030h] | 0_2_017E4015 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017E4015 mov eax, dword ptr fs:[00000030h] | 0_2_017E4015 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01797016 mov eax, dword ptr fs:[00000030h] | 0_2_01797016 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01797016 mov eax, dword ptr fs:[00000030h] | 0_2_01797016 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01797016 mov eax, dword ptr fs:[00000030h] | 0_2_01797016 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017158EC mov eax, dword ptr fs:[00000030h] | 0_2_017158EC |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017AB8D0 mov eax, dword ptr fs:[00000030h] | 0_2_017AB8D0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017AB8D0 mov ecx, dword ptr fs:[00000030h] | 0_2_017AB8D0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017AB8D0 mov eax, dword ptr fs:[00000030h] | 0_2_017AB8D0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017AB8D0 mov eax, dword ptr fs:[00000030h] | 0_2_017AB8D0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017AB8D0 mov eax, dword ptr fs:[00000030h] | 0_2_017AB8D0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017AB8D0 mov eax, dword ptr fs:[00000030h] | 0_2_017AB8D0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174F0BF mov ecx, dword ptr fs:[00000030h] | 0_2_0174F0BF |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174F0BF mov eax, dword ptr fs:[00000030h] | 0_2_0174F0BF |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174F0BF mov eax, dword ptr fs:[00000030h] | 0_2_0174F0BF |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017420A0 mov eax, dword ptr fs:[00000030h] | 0_2_017420A0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017420A0 mov eax, dword ptr fs:[00000030h] | 0_2_017420A0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017420A0 mov eax, dword ptr fs:[00000030h] | 0_2_017420A0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017420A0 mov eax, dword ptr fs:[00000030h] | 0_2_017420A0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017420A0 mov eax, dword ptr fs:[00000030h] | 0_2_017420A0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017420A0 mov eax, dword ptr fs:[00000030h] | 0_2_017420A0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017590AF mov eax, dword ptr fs:[00000030h] | 0_2_017590AF |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01719080 mov eax, dword ptr fs:[00000030h] | 0_2_01719080 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01793884 mov eax, dword ptr fs:[00000030h] | 0_2_01793884 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01793884 mov eax, dword ptr fs:[00000030h] | 0_2_01793884 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01743B7A mov eax, dword ptr fs:[00000030h] | 0_2_01743B7A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01743B7A mov eax, dword ptr fs:[00000030h] | 0_2_01743B7A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0171DB60 mov ecx, dword ptr fs:[00000030h] | 0_2_0171DB60 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017E8B58 mov eax, dword ptr fs:[00000030h] | 0_2_017E8B58 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0171F358 mov eax, dword ptr fs:[00000030h] | 0_2_0171F358 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0171DB40 mov eax, dword ptr fs:[00000030h] | 0_2_0171DB40 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017D131B mov eax, dword ptr fs:[00000030h] | 0_2_017D131B |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017403E2 mov eax, dword ptr fs:[00000030h] | 0_2_017403E2 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017403E2 mov eax, dword ptr fs:[00000030h] | 0_2_017403E2 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017403E2 mov eax, dword ptr fs:[00000030h] | 0_2_017403E2 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017403E2 mov eax, dword ptr fs:[00000030h] | 0_2_017403E2 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017403E2 mov eax, dword ptr fs:[00000030h] | 0_2_017403E2 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017403E2 mov eax, dword ptr fs:[00000030h] | 0_2_017403E2 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0173DBE9 mov eax, dword ptr fs:[00000030h] | 0_2_0173DBE9 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017953CA mov eax, dword ptr fs:[00000030h] | 0_2_017953CA |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017953CA mov eax, dword ptr fs:[00000030h] | 0_2_017953CA |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01744BAD mov eax, dword ptr fs:[00000030h] | 0_2_01744BAD |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01744BAD mov eax, dword ptr fs:[00000030h] | 0_2_01744BAD |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01744BAD mov eax, dword ptr fs:[00000030h] | 0_2_01744BAD |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017E5BA5 mov eax, dword ptr fs:[00000030h] | 0_2_017E5BA5 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01742397 mov eax, dword ptr fs:[00000030h] | 0_2_01742397 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174B390 mov eax, dword ptr fs:[00000030h] | 0_2_0174B390 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017D138A mov eax, dword ptr fs:[00000030h] | 0_2_017D138A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017CD380 mov ecx, dword ptr fs:[00000030h] | 0_2_017CD380 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01721B8F mov eax, dword ptr fs:[00000030h] | 0_2_01721B8F |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01721B8F mov eax, dword ptr fs:[00000030h] | 0_2_01721B8F |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0175927A mov eax, dword ptr fs:[00000030h] | 0_2_0175927A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017CB260 mov eax, dword ptr fs:[00000030h] | 0_2_017CB260 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017CB260 mov eax, dword ptr fs:[00000030h] | 0_2_017CB260 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017E8A62 mov eax, dword ptr fs:[00000030h] | 0_2_017E8A62 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017DEA55 mov eax, dword ptr fs:[00000030h] | 0_2_017DEA55 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017A4257 mov eax, dword ptr fs:[00000030h] | 0_2_017A4257 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01719240 mov eax, dword ptr fs:[00000030h] | 0_2_01719240 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01719240 mov eax, dword ptr fs:[00000030h] | 0_2_01719240 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01719240 mov eax, dword ptr fs:[00000030h] | 0_2_01719240 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01719240 mov eax, dword ptr fs:[00000030h] | 0_2_01719240 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01754A2C mov eax, dword ptr fs:[00000030h] | 0_2_01754A2C |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01754A2C mov eax, dword ptr fs:[00000030h] | 0_2_01754A2C |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01715210 mov eax, dword ptr fs:[00000030h] | 0_2_01715210 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01715210 mov ecx, dword ptr fs:[00000030h] | 0_2_01715210 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01715210 mov eax, dword ptr fs:[00000030h] | 0_2_01715210 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01715210 mov eax, dword ptr fs:[00000030h] | 0_2_01715210 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0171AA16 mov eax, dword ptr fs:[00000030h] | 0_2_0171AA16 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0171AA16 mov eax, dword ptr fs:[00000030h] | 0_2_0171AA16 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017DAA16 mov eax, dword ptr fs:[00000030h] | 0_2_017DAA16 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017DAA16 mov eax, dword ptr fs:[00000030h] | 0_2_017DAA16 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01733A1C mov eax, dword ptr fs:[00000030h] | 0_2_01733A1C |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01728A0A mov eax, dword ptr fs:[00000030h] | 0_2_01728A0A |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01742AE4 mov eax, dword ptr fs:[00000030h] | 0_2_01742AE4 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01742ACB mov eax, dword ptr fs:[00000030h] | 0_2_01742ACB |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0172AAB0 mov eax, dword ptr fs:[00000030h] | 0_2_0172AAB0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0172AAB0 mov eax, dword ptr fs:[00000030h] | 0_2_0172AAB0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174FAB0 mov eax, dword ptr fs:[00000030h] | 0_2_0174FAB0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017152A5 mov eax, dword ptr fs:[00000030h] | 0_2_017152A5 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017152A5 mov eax, dword ptr fs:[00000030h] | 0_2_017152A5 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017152A5 mov eax, dword ptr fs:[00000030h] | 0_2_017152A5 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017152A5 mov eax, dword ptr fs:[00000030h] | 0_2_017152A5 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017152A5 mov eax, dword ptr fs:[00000030h] | 0_2_017152A5 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174D294 mov eax, dword ptr fs:[00000030h] | 0_2_0174D294 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0174D294 mov eax, dword ptr fs:[00000030h] | 0_2_0174D294 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0173C577 mov eax, dword ptr fs:[00000030h] | 0_2_0173C577 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0173C577 mov eax, dword ptr fs:[00000030h] | 0_2_0173C577 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01737D50 mov eax, dword ptr fs:[00000030h] | 0_2_01737D50 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01753D43 mov eax, dword ptr fs:[00000030h] | 0_2_01753D43 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01793540 mov eax, dword ptr fs:[00000030h] | 0_2_01793540 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0171AD30 mov eax, dword ptr fs:[00000030h] | 0_2_0171AD30 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017DE539 mov eax, dword ptr fs:[00000030h] | 0_2_017DE539 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01723D34 mov eax, dword ptr fs:[00000030h] | 0_2_01723D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017E8D34 mov eax, dword ptr fs:[00000030h] | 0_2_017E8D34 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0179A537 mov eax, dword ptr fs:[00000030h] | 0_2_0179A537 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01744D3B mov eax, dword ptr fs:[00000030h] | 0_2_01744D3B |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01744D3B mov eax, dword ptr fs:[00000030h] | 0_2_01744D3B |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_01744D3B mov eax, dword ptr fs:[00000030h] | 0_2_01744D3B |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017C8DF1 mov eax, dword ptr fs:[00000030h] | 0_2_017C8DF1 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0172D5E0 mov eax, dword ptr fs:[00000030h] | 0_2_0172D5E0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_0172D5E0 mov eax, dword ptr fs:[00000030h] | 0_2_0172D5E0 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017DFDE2 mov eax, dword ptr fs:[00000030h] | 0_2_017DFDE2 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017DFDE2 mov eax, dword ptr fs:[00000030h] | 0_2_017DFDE2 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017DFDE2 mov eax, dword ptr fs:[00000030h] | 0_2_017DFDE2 |
Source: C:\Users\user\Desktop\7pECKdsaig.exe | Code function: 0_2_017DFDE2 mov eax, dword ptr fs:[00000030h] | 0_2_017DFDE2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF20A0 mov eax, dword ptr fs:[00000030h] | 2_2_04AF20A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF20A0 mov eax, dword ptr fs:[00000030h] | 2_2_04AF20A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF20A0 mov eax, dword ptr fs:[00000030h] | 2_2_04AF20A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF20A0 mov eax, dword ptr fs:[00000030h] | 2_2_04AF20A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF20A0 mov eax, dword ptr fs:[00000030h] | 2_2_04AF20A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF20A0 mov eax, dword ptr fs:[00000030h] | 2_2_04AF20A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFF0BF mov ecx, dword ptr fs:[00000030h] | 2_2_04AFF0BF |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFF0BF mov eax, dword ptr fs:[00000030h] | 2_2_04AFF0BF |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFF0BF mov eax, dword ptr fs:[00000030h] | 2_2_04AFF0BF |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B090AF mov eax, dword ptr fs:[00000030h] | 2_2_04B090AF |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC9080 mov eax, dword ptr fs:[00000030h] | 2_2_04AC9080 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B43884 mov eax, dword ptr fs:[00000030h] | 2_2_04B43884 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B43884 mov eax, dword ptr fs:[00000030h] | 2_2_04B43884 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD849B mov eax, dword ptr fs:[00000030h] | 2_2_04AD849B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC58EC mov eax, dword ptr fs:[00000030h] | 2_2_04AC58EC |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B814FB mov eax, dword ptr fs:[00000030h] | 2_2_04B814FB |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46CF0 mov eax, dword ptr fs:[00000030h] | 2_2_04B46CF0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46CF0 mov eax, dword ptr fs:[00000030h] | 2_2_04B46CF0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46CF0 mov eax, dword ptr fs:[00000030h] | 2_2_04B46CF0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B5B8D0 mov eax, dword ptr fs:[00000030h] | 2_2_04B5B8D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B5B8D0 mov ecx, dword ptr fs:[00000030h] | 2_2_04B5B8D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B5B8D0 mov eax, dword ptr fs:[00000030h] | 2_2_04B5B8D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B5B8D0 mov eax, dword ptr fs:[00000030h] | 2_2_04B5B8D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B5B8D0 mov eax, dword ptr fs:[00000030h] | 2_2_04B5B8D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B5B8D0 mov eax, dword ptr fs:[00000030h] | 2_2_04B5B8D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B98CD6 mov eax, dword ptr fs:[00000030h] | 2_2_04B98CD6 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF002D mov eax, dword ptr fs:[00000030h] | 2_2_04AF002D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF002D mov eax, dword ptr fs:[00000030h] | 2_2_04AF002D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF002D mov eax, dword ptr fs:[00000030h] | 2_2_04AF002D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF002D mov eax, dword ptr fs:[00000030h] | 2_2_04AF002D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF002D mov eax, dword ptr fs:[00000030h] | 2_2_04AF002D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFBC2C mov eax, dword ptr fs:[00000030h] | 2_2_04AFBC2C |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ADB02A mov eax, dword ptr fs:[00000030h] | 2_2_04ADB02A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ADB02A mov eax, dword ptr fs:[00000030h] | 2_2_04ADB02A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ADB02A mov eax, dword ptr fs:[00000030h] | 2_2_04ADB02A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ADB02A mov eax, dword ptr fs:[00000030h] | 2_2_04ADB02A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B47016 mov eax, dword ptr fs:[00000030h] | 2_2_04B47016 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B47016 mov eax, dword ptr fs:[00000030h] | 2_2_04B47016 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B47016 mov eax, dword ptr fs:[00000030h] | 2_2_04B47016 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B94015 mov eax, dword ptr fs:[00000030h] | 2_2_04B94015 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B94015 mov eax, dword ptr fs:[00000030h] | 2_2_04B94015 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B9740D mov eax, dword ptr fs:[00000030h] | 2_2_04B9740D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B9740D mov eax, dword ptr fs:[00000030h] | 2_2_04B9740D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B9740D mov eax, dword ptr fs:[00000030h] | 2_2_04B9740D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81C06 mov eax, dword ptr fs:[00000030h] | 2_2_04B81C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46C0A mov eax, dword ptr fs:[00000030h] | 2_2_04B46C0A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46C0A mov eax, dword ptr fs:[00000030h] | 2_2_04B46C0A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46C0A mov eax, dword ptr fs:[00000030h] | 2_2_04B46C0A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46C0A mov eax, dword ptr fs:[00000030h] | 2_2_04B46C0A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AE746D mov eax, dword ptr fs:[00000030h] | 2_2_04AE746D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B82073 mov eax, dword ptr fs:[00000030h] | 2_2_04B82073 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B91074 mov eax, dword ptr fs:[00000030h] | 2_2_04B91074 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFA44B mov eax, dword ptr fs:[00000030h] | 2_2_04AFA44B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B5C450 mov eax, dword ptr fs:[00000030h] | 2_2_04B5C450 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B5C450 mov eax, dword ptr fs:[00000030h] | 2_2_04B5C450 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AE0050 mov eax, dword ptr fs:[00000030h] | 2_2_04AE0050 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AE0050 mov eax, dword ptr fs:[00000030h] | 2_2_04AE0050 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B451BE mov eax, dword ptr fs:[00000030h] | 2_2_04B451BE |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B451BE mov eax, dword ptr fs:[00000030h] | 2_2_04B451BE |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B451BE mov eax, dword ptr fs:[00000030h] | 2_2_04B451BE |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B451BE mov eax, dword ptr fs:[00000030h] | 2_2_04B451BE |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF35A1 mov eax, dword ptr fs:[00000030h] | 2_2_04AF35A1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF61A0 mov eax, dword ptr fs:[00000030h] | 2_2_04AF61A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF61A0 mov eax, dword ptr fs:[00000030h] | 2_2_04AF61A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B469A6 mov eax, dword ptr fs:[00000030h] | 2_2_04B469A6 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B905AC mov eax, dword ptr fs:[00000030h] | 2_2_04B905AC |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B905AC mov eax, dword ptr fs:[00000030h] | 2_2_04B905AC |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF1DB5 mov eax, dword ptr fs:[00000030h] | 2_2_04AF1DB5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF1DB5 mov eax, dword ptr fs:[00000030h] | 2_2_04AF1DB5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF1DB5 mov eax, dword ptr fs:[00000030h] | 2_2_04AF1DB5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC2D8A mov eax, dword ptr fs:[00000030h] | 2_2_04AC2D8A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC2D8A mov eax, dword ptr fs:[00000030h] | 2_2_04AC2D8A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC2D8A mov eax, dword ptr fs:[00000030h] | 2_2_04AC2D8A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC2D8A mov eax, dword ptr fs:[00000030h] | 2_2_04AC2D8A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC2D8A mov eax, dword ptr fs:[00000030h] | 2_2_04AC2D8A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFA185 mov eax, dword ptr fs:[00000030h] | 2_2_04AFA185 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AEC182 mov eax, dword ptr fs:[00000030h] | 2_2_04AEC182 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF2581 mov eax, dword ptr fs:[00000030h] | 2_2_04AF2581 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF2581 mov eax, dword ptr fs:[00000030h] | 2_2_04AF2581 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF2581 mov eax, dword ptr fs:[00000030h] | 2_2_04AF2581 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF2581 mov eax, dword ptr fs:[00000030h] | 2_2_04AF2581 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFFD9B mov eax, dword ptr fs:[00000030h] | 2_2_04AFFD9B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFFD9B mov eax, dword ptr fs:[00000030h] | 2_2_04AFFD9B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF2990 mov eax, dword ptr fs:[00000030h] | 2_2_04AF2990 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B78DF1 mov eax, dword ptr fs:[00000030h] | 2_2_04B78DF1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACB1E1 mov eax, dword ptr fs:[00000030h] | 2_2_04ACB1E1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACB1E1 mov eax, dword ptr fs:[00000030h] | 2_2_04ACB1E1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACB1E1 mov eax, dword ptr fs:[00000030h] | 2_2_04ACB1E1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ADD5E0 mov eax, dword ptr fs:[00000030h] | 2_2_04ADD5E0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ADD5E0 mov eax, dword ptr fs:[00000030h] | 2_2_04ADD5E0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B8FDE2 mov eax, dword ptr fs:[00000030h] | 2_2_04B8FDE2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B8FDE2 mov eax, dword ptr fs:[00000030h] | 2_2_04B8FDE2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B8FDE2 mov eax, dword ptr fs:[00000030h] | 2_2_04B8FDE2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B8FDE2 mov eax, dword ptr fs:[00000030h] | 2_2_04B8FDE2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B541E8 mov eax, dword ptr fs:[00000030h] | 2_2_04B541E8 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46DC9 mov eax, dword ptr fs:[00000030h] | 2_2_04B46DC9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46DC9 mov eax, dword ptr fs:[00000030h] | 2_2_04B46DC9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46DC9 mov eax, dword ptr fs:[00000030h] | 2_2_04B46DC9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46DC9 mov ecx, dword ptr fs:[00000030h] | 2_2_04B46DC9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46DC9 mov eax, dword ptr fs:[00000030h] | 2_2_04B46DC9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B46DC9 mov eax, dword ptr fs:[00000030h] | 2_2_04B46DC9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B8E539 mov eax, dword ptr fs:[00000030h] | 2_2_04B8E539 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B4A537 mov eax, dword ptr fs:[00000030h] | 2_2_04B4A537 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B98D34 mov eax, dword ptr fs:[00000030h] | 2_2_04B98D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AE4120 mov eax, dword ptr fs:[00000030h] | 2_2_04AE4120 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AE4120 mov eax, dword ptr fs:[00000030h] | 2_2_04AE4120 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AE4120 mov eax, dword ptr fs:[00000030h] | 2_2_04AE4120 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AE4120 mov eax, dword ptr fs:[00000030h] | 2_2_04AE4120 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AE4120 mov ecx, dword ptr fs:[00000030h] | 2_2_04AE4120 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF4D3B mov eax, dword ptr fs:[00000030h] | 2_2_04AF4D3B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF4D3B mov eax, dword ptr fs:[00000030h] | 2_2_04AF4D3B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF4D3B mov eax, dword ptr fs:[00000030h] | 2_2_04AF4D3B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF513A mov eax, dword ptr fs:[00000030h] | 2_2_04AF513A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF513A mov eax, dword ptr fs:[00000030h] | 2_2_04AF513A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD3D34 mov eax, dword ptr fs:[00000030h] | 2_2_04AD3D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACAD30 mov eax, dword ptr fs:[00000030h] | 2_2_04ACAD30 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC9100 mov eax, dword ptr fs:[00000030h] | 2_2_04AC9100 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC9100 mov eax, dword ptr fs:[00000030h] | 2_2_04AC9100 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC9100 mov eax, dword ptr fs:[00000030h] | 2_2_04AC9100 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACC962 mov eax, dword ptr fs:[00000030h] | 2_2_04ACC962 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AEC577 mov eax, dword ptr fs:[00000030h] | 2_2_04AEC577 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AEC577 mov eax, dword ptr fs:[00000030h] | 2_2_04AEC577 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACB171 mov eax, dword ptr fs:[00000030h] | 2_2_04ACB171 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACB171 mov eax, dword ptr fs:[00000030h] | 2_2_04ACB171 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AEB944 mov eax, dword ptr fs:[00000030h] | 2_2_04AEB944 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AEB944 mov eax, dword ptr fs:[00000030h] | 2_2_04AEB944 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B03D43 mov eax, dword ptr fs:[00000030h] | 2_2_04B03D43 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B43540 mov eax, dword ptr fs:[00000030h] | 2_2_04B43540 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AE7D50 mov eax, dword ptr fs:[00000030h] | 2_2_04AE7D50 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC52A5 mov eax, dword ptr fs:[00000030h] | 2_2_04AC52A5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC52A5 mov eax, dword ptr fs:[00000030h] | 2_2_04AC52A5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC52A5 mov eax, dword ptr fs:[00000030h] | 2_2_04AC52A5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC52A5 mov eax, dword ptr fs:[00000030h] | 2_2_04AC52A5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC52A5 mov eax, dword ptr fs:[00000030h] | 2_2_04AC52A5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B446A7 mov eax, dword ptr fs:[00000030h] | 2_2_04B446A7 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B90EA5 mov eax, dword ptr fs:[00000030h] | 2_2_04B90EA5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B90EA5 mov eax, dword ptr fs:[00000030h] | 2_2_04B90EA5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B90EA5 mov eax, dword ptr fs:[00000030h] | 2_2_04B90EA5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ADAAB0 mov eax, dword ptr fs:[00000030h] | 2_2_04ADAAB0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ADAAB0 mov eax, dword ptr fs:[00000030h] | 2_2_04ADAAB0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFFAB0 mov eax, dword ptr fs:[00000030h] | 2_2_04AFFAB0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B5FE87 mov eax, dword ptr fs:[00000030h] | 2_2_04B5FE87 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFD294 mov eax, dword ptr fs:[00000030h] | 2_2_04AFD294 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFD294 mov eax, dword ptr fs:[00000030h] | 2_2_04AFD294 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF2AE4 mov eax, dword ptr fs:[00000030h] | 2_2_04AF2AE4 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF16E0 mov ecx, dword ptr fs:[00000030h] | 2_2_04AF16E0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD76E2 mov eax, dword ptr fs:[00000030h] | 2_2_04AD76E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF36CC mov eax, dword ptr fs:[00000030h] | 2_2_04AF36CC |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF2ACB mov eax, dword ptr fs:[00000030h] | 2_2_04AF2ACB |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B98ED6 mov eax, dword ptr fs:[00000030h] | 2_2_04B98ED6 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B7FEC0 mov eax, dword ptr fs:[00000030h] | 2_2_04B7FEC0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B08EC7 mov eax, dword ptr fs:[00000030h] | 2_2_04B08EC7 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B7FE3F mov eax, dword ptr fs:[00000030h] | 2_2_04B7FE3F |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACE620 mov eax, dword ptr fs:[00000030h] | 2_2_04ACE620 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B04A2C mov eax, dword ptr fs:[00000030h] | 2_2_04B04A2C |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B04A2C mov eax, dword ptr fs:[00000030h] | 2_2_04B04A2C |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD8A0A mov eax, dword ptr fs:[00000030h] | 2_2_04AD8A0A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACC600 mov eax, dword ptr fs:[00000030h] | 2_2_04ACC600 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACC600 mov eax, dword ptr fs:[00000030h] | 2_2_04ACC600 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACC600 mov eax, dword ptr fs:[00000030h] | 2_2_04ACC600 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF8E00 mov eax, dword ptr fs:[00000030h] | 2_2_04AF8E00 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B81608 mov eax, dword ptr fs:[00000030h] | 2_2_04B81608 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AE3A1C mov eax, dword ptr fs:[00000030h] | 2_2_04AE3A1C |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFA61C mov eax, dword ptr fs:[00000030h] | 2_2_04AFA61C |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFA61C mov eax, dword ptr fs:[00000030h] | 2_2_04AFA61C |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACAA16 mov eax, dword ptr fs:[00000030h] | 2_2_04ACAA16 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACAA16 mov eax, dword ptr fs:[00000030h] | 2_2_04ACAA16 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC5210 mov eax, dword ptr fs:[00000030h] | 2_2_04AC5210 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC5210 mov ecx, dword ptr fs:[00000030h] | 2_2_04AC5210 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC5210 mov eax, dword ptr fs:[00000030h] | 2_2_04AC5210 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC5210 mov eax, dword ptr fs:[00000030h] | 2_2_04AC5210 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD766D mov eax, dword ptr fs:[00000030h] | 2_2_04AD766D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B0927A mov eax, dword ptr fs:[00000030h] | 2_2_04B0927A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B7B260 mov eax, dword ptr fs:[00000030h] | 2_2_04B7B260 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B7B260 mov eax, dword ptr fs:[00000030h] | 2_2_04B7B260 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B98A62 mov eax, dword ptr fs:[00000030h] | 2_2_04B98A62 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AEAE73 mov eax, dword ptr fs:[00000030h] | 2_2_04AEAE73 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AEAE73 mov eax, dword ptr fs:[00000030h] | 2_2_04AEAE73 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AEAE73 mov eax, dword ptr fs:[00000030h] | 2_2_04AEAE73 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AEAE73 mov eax, dword ptr fs:[00000030h] | 2_2_04AEAE73 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AEAE73 mov eax, dword ptr fs:[00000030h] | 2_2_04AEAE73 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B54257 mov eax, dword ptr fs:[00000030h] | 2_2_04B54257 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC9240 mov eax, dword ptr fs:[00000030h] | 2_2_04AC9240 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC9240 mov eax, dword ptr fs:[00000030h] | 2_2_04AC9240 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC9240 mov eax, dword ptr fs:[00000030h] | 2_2_04AC9240 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC9240 mov eax, dword ptr fs:[00000030h] | 2_2_04AC9240 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD7E41 mov eax, dword ptr fs:[00000030h] | 2_2_04AD7E41 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD7E41 mov eax, dword ptr fs:[00000030h] | 2_2_04AD7E41 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD7E41 mov eax, dword ptr fs:[00000030h] | 2_2_04AD7E41 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD7E41 mov eax, dword ptr fs:[00000030h] | 2_2_04AD7E41 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD7E41 mov eax, dword ptr fs:[00000030h] | 2_2_04AD7E41 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD7E41 mov eax, dword ptr fs:[00000030h] | 2_2_04AD7E41 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B8EA55 mov eax, dword ptr fs:[00000030h] | 2_2_04B8EA55 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B8AE44 mov eax, dword ptr fs:[00000030h] | 2_2_04B8AE44 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B8AE44 mov eax, dword ptr fs:[00000030h] | 2_2_04B8AE44 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF4BAD mov eax, dword ptr fs:[00000030h] | 2_2_04AF4BAD |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF4BAD mov eax, dword ptr fs:[00000030h] | 2_2_04AF4BAD |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF4BAD mov eax, dword ptr fs:[00000030h] | 2_2_04AF4BAD |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B95BA5 mov eax, dword ptr fs:[00000030h] | 2_2_04B95BA5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B47794 mov eax, dword ptr fs:[00000030h] | 2_2_04B47794 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B47794 mov eax, dword ptr fs:[00000030h] | 2_2_04B47794 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B47794 mov eax, dword ptr fs:[00000030h] | 2_2_04B47794 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD1B8F mov eax, dword ptr fs:[00000030h] | 2_2_04AD1B8F |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD1B8F mov eax, dword ptr fs:[00000030h] | 2_2_04AD1B8F |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B8138A mov eax, dword ptr fs:[00000030h] | 2_2_04B8138A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B7D380 mov ecx, dword ptr fs:[00000030h] | 2_2_04B7D380 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF2397 mov eax, dword ptr fs:[00000030h] | 2_2_04AF2397 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AD8794 mov eax, dword ptr fs:[00000030h] | 2_2_04AD8794 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFB390 mov eax, dword ptr fs:[00000030h] | 2_2_04AFB390 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B037F5 mov eax, dword ptr fs:[00000030h] | 2_2_04B037F5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AEDBE9 mov eax, dword ptr fs:[00000030h] | 2_2_04AEDBE9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF03E2 mov eax, dword ptr fs:[00000030h] | 2_2_04AF03E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF03E2 mov eax, dword ptr fs:[00000030h] | 2_2_04AF03E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF03E2 mov eax, dword ptr fs:[00000030h] | 2_2_04AF03E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF03E2 mov eax, dword ptr fs:[00000030h] | 2_2_04AF03E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF03E2 mov eax, dword ptr fs:[00000030h] | 2_2_04AF03E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF03E2 mov eax, dword ptr fs:[00000030h] | 2_2_04AF03E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B453CA mov eax, dword ptr fs:[00000030h] | 2_2_04B453CA |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B453CA mov eax, dword ptr fs:[00000030h] | 2_2_04B453CA |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC4F2E mov eax, dword ptr fs:[00000030h] | 2_2_04AC4F2E |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AC4F2E mov eax, dword ptr fs:[00000030h] | 2_2_04AC4F2E |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFE730 mov eax, dword ptr fs:[00000030h] | 2_2_04AFE730 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFA70E mov eax, dword ptr fs:[00000030h] | 2_2_04AFA70E |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AFA70E mov eax, dword ptr fs:[00000030h] | 2_2_04AFA70E |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B8131B mov eax, dword ptr fs:[00000030h] | 2_2_04B8131B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B5FF10 mov eax, dword ptr fs:[00000030h] | 2_2_04B5FF10 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B5FF10 mov eax, dword ptr fs:[00000030h] | 2_2_04B5FF10 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B9070D mov eax, dword ptr fs:[00000030h] | 2_2_04B9070D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B9070D mov eax, dword ptr fs:[00000030h] | 2_2_04B9070D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AEF716 mov eax, dword ptr fs:[00000030h] | 2_2_04AEF716 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACDB60 mov ecx, dword ptr fs:[00000030h] | 2_2_04ACDB60 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ADFF60 mov eax, dword ptr fs:[00000030h] | 2_2_04ADFF60 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B98F6A mov eax, dword ptr fs:[00000030h] | 2_2_04B98F6A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF3B7A mov eax, dword ptr fs:[00000030h] | 2_2_04AF3B7A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04AF3B7A mov eax, dword ptr fs:[00000030h] | 2_2_04AF3B7A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04B98B58 mov eax, dword ptr fs:[00000030h] | 2_2_04B98B58 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACDB40 mov eax, dword ptr fs:[00000030h] | 2_2_04ACDB40 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ADEF40 mov eax, dword ptr fs:[00000030h] | 2_2_04ADEF40 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 2_2_04ACF358 mov eax, dword ptr fs:[00000030h] | 2_2_04ACF358 |