| Source: explorer.exe, 00000008.00000000.1313732014.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2553898092.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271278788.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2273025067.000000000730A000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0 |
| Source: explorer.exe, 00000008.00000000.1313732014.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2553898092.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271278788.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2273025067.000000000730A000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07 |
| Source: explorer.exe, 00000008.00000000.1313732014.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2553898092.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271278788.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2273025067.000000000730A000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0 |
| Source: explorer.exe, 00000008.00000000.1313732014.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2553898092.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271278788.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.0000000007306000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2273025067.000000000730A000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di |
| Source: explorer.exe, 00000008.00000002.2552467444.0000000008820000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000003.2273196874.000000000C123000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1317036232.000000000C10B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2550734202.0000000007C70000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000000.1312390710.0000000008810000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000008.00000002.2558687782.000000000C124000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://schemas.micro |
| Source: explorer.exe, 00000008.00000003.2273196874.000000000C123000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1317036232.000000000C10B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2558687782.000000000C124000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://schemas.microsoft. |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.1130.vip |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.1130.vip/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.1130.vip/ud04/www.el-radu-easy4y.one |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.1130.vipReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.2creativedesign.online |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.2creativedesign.online/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.2creativedesign.online/ud04/www.edcn.link |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.2creativedesign.onlineReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.akrzus.pro |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.akrzus.pro/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.akrzus.pro/ud04/www.gzvmt.info |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.akrzus.proReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.asik-eye-surgery-63293.bond |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.asik-eye-surgery-63293.bond/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.asik-eye-surgery-63293.bond/ud04/www.rofilern.net |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.asik-eye-surgery-63293.bondReferer: |
| Source: explorer.exe, 00000008.00000003.2272193145.000000000C42C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271217508.000000000C41F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1317036232.000000000C3F7000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.autoitscript.com/autoit3/J |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.df.clinic |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.df.clinic/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.df.clinic/ud04/www.lranchomx.xyz |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.df.clinicReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ec.baby |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ec.baby/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ec.baby/ud04/www.2creativedesign.online |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ec.babyReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.edcn.link |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.edcn.link/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.edcn.link/ud04/www.ybzert.online |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.edcn.linkReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.el-radu-easy4y.one |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.el-radu-easy4y.one/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.el-radu-easy4y.one/ud04/www.asik-eye-surgery-63293.bond |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.el-radu-easy4y.oneReferer: |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071A4000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.foreca.com |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.gzvmt.info |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.gzvmt.info/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.gzvmt.info/ud04/P |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.gzvmt.infoReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.iuxy.host |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.iuxy.host/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.iuxy.host/ud04/www.df.clinic |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.iuxy.hostReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.lranchomx.xyz |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.lranchomx.xyz/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.lranchomx.xyz/ud04/www.1130.vip |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.lranchomx.xyzReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.narchists.info |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.narchists.info/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.narchists.info/ud04/www.ec.baby |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.narchists.infoReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.rofilern.net |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.rofilern.net/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.rofilern.net/ud04/www.uy-now-pay-later-74776.bond |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.rofilern.netReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.unluoren.top |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.unluoren.top/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.unluoren.top/ud04/www.narchists.info |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.unluoren.topReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.uy-now-pay-later-74776.bond |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.uy-now-pay-later-74776.bond/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.uy-now-pay-later-74776.bond/ud04/www.akrzus.pro |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.uy-now-pay-later-74776.bondReferer: |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ybzert.online |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ybzert.online/ud04/ |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ybzert.online/ud04/www.iuxy.host |
| Source: explorer.exe, 00000008.00000003.2271251503.000000000C54B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2559597832.000000000C54E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271013980.000000000C46C000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: http://www.ybzert.onlineReferer: |
| Source: explorer.exe, 00000008.00000000.1313732014.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2553898092.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271278788.0000000008F4D000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp |
| Source: explorer.exe, 00000008.00000003.2271278788.000000000913F000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1313732014.000000000913F000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://android.notify.windows.com/iOS |
| Source: explorer.exe, 00000008.00000002.2553898092.0000000008F09000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/ |
| Source: explorer.exe, 00000008.00000002.2553898092.0000000008DB0000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind |
| Source: explorer.exe, 00000008.00000000.1313732014.0000000008F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271278788.0000000008F09000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2553898092.0000000008F09000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows? |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=DD4083B70FE54739AB05D6BBA3484042&timeOut=5000&oc |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows? |
| Source: explorer.exe, 00000008.00000002.2547244184.0000000007276000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.0000000007276000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?t |
| Source: explorer.exe, 00000008.00000002.2553898092.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1313732014.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271278788.0000000008DFE000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://arc.msn.com |
| Source: explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings |
| Source: explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark |
| Source: explorer.exe, 00000008.00000000.1317036232.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2558094598.000000000C091000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://excel.office.com |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11f7Wa.img |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bjET8.img |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1c9Jin.img |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img |
| Source: explorer.exe, 00000008.00000000.1317036232.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2558094598.000000000C091000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://outlook.com |
| Source: explorer.exe, 00000008.00000000.1317036232.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2558094598.000000000C091000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://powerpoint.office.com |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew |
| Source: explorer.exe, 00000008.00000002.2553898092.00000000090F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1313732014.00000000090F2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2271278788.00000000090F2000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://wns.windows.com/ |
| Source: explorer.exe, 00000008.00000000.1317036232.000000000C091000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000002.2558094598.000000000C091000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://word.office.com |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/what-to-do-if-a-worst-case-nuclear-scenario-actua |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/money/markets/costco-is-seeing-a-gold-rush-what-s-behind-the-demand-for-it |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/money/realestate/why-this-florida-city-is-a-safe-haven-from-hurricanes/ar- |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/music/news/6-rock-ballads-that-tug-at-the-heartstrings/ar-AA1hIdsm |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/politics/kinzinger-has-theory-about-who-next-house-speaker-will-be/vi |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/technology/prehistoric-comet-impacted-earth-and-triggered-the-switch- |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/news/us/dumb-and-dumber-12-states-with-the-absolute-worst-education-in-the |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/sports/other/simone-biles-leads-u-s-women-s-team-to-seventh-straight-world |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/weather/topstories/accuweather-el-ni |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/weather/topstories/here-s-who-could-see-above-average-snowfall-this-winter |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-winter-forecast-for-the-2023-2024-season/ar-AA1hGINt |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071FC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000008.00000000.1308885201.00000000071FC000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.msn.com:443/en-us/feed |
| Source: explorer.exe, 00000008.00000002.2547244184.00000000071A4000.00000004.00000001.00020000.00000000.sdmp | String found in binary or memory: https://www.pollensense.com/ |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0041A340 NtCreateFile, | 7_2_0041A340 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0041A3F0 NtReadFile, | 7_2_0041A3F0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0041A470 NtClose, | 7_2_0041A470 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0041A520 NtAllocateVirtualMemory, | 7_2_0041A520 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0041A3EB NtReadFile, | 7_2_0041A3EB |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0041A392 NtCreateFile,NtReadFile, | 7_2_0041A392 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0041A51C NtAllocateVirtualMemory, | 7_2_0041A51C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672B60 NtClose,LdrInitializeThunk, | 7_2_03672B60 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672BF0 NtAllocateVirtualMemory,LdrInitializeThunk, | 7_2_03672BF0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672AD0 NtReadFile,LdrInitializeThunk, | 7_2_03672AD0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672F30 NtCreateSection,LdrInitializeThunk, | 7_2_03672F30 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672FE0 NtCreateFile,LdrInitializeThunk, | 7_2_03672FE0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672FB0 NtResumeThread,LdrInitializeThunk, | 7_2_03672FB0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672F90 NtProtectVirtualMemory,LdrInitializeThunk, | 7_2_03672F90 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672EA0 NtAdjustPrivilegesToken,LdrInitializeThunk, | 7_2_03672EA0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672E80 NtReadVirtualMemory,LdrInitializeThunk, | 7_2_03672E80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672D30 NtUnmapViewOfSection,LdrInitializeThunk, | 7_2_03672D30 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672D10 NtMapViewOfSection,LdrInitializeThunk, | 7_2_03672D10 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672DF0 NtQuerySystemInformation,LdrInitializeThunk, | 7_2_03672DF0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672DD0 NtDelayExecution,LdrInitializeThunk, | 7_2_03672DD0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672C70 NtFreeVirtualMemory,LdrInitializeThunk, | 7_2_03672C70 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672CA0 NtQueryInformationToken,LdrInitializeThunk, | 7_2_03672CA0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03674340 NtSetContextThread, | 7_2_03674340 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03674650 NtSuspendThread, | 7_2_03674650 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672BE0 NtQueryValueKey, | 7_2_03672BE0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672BA0 NtEnumerateValueKey, | 7_2_03672BA0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672B80 NtQueryInformationFile, | 7_2_03672B80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672AF0 NtWriteFile, | 7_2_03672AF0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672AB0 NtWaitForSingleObject, | 7_2_03672AB0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672F60 NtCreateProcessEx, | 7_2_03672F60 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672FA0 NtQuerySection, | 7_2_03672FA0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672E30 NtWriteVirtualMemory, | 7_2_03672E30 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672EE0 NtQueueApcThread, | 7_2_03672EE0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672D00 NtSetInformationFile, | 7_2_03672D00 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672DB0 NtEnumerateKey, | 7_2_03672DB0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672C60 NtCreateKey, | 7_2_03672C60 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672C00 NtQueryInformationProcess, | 7_2_03672C00 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672CF0 NtOpenProcess, | 7_2_03672CF0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672CC0 NtQueryVirtualMemory, | 7_2_03672CC0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03673010 NtOpenDirectoryObject, | 7_2_03673010 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03673090 NtSetValueKey, | 7_2_03673090 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036735C0 NtCreateMutant, | 7_2_036735C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036739B0 NtGetContextThread, | 7_2_036739B0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03673D70 NtOpenThread, | 7_2_03673D70 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03673D10 NtOpenProcessToken, | 7_2_03673D10 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03ABA036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread,NtClose, | 7_2_03ABA036 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03ABA042 NtQueryInformationProcess, | 7_2_03ABA042 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_107A3232 NtCreateFile, | 8_2_107A3232 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_107A4E12 NtProtectVirtualMemory, | 8_2_107A4E12 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_107A4E0A NtProtectVirtualMemory, | 8_2_107A4E0A |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2B60 NtClose,LdrInitializeThunk, | 10_2_037B2B60 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2BF0 NtAllocateVirtualMemory,LdrInitializeThunk, | 10_2_037B2BF0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2BE0 NtQueryValueKey,LdrInitializeThunk, | 10_2_037B2BE0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2AD0 NtReadFile,LdrInitializeThunk, | 10_2_037B2AD0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2F30 NtCreateSection,LdrInitializeThunk, | 10_2_037B2F30 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2FE0 NtCreateFile,LdrInitializeThunk, | 10_2_037B2FE0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2EA0 NtAdjustPrivilegesToken,LdrInitializeThunk, | 10_2_037B2EA0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2D10 NtMapViewOfSection,LdrInitializeThunk, | 10_2_037B2D10 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2DF0 NtQuerySystemInformation,LdrInitializeThunk, | 10_2_037B2DF0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2DD0 NtDelayExecution,LdrInitializeThunk, | 10_2_037B2DD0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2C70 NtFreeVirtualMemory,LdrInitializeThunk, | 10_2_037B2C70 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2C60 NtCreateKey,LdrInitializeThunk, | 10_2_037B2C60 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2CA0 NtQueryInformationToken,LdrInitializeThunk, | 10_2_037B2CA0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B35C0 NtCreateMutant,LdrInitializeThunk, | 10_2_037B35C0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B4340 NtSetContextThread, | 10_2_037B4340 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B4650 NtSuspendThread, | 10_2_037B4650 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2BA0 NtEnumerateValueKey, | 10_2_037B2BA0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2B80 NtQueryInformationFile, | 10_2_037B2B80 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2AF0 NtWriteFile, | 10_2_037B2AF0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2AB0 NtWaitForSingleObject, | 10_2_037B2AB0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2F60 NtCreateProcessEx, | 10_2_037B2F60 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2FB0 NtResumeThread, | 10_2_037B2FB0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2FA0 NtQuerySection, | 10_2_037B2FA0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2F90 NtProtectVirtualMemory, | 10_2_037B2F90 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2E30 NtWriteVirtualMemory, | 10_2_037B2E30 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2EE0 NtQueueApcThread, | 10_2_037B2EE0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2E80 NtReadVirtualMemory, | 10_2_037B2E80 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2D30 NtUnmapViewOfSection, | 10_2_037B2D30 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2D00 NtSetInformationFile, | 10_2_037B2D00 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2DB0 NtEnumerateKey, | 10_2_037B2DB0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2C00 NtQueryInformationProcess, | 10_2_037B2C00 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2CF0 NtOpenProcess, | 10_2_037B2CF0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B2CC0 NtQueryVirtualMemory, | 10_2_037B2CC0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B3010 NtOpenDirectoryObject, | 10_2_037B3010 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B3090 NtSetValueKey, | 10_2_037B3090 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B39B0 NtGetContextThread, | 10_2_037B39B0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B3D70 NtOpenThread, | 10_2_037B3D70 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B3D10 NtOpenProcessToken, | 10_2_037B3D10 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030CA340 NtCreateFile, | 10_2_030CA340 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030CA3F0 NtReadFile, | 10_2_030CA3F0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030CA520 NtAllocateVirtualMemory, | 10_2_030CA520 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030CA470 NtClose, | 10_2_030CA470 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030CA392 NtCreateFile,NtReadFile, | 10_2_030CA392 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030CA3EB NtReadFile, | 10_2_030CA3EB |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030CA51C NtAllocateVirtualMemory, | 10_2_030CA51C |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03669BAF NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtUnmapViewOfSection,NtClose, | 10_2_03669BAF |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0366A036 NtQueryInformationProcess,NtSuspendThread,NtSetContextThread,NtQueueApcThread,NtResumeThread, | 10_2_0366A036 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03669BB2 NtCreateSection,NtMapViewOfSection,NtMapViewOfSection, | 10_2_03669BB2 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0366A042 NtQueryInformationProcess, | 10_2_0366A042 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003EB043 | 4_2_003EB043 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003D3200 | 4_2_003D3200 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003D3B70 | 4_2_003D3B70 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003F410F | 4_2_003F410F |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003E02A4 | 4_2_003E02A4 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003F038E | 4_2_003F038E |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003CE3E3 | 4_2_003CE3E3 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003F467F | 4_2_003F467F |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003E06D9 | 4_2_003E06D9 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_0042AACE | 4_2_0042AACE |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003F4BEF | 4_2_003F4BEF |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003ECCC1 | 4_2_003ECCC1 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003C6F07 | 4_2_003C6F07 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003CAF50 | 4_2_003CAF50 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003DB11F | 4_2_003DB11F |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003ED1B9 | 4_2_003ED1B9 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_004231BC | 4_2_004231BC |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003E123A | 4_2_003E123A |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003F724D | 4_2_003F724D |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_004013CA | 4_2_004013CA |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003C93F0 | 4_2_003C93F0 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003DF563 | 4_2_003DF563 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_0040B6CC | 4_2_0040B6CC |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003C96C0 | 4_2_003C96C0 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003C77B0 | 4_2_003C77B0 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003F79C9 | 4_2_003F79C9 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003DFA57 | 4_2_003DFA57 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003C9B60 | 4_2_003C9B60 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003C7D19 | 4_2_003C7D19 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003DFE6F | 4_2_003DFE6F |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003E9ED0 | 4_2_003E9ED0 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_003C7FA3 | 4_2_003C7FA3 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_0128CA68 | 4_2_0128CA68 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_00401026 | 7_2_00401026 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_00401030 | 7_2_00401030 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0041E1B7 | 7_2_0041E1B7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0041DA08 | 7_2_0041DA08 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_00402D87 | 7_2_00402D87 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_00402D90 | 7_2_00402D90 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_00409E5B | 7_2_00409E5B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_00409E60 | 7_2_00409E60 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_00402FB0 | 7_2_00402FB0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FA352 | 7_2_036FA352 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364E3F0 | 7_2_0364E3F0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_037003E6 | 7_2_037003E6 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C02C0 | 7_2_036C02C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C8158 | 7_2_036C8158 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03630100 | 7_2_03630100 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DA118 | 7_2_036DA118 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F81CC | 7_2_036F81CC |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F41A2 | 7_2_036F41A2 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_037001AA | 7_2_037001AA |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D2000 | 7_2_036D2000 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03664750 | 7_2_03664750 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363C7C0 | 7_2_0363C7C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365C6E0 | 7_2_0365C6E0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640535 | 7_2_03640535 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03700591 | 7_2_03700591 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F2446 | 7_2_036F2446 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E4420 | 7_2_036E4420 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036EE4F6 | 7_2_036EE4F6 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FAB40 | 7_2_036FAB40 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F6BD7 | 7_2_036F6BD7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363EA80 | 7_2_0363EA80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03656962 | 7_2_03656962 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0370A9A6 | 7_2_0370A9A6 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364A840 | 7_2_0364A840 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03642840 | 7_2_03642840 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E8F0 | 7_2_0366E8F0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036268B8 | 7_2_036268B8 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B4F40 | 7_2_036B4F40 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03682F28 | 7_2_03682F28 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03660F30 | 7_2_03660F30 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E2F30 | 7_2_036E2F30 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364CFE0 | 7_2_0364CFE0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03632FC8 | 7_2_03632FC8 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036BEFA0 | 7_2_036BEFA0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640E59 | 7_2_03640E59 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FEE26 | 7_2_036FEE26 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FEEDB | 7_2_036FEEDB |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03652E90 | 7_2_03652E90 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FCE93 | 7_2_036FCE93 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364AD00 | 7_2_0364AD00 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DCD1F | 7_2_036DCD1F |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363ADE0 | 7_2_0363ADE0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03658DBF | 7_2_03658DBF |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640C00 | 7_2_03640C00 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03630CF2 | 7_2_03630CF2 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0CB5 | 7_2_036E0CB5 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362D34C | 7_2_0362D34C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F132D | 7_2_036F132D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0368739A | 7_2_0368739A |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E12ED | 7_2_036E12ED |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365B2C0 | 7_2_0365B2C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036452A0 | 7_2_036452A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0367516C | 7_2_0367516C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362F172 | 7_2_0362F172 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0370B16B | 7_2_0370B16B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364B1B0 | 7_2_0364B1B0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F70E9 | 7_2_036F70E9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FF0E0 | 7_2_036FF0E0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036EF0CC | 7_2_036EF0CC |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036470C0 | 7_2_036470C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FF7B0 | 7_2_036FF7B0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03685630 | 7_2_03685630 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F16CC | 7_2_036F16CC |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F7571 | 7_2_036F7571 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_037095C3 | 7_2_037095C3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DD5B0 | 7_2_036DD5B0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03631460 | 7_2_03631460 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FF43F | 7_2_036FF43F |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FFB76 | 7_2_036FFB76 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B5BF0 | 7_2_036B5BF0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0367DBF9 | 7_2_0367DBF9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365FB80 | 7_2_0365FB80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B3A6C | 7_2_036B3A6C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FFA49 | 7_2_036FFA49 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F7A46 | 7_2_036F7A46 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036EDAC6 | 7_2_036EDAC6 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DDAAC | 7_2_036DDAAC |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03685AA0 | 7_2_03685AA0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E1AA3 | 7_2_036E1AA3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03649950 | 7_2_03649950 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365B950 | 7_2_0365B950 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D5910 | 7_2_036D5910 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AD800 | 7_2_036AD800 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036438E0 | 7_2_036438E0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FFF09 | 7_2_036FFF09 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FFFB1 | 7_2_036FFFB1 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03641F92 | 7_2_03641F92 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03649EB0 | 7_2_03649EB0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F7D73 | 7_2_036F7D73 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03643D40 | 7_2_03643D40 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F1D5A | 7_2_036F1D5A |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365FDC0 | 7_2_0365FDC0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B9C32 | 7_2_036B9C32 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FFCF2 | 7_2_036FFCF2 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03ABA036 | 7_2_03ABA036 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03ABB232 | 7_2_03ABB232 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03AB1082 | 7_2_03AB1082 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03ABE5CD | 7_2_03ABE5CD |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03AB5B32 | 7_2_03AB5B32 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03AB5B30 | 7_2_03AB5B30 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03AB8912 | 7_2_03AB8912 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03AB2D02 | 7_2_03AB2D02 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_107A3232 | 8_2_107A3232 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_107A2036 | 8_2_107A2036 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_10799082 | 8_2_10799082 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_1079DB30 | 8_2_1079DB30 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_1079DB32 | 8_2_1079DB32 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_107A0912 | 8_2_107A0912 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_1079AD02 | 8_2_1079AD02 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_107A65CD | 8_2_107A65CD |
| Source: C:\Windows\explorer.exe | Code function: 8_2_10C5D082 | 8_2_10C5D082 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_10C66036 | 8_2_10C66036 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_10C6A5CD | 8_2_10C6A5CD |
| Source: C:\Windows\explorer.exe | Code function: 8_2_10C5ED02 | 8_2_10C5ED02 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_10C64912 | 8_2_10C64912 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_10C67232 | 8_2_10C67232 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_10C61B32 | 8_2_10C61B32 |
| Source: C:\Windows\explorer.exe | Code function: 8_2_10C61B30 | 8_2_10C61B30 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_038403E6 | 10_2_038403E6 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0378E3F0 | 10_2_0378E3F0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383A352 | 10_2_0383A352 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_038002C0 | 10_2_038002C0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03820274 | 10_2_03820274 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_038341A2 | 10_2_038341A2 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_038401AA | 10_2_038401AA |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_038381CC | 10_2_038381CC |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03770100 | 10_2_03770100 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0381A118 | 10_2_0381A118 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03808158 | 10_2_03808158 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03812000 | 10_2_03812000 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03780770 | 10_2_03780770 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037A4750 | 10_2_037A4750 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0377C7C0 | 10_2_0377C7C0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0379C6E0 | 10_2_0379C6E0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03840591 | 10_2_03840591 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03780535 | 10_2_03780535 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0382E4F6 | 10_2_0382E4F6 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03824420 | 10_2_03824420 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03832446 | 10_2_03832446 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03836BD7 | 10_2_03836BD7 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383AB40 | 10_2_0383AB40 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0377EA80 | 10_2_0377EA80 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03796962 | 10_2_03796962 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0384A9A6 | 10_2_0384A9A6 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037829A0 | 10_2_037829A0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0378A840 | 10_2_0378A840 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03782840 | 10_2_03782840 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037AE8F0 | 10_2_037AE8F0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037668B8 | 10_2_037668B8 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037F4F40 | 10_2_037F4F40 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037A0F30 | 10_2_037A0F30 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037C2F28 | 10_2_037C2F28 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0378CFE0 | 10_2_0378CFE0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03822F30 | 10_2_03822F30 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03772FC8 | 10_2_03772FC8 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037FEFA0 | 10_2_037FEFA0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383CE93 | 10_2_0383CE93 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03780E59 | 10_2_03780E59 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383EEDB | 10_2_0383EEDB |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383EE26 | 10_2_0383EE26 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03792E90 | 10_2_03792E90 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0378AD00 | 10_2_0378AD00 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0377ADE0 | 10_2_0377ADE0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0381CD1F | 10_2_0381CD1F |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03798DBF | 10_2_03798DBF |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03820CB5 | 10_2_03820CB5 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03780C00 | 10_2_03780C00 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03770CF2 | 10_2_03770CF2 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0376D34C | 10_2_0376D34C |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383132D | 10_2_0383132D |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037C739A | 10_2_037C739A |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_038212ED | 10_2_038212ED |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0379B2C0 | 10_2_0379B2C0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037852A0 | 10_2_037852A0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0376F172 | 10_2_0376F172 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037B516C | 10_2_037B516C |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0378B1B0 | 10_2_0378B1B0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0384B16B | 10_2_0384B16B |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0382F0CC | 10_2_0382F0CC |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383F0E0 | 10_2_0383F0E0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_038370E9 | 10_2_038370E9 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037870C0 | 10_2_037870C0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383F7B0 | 10_2_0383F7B0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037C5630 | 10_2_037C5630 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_038316CC | 10_2_038316CC |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0381D5B0 | 10_2_0381D5B0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_038495C3 | 10_2_038495C3 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03837571 | 10_2_03837571 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03771460 | 10_2_03771460 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383F43F | 10_2_0383F43F |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037BDBF9 | 10_2_037BDBF9 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037F5BF0 | 10_2_037F5BF0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383FB76 | 10_2_0383FB76 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0379FB80 | 10_2_0379FB80 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037F3A6C | 10_2_037F3A6C |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03821AA3 | 10_2_03821AA3 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0381DAAC | 10_2_0381DAAC |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0382DAC6 | 10_2_0382DAC6 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03837A46 | 10_2_03837A46 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383FA49 | 10_2_0383FA49 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037C5AA0 | 10_2_037C5AA0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03789950 | 10_2_03789950 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0379B950 | 10_2_0379B950 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03815910 | 10_2_03815910 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037ED800 | 10_2_037ED800 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037838E0 | 10_2_037838E0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383FFB1 | 10_2_0383FFB1 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383FF09 | 10_2_0383FF09 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03743FD5 | 10_2_03743FD5 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03743FD2 | 10_2_03743FD2 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03781F92 | 10_2_03781F92 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03789EB0 | 10_2_03789EB0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03783D40 | 10_2_03783D40 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0379FDC0 | 10_2_0379FDC0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03831D5A | 10_2_03831D5A |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03837D73 | 10_2_03837D73 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_037F9C32 | 10_2_037F9C32 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0383FCF2 | 10_2_0383FCF2 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030CDA08 | 10_2_030CDA08 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030B2FB0 | 10_2_030B2FB0 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030B9E5B | 10_2_030B9E5B |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030B9E60 | 10_2_030B9E60 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030B2D87 | 10_2_030B2D87 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_030B2D90 | 10_2_030B2D90 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0366A036 | 10_2_0366A036 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03665B32 | 10_2_03665B32 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03665B30 | 10_2_03665B30 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0366B232 | 10_2_0366B232 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03668912 | 10_2_03668912 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03661082 | 10_2_03661082 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_03662D02 | 10_2_03662D02 |
| Source: C:\Windows\SysWOW64\help.exe | Code function: 10_2_0366E5CD | 10_2_0366E5CD |
| Source: 4.2.brief nr. 001150_51_2024-11-19_134943.docx.exe.3a90000.1.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: 4.2.brief nr. 001150_51_2024-11-19_134943.docx.exe.3a90000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 4.2.brief nr. 001150_51_2024-11-19_134943.docx.exe.3a90000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 4.2.brief nr. 001150_51_2024-11-19_134943.docx.exe.3a90000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: 4.2.brief nr. 001150_51_2024-11-19_134943.docx.exe.3a90000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 4.2.brief nr. 001150_51_2024-11-19_134943.docx.exe.3a90000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: 7.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: 7.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000007.00000002.1375503521.0000000002BB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: 00000007.00000002.1375503521.0000000002BB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000002.1375503521.0000000002BB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000007.00000002.1377269448.0000000003950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: 00000007.00000002.1377269448.0000000003950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000002.1377269448.0000000003950000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000004.00000002.1304346396.0000000003A90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: 00000004.00000002.1304346396.0000000003A90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000004.00000002.1304346396.0000000003A90000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000007.00000002.1374414636.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: 00000007.00000002.1374414636.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000002.1374414636.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000A.00000002.2542765541.00000000030B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: 0000000A.00000002.2542765541.00000000030B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000A.00000002.2542765541.00000000030B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000A.00000002.2543812721.0000000003590000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: 0000000A.00000002.2543812721.0000000003590000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000A.00000002.2543812721.0000000003590000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000A.00000002.2543653526.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: 0000000A.00000002.2543653526.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000A.00000002.2543653526.0000000003550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: Process Memory Space: brief nr. 001150_51_2024-11-19_134943.docx.exe PID: 6892, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: Process Memory Space: svchost.exe PID: 5128, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: Process Memory Space: help.exe PID: 1836, type: MEMORYSTR | Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_0128B2C8 mov eax, dword ptr fs:[00000030h] | 4_2_0128B2C8 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_0128C958 mov eax, dword ptr fs:[00000030h] | 4_2_0128C958 |
| Source: C:\Users\user\Desktop\brief nr. 001150_51_2024-11-19_134943.docx.exe | Code function: 4_2_0128C8F8 mov eax, dword ptr fs:[00000030h] | 4_2_0128C8F8 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D437C mov eax, dword ptr fs:[00000030h] | 7_2_036D437C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B2349 mov eax, dword ptr fs:[00000030h] | 7_2_036B2349 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B035C mov eax, dword ptr fs:[00000030h] | 7_2_036B035C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B035C mov eax, dword ptr fs:[00000030h] | 7_2_036B035C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B035C mov eax, dword ptr fs:[00000030h] | 7_2_036B035C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B035C mov ecx, dword ptr fs:[00000030h] | 7_2_036B035C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B035C mov eax, dword ptr fs:[00000030h] | 7_2_036B035C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B035C mov eax, dword ptr fs:[00000030h] | 7_2_036B035C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FA352 mov eax, dword ptr fs:[00000030h] | 7_2_036FA352 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D8350 mov ecx, dword ptr fs:[00000030h] | 7_2_036D8350 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0370634F mov eax, dword ptr fs:[00000030h] | 7_2_0370634F |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03708324 mov eax, dword ptr fs:[00000030h] | 7_2_03708324 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03708324 mov ecx, dword ptr fs:[00000030h] | 7_2_03708324 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03708324 mov eax, dword ptr fs:[00000030h] | 7_2_03708324 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03708324 mov eax, dword ptr fs:[00000030h] | 7_2_03708324 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366A30B mov eax, dword ptr fs:[00000030h] | 7_2_0366A30B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366A30B mov eax, dword ptr fs:[00000030h] | 7_2_0366A30B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366A30B mov eax, dword ptr fs:[00000030h] | 7_2_0366A30B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362C310 mov ecx, dword ptr fs:[00000030h] | 7_2_0362C310 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03650310 mov ecx, dword ptr fs:[00000030h] | 7_2_03650310 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036403E9 mov eax, dword ptr fs:[00000030h] | 7_2_036403E9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036403E9 mov eax, dword ptr fs:[00000030h] | 7_2_036403E9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036403E9 mov eax, dword ptr fs:[00000030h] | 7_2_036403E9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036403E9 mov eax, dword ptr fs:[00000030h] | 7_2_036403E9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036403E9 mov eax, dword ptr fs:[00000030h] | 7_2_036403E9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036403E9 mov eax, dword ptr fs:[00000030h] | 7_2_036403E9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036403E9 mov eax, dword ptr fs:[00000030h] | 7_2_036403E9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036403E9 mov eax, dword ptr fs:[00000030h] | 7_2_036403E9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364E3F0 mov eax, dword ptr fs:[00000030h] | 7_2_0364E3F0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364E3F0 mov eax, dword ptr fs:[00000030h] | 7_2_0364E3F0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364E3F0 mov eax, dword ptr fs:[00000030h] | 7_2_0364E3F0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036663FF mov eax, dword ptr fs:[00000030h] | 7_2_036663FF |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036EC3CD mov eax, dword ptr fs:[00000030h] | 7_2_036EC3CD |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A3C0 mov eax, dword ptr fs:[00000030h] | 7_2_0363A3C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A3C0 mov eax, dword ptr fs:[00000030h] | 7_2_0363A3C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A3C0 mov eax, dword ptr fs:[00000030h] | 7_2_0363A3C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A3C0 mov eax, dword ptr fs:[00000030h] | 7_2_0363A3C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A3C0 mov eax, dword ptr fs:[00000030h] | 7_2_0363A3C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A3C0 mov eax, dword ptr fs:[00000030h] | 7_2_0363A3C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036383C0 mov eax, dword ptr fs:[00000030h] | 7_2_036383C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036383C0 mov eax, dword ptr fs:[00000030h] | 7_2_036383C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036383C0 mov eax, dword ptr fs:[00000030h] | 7_2_036383C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036383C0 mov eax, dword ptr fs:[00000030h] | 7_2_036383C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B63C0 mov eax, dword ptr fs:[00000030h] | 7_2_036B63C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE3DB mov eax, dword ptr fs:[00000030h] | 7_2_036DE3DB |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE3DB mov eax, dword ptr fs:[00000030h] | 7_2_036DE3DB |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE3DB mov ecx, dword ptr fs:[00000030h] | 7_2_036DE3DB |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE3DB mov eax, dword ptr fs:[00000030h] | 7_2_036DE3DB |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D43D4 mov eax, dword ptr fs:[00000030h] | 7_2_036D43D4 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D43D4 mov eax, dword ptr fs:[00000030h] | 7_2_036D43D4 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362E388 mov eax, dword ptr fs:[00000030h] | 7_2_0362E388 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362E388 mov eax, dword ptr fs:[00000030h] | 7_2_0362E388 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362E388 mov eax, dword ptr fs:[00000030h] | 7_2_0362E388 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365438F mov eax, dword ptr fs:[00000030h] | 7_2_0365438F |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365438F mov eax, dword ptr fs:[00000030h] | 7_2_0365438F |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03628397 mov eax, dword ptr fs:[00000030h] | 7_2_03628397 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03628397 mov eax, dword ptr fs:[00000030h] | 7_2_03628397 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03628397 mov eax, dword ptr fs:[00000030h] | 7_2_03628397 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03634260 mov eax, dword ptr fs:[00000030h] | 7_2_03634260 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03634260 mov eax, dword ptr fs:[00000030h] | 7_2_03634260 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03634260 mov eax, dword ptr fs:[00000030h] | 7_2_03634260 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362826B mov eax, dword ptr fs:[00000030h] | 7_2_0362826B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 mov eax, dword ptr fs:[00000030h] | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 mov eax, dword ptr fs:[00000030h] | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 mov eax, dword ptr fs:[00000030h] | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 mov eax, dword ptr fs:[00000030h] | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 mov eax, dword ptr fs:[00000030h] | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 mov eax, dword ptr fs:[00000030h] | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 mov eax, dword ptr fs:[00000030h] | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 mov eax, dword ptr fs:[00000030h] | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 mov eax, dword ptr fs:[00000030h] | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 mov eax, dword ptr fs:[00000030h] | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 mov eax, dword ptr fs:[00000030h] | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E0274 mov eax, dword ptr fs:[00000030h] | 7_2_036E0274 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B8243 mov eax, dword ptr fs:[00000030h] | 7_2_036B8243 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B8243 mov ecx, dword ptr fs:[00000030h] | 7_2_036B8243 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0370625D mov eax, dword ptr fs:[00000030h] | 7_2_0370625D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362A250 mov eax, dword ptr fs:[00000030h] | 7_2_0362A250 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03636259 mov eax, dword ptr fs:[00000030h] | 7_2_03636259 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036EA250 mov eax, dword ptr fs:[00000030h] | 7_2_036EA250 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036EA250 mov eax, dword ptr fs:[00000030h] | 7_2_036EA250 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362823B mov eax, dword ptr fs:[00000030h] | 7_2_0362823B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036402E1 mov eax, dword ptr fs:[00000030h] | 7_2_036402E1 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036402E1 mov eax, dword ptr fs:[00000030h] | 7_2_036402E1 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036402E1 mov eax, dword ptr fs:[00000030h] | 7_2_036402E1 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A2C3 mov eax, dword ptr fs:[00000030h] | 7_2_0363A2C3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A2C3 mov eax, dword ptr fs:[00000030h] | 7_2_0363A2C3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A2C3 mov eax, dword ptr fs:[00000030h] | 7_2_0363A2C3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A2C3 mov eax, dword ptr fs:[00000030h] | 7_2_0363A2C3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A2C3 mov eax, dword ptr fs:[00000030h] | 7_2_0363A2C3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_037062D6 mov eax, dword ptr fs:[00000030h] | 7_2_037062D6 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036402A0 mov eax, dword ptr fs:[00000030h] | 7_2_036402A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036402A0 mov eax, dword ptr fs:[00000030h] | 7_2_036402A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C62A0 mov eax, dword ptr fs:[00000030h] | 7_2_036C62A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C62A0 mov ecx, dword ptr fs:[00000030h] | 7_2_036C62A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C62A0 mov eax, dword ptr fs:[00000030h] | 7_2_036C62A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C62A0 mov eax, dword ptr fs:[00000030h] | 7_2_036C62A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C62A0 mov eax, dword ptr fs:[00000030h] | 7_2_036C62A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C62A0 mov eax, dword ptr fs:[00000030h] | 7_2_036C62A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E284 mov eax, dword ptr fs:[00000030h] | 7_2_0366E284 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E284 mov eax, dword ptr fs:[00000030h] | 7_2_0366E284 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B0283 mov eax, dword ptr fs:[00000030h] | 7_2_036B0283 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B0283 mov eax, dword ptr fs:[00000030h] | 7_2_036B0283 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B0283 mov eax, dword ptr fs:[00000030h] | 7_2_036B0283 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03704164 mov eax, dword ptr fs:[00000030h] | 7_2_03704164 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03704164 mov eax, dword ptr fs:[00000030h] | 7_2_03704164 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C4144 mov eax, dword ptr fs:[00000030h] | 7_2_036C4144 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C4144 mov eax, dword ptr fs:[00000030h] | 7_2_036C4144 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C4144 mov ecx, dword ptr fs:[00000030h] | 7_2_036C4144 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C4144 mov eax, dword ptr fs:[00000030h] | 7_2_036C4144 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C4144 mov eax, dword ptr fs:[00000030h] | 7_2_036C4144 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362C156 mov eax, dword ptr fs:[00000030h] | 7_2_0362C156 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C8158 mov eax, dword ptr fs:[00000030h] | 7_2_036C8158 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03636154 mov eax, dword ptr fs:[00000030h] | 7_2_03636154 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03636154 mov eax, dword ptr fs:[00000030h] | 7_2_03636154 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03660124 mov eax, dword ptr fs:[00000030h] | 7_2_03660124 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE10E mov eax, dword ptr fs:[00000030h] | 7_2_036DE10E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE10E mov ecx, dword ptr fs:[00000030h] | 7_2_036DE10E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE10E mov eax, dword ptr fs:[00000030h] | 7_2_036DE10E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE10E mov eax, dword ptr fs:[00000030h] | 7_2_036DE10E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE10E mov ecx, dword ptr fs:[00000030h] | 7_2_036DE10E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE10E mov eax, dword ptr fs:[00000030h] | 7_2_036DE10E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE10E mov eax, dword ptr fs:[00000030h] | 7_2_036DE10E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE10E mov ecx, dword ptr fs:[00000030h] | 7_2_036DE10E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE10E mov eax, dword ptr fs:[00000030h] | 7_2_036DE10E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DE10E mov ecx, dword ptr fs:[00000030h] | 7_2_036DE10E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DA118 mov ecx, dword ptr fs:[00000030h] | 7_2_036DA118 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DA118 mov eax, dword ptr fs:[00000030h] | 7_2_036DA118 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DA118 mov eax, dword ptr fs:[00000030h] | 7_2_036DA118 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DA118 mov eax, dword ptr fs:[00000030h] | 7_2_036DA118 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F0115 mov eax, dword ptr fs:[00000030h] | 7_2_036F0115 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_037061E5 mov eax, dword ptr fs:[00000030h] | 7_2_037061E5 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036601F8 mov eax, dword ptr fs:[00000030h] | 7_2_036601F8 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F61C3 mov eax, dword ptr fs:[00000030h] | 7_2_036F61C3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F61C3 mov eax, dword ptr fs:[00000030h] | 7_2_036F61C3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AE1D0 mov eax, dword ptr fs:[00000030h] | 7_2_036AE1D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AE1D0 mov eax, dword ptr fs:[00000030h] | 7_2_036AE1D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AE1D0 mov ecx, dword ptr fs:[00000030h] | 7_2_036AE1D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AE1D0 mov eax, dword ptr fs:[00000030h] | 7_2_036AE1D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AE1D0 mov eax, dword ptr fs:[00000030h] | 7_2_036AE1D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03670185 mov eax, dword ptr fs:[00000030h] | 7_2_03670185 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036EC188 mov eax, dword ptr fs:[00000030h] | 7_2_036EC188 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036EC188 mov eax, dword ptr fs:[00000030h] | 7_2_036EC188 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D4180 mov eax, dword ptr fs:[00000030h] | 7_2_036D4180 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D4180 mov eax, dword ptr fs:[00000030h] | 7_2_036D4180 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B019F mov eax, dword ptr fs:[00000030h] | 7_2_036B019F |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B019F mov eax, dword ptr fs:[00000030h] | 7_2_036B019F |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B019F mov eax, dword ptr fs:[00000030h] | 7_2_036B019F |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B019F mov eax, dword ptr fs:[00000030h] | 7_2_036B019F |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362A197 mov eax, dword ptr fs:[00000030h] | 7_2_0362A197 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362A197 mov eax, dword ptr fs:[00000030h] | 7_2_0362A197 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362A197 mov eax, dword ptr fs:[00000030h] | 7_2_0362A197 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365C073 mov eax, dword ptr fs:[00000030h] | 7_2_0365C073 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03632050 mov eax, dword ptr fs:[00000030h] | 7_2_03632050 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B6050 mov eax, dword ptr fs:[00000030h] | 7_2_036B6050 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362A020 mov eax, dword ptr fs:[00000030h] | 7_2_0362A020 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362C020 mov eax, dword ptr fs:[00000030h] | 7_2_0362C020 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C6030 mov eax, dword ptr fs:[00000030h] | 7_2_036C6030 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B4000 mov ecx, dword ptr fs:[00000030h] | 7_2_036B4000 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D2000 mov eax, dword ptr fs:[00000030h] | 7_2_036D2000 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D2000 mov eax, dword ptr fs:[00000030h] | 7_2_036D2000 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D2000 mov eax, dword ptr fs:[00000030h] | 7_2_036D2000 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D2000 mov eax, dword ptr fs:[00000030h] | 7_2_036D2000 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D2000 mov eax, dword ptr fs:[00000030h] | 7_2_036D2000 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D2000 mov eax, dword ptr fs:[00000030h] | 7_2_036D2000 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D2000 mov eax, dword ptr fs:[00000030h] | 7_2_036D2000 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D2000 mov eax, dword ptr fs:[00000030h] | 7_2_036D2000 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364E016 mov eax, dword ptr fs:[00000030h] | 7_2_0364E016 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364E016 mov eax, dword ptr fs:[00000030h] | 7_2_0364E016 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364E016 mov eax, dword ptr fs:[00000030h] | 7_2_0364E016 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364E016 mov eax, dword ptr fs:[00000030h] | 7_2_0364E016 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362A0E3 mov ecx, dword ptr fs:[00000030h] | 7_2_0362A0E3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036380E9 mov eax, dword ptr fs:[00000030h] | 7_2_036380E9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B60E0 mov eax, dword ptr fs:[00000030h] | 7_2_036B60E0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362C0F0 mov eax, dword ptr fs:[00000030h] | 7_2_0362C0F0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036720F0 mov ecx, dword ptr fs:[00000030h] | 7_2_036720F0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B20DE mov eax, dword ptr fs:[00000030h] | 7_2_036B20DE |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036280A0 mov eax, dword ptr fs:[00000030h] | 7_2_036280A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C80A8 mov eax, dword ptr fs:[00000030h] | 7_2_036C80A8 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F60B8 mov eax, dword ptr fs:[00000030h] | 7_2_036F60B8 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F60B8 mov ecx, dword ptr fs:[00000030h] | 7_2_036F60B8 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363208A mov eax, dword ptr fs:[00000030h] | 7_2_0363208A |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03638770 mov eax, dword ptr fs:[00000030h] | 7_2_03638770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 mov eax, dword ptr fs:[00000030h] | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 mov eax, dword ptr fs:[00000030h] | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 mov eax, dword ptr fs:[00000030h] | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 mov eax, dword ptr fs:[00000030h] | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 mov eax, dword ptr fs:[00000030h] | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 mov eax, dword ptr fs:[00000030h] | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 mov eax, dword ptr fs:[00000030h] | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 mov eax, dword ptr fs:[00000030h] | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 mov eax, dword ptr fs:[00000030h] | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 mov eax, dword ptr fs:[00000030h] | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 mov eax, dword ptr fs:[00000030h] | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640770 mov eax, dword ptr fs:[00000030h] | 7_2_03640770 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366674D mov esi, dword ptr fs:[00000030h] | 7_2_0366674D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366674D mov eax, dword ptr fs:[00000030h] | 7_2_0366674D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366674D mov eax, dword ptr fs:[00000030h] | 7_2_0366674D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03630750 mov eax, dword ptr fs:[00000030h] | 7_2_03630750 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036BE75D mov eax, dword ptr fs:[00000030h] | 7_2_036BE75D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672750 mov eax, dword ptr fs:[00000030h] | 7_2_03672750 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672750 mov eax, dword ptr fs:[00000030h] | 7_2_03672750 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B4755 mov eax, dword ptr fs:[00000030h] | 7_2_036B4755 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366C720 mov eax, dword ptr fs:[00000030h] | 7_2_0366C720 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366C720 mov eax, dword ptr fs:[00000030h] | 7_2_0366C720 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366273C mov eax, dword ptr fs:[00000030h] | 7_2_0366273C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366273C mov ecx, dword ptr fs:[00000030h] | 7_2_0366273C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366273C mov eax, dword ptr fs:[00000030h] | 7_2_0366273C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AC730 mov eax, dword ptr fs:[00000030h] | 7_2_036AC730 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366C700 mov eax, dword ptr fs:[00000030h] | 7_2_0366C700 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03630710 mov eax, dword ptr fs:[00000030h] | 7_2_03630710 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03660710 mov eax, dword ptr fs:[00000030h] | 7_2_03660710 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036527ED mov eax, dword ptr fs:[00000030h] | 7_2_036527ED |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036527ED mov eax, dword ptr fs:[00000030h] | 7_2_036527ED |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036527ED mov eax, dword ptr fs:[00000030h] | 7_2_036527ED |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036BE7E1 mov eax, dword ptr fs:[00000030h] | 7_2_036BE7E1 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036347FB mov eax, dword ptr fs:[00000030h] | 7_2_036347FB |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036347FB mov eax, dword ptr fs:[00000030h] | 7_2_036347FB |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363C7C0 mov eax, dword ptr fs:[00000030h] | 7_2_0363C7C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B07C3 mov eax, dword ptr fs:[00000030h] | 7_2_036B07C3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036307AF mov eax, dword ptr fs:[00000030h] | 7_2_036307AF |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E47A0 mov eax, dword ptr fs:[00000030h] | 7_2_036E47A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D678E mov eax, dword ptr fs:[00000030h] | 7_2_036D678E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F866E mov eax, dword ptr fs:[00000030h] | 7_2_036F866E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F866E mov eax, dword ptr fs:[00000030h] | 7_2_036F866E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366A660 mov eax, dword ptr fs:[00000030h] | 7_2_0366A660 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366A660 mov eax, dword ptr fs:[00000030h] | 7_2_0366A660 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03662674 mov eax, dword ptr fs:[00000030h] | 7_2_03662674 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364C640 mov eax, dword ptr fs:[00000030h] | 7_2_0364C640 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364E627 mov eax, dword ptr fs:[00000030h] | 7_2_0364E627 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03666620 mov eax, dword ptr fs:[00000030h] | 7_2_03666620 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03668620 mov eax, dword ptr fs:[00000030h] | 7_2_03668620 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363262C mov eax, dword ptr fs:[00000030h] | 7_2_0363262C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AE609 mov eax, dword ptr fs:[00000030h] | 7_2_036AE609 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364260B mov eax, dword ptr fs:[00000030h] | 7_2_0364260B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364260B mov eax, dword ptr fs:[00000030h] | 7_2_0364260B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364260B mov eax, dword ptr fs:[00000030h] | 7_2_0364260B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364260B mov eax, dword ptr fs:[00000030h] | 7_2_0364260B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364260B mov eax, dword ptr fs:[00000030h] | 7_2_0364260B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364260B mov eax, dword ptr fs:[00000030h] | 7_2_0364260B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0364260B mov eax, dword ptr fs:[00000030h] | 7_2_0364260B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03672619 mov eax, dword ptr fs:[00000030h] | 7_2_03672619 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AE6F2 mov eax, dword ptr fs:[00000030h] | 7_2_036AE6F2 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AE6F2 mov eax, dword ptr fs:[00000030h] | 7_2_036AE6F2 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AE6F2 mov eax, dword ptr fs:[00000030h] | 7_2_036AE6F2 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AE6F2 mov eax, dword ptr fs:[00000030h] | 7_2_036AE6F2 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B06F1 mov eax, dword ptr fs:[00000030h] | 7_2_036B06F1 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B06F1 mov eax, dword ptr fs:[00000030h] | 7_2_036B06F1 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366A6C7 mov ebx, dword ptr fs:[00000030h] | 7_2_0366A6C7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366A6C7 mov eax, dword ptr fs:[00000030h] | 7_2_0366A6C7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366C6A6 mov eax, dword ptr fs:[00000030h] | 7_2_0366C6A6 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036666B0 mov eax, dword ptr fs:[00000030h] | 7_2_036666B0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03634690 mov eax, dword ptr fs:[00000030h] | 7_2_03634690 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03634690 mov eax, dword ptr fs:[00000030h] | 7_2_03634690 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366656A mov eax, dword ptr fs:[00000030h] | 7_2_0366656A |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366656A mov eax, dword ptr fs:[00000030h] | 7_2_0366656A |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366656A mov eax, dword ptr fs:[00000030h] | 7_2_0366656A |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03638550 mov eax, dword ptr fs:[00000030h] | 7_2_03638550 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03638550 mov eax, dword ptr fs:[00000030h] | 7_2_03638550 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640535 mov eax, dword ptr fs:[00000030h] | 7_2_03640535 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640535 mov eax, dword ptr fs:[00000030h] | 7_2_03640535 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640535 mov eax, dword ptr fs:[00000030h] | 7_2_03640535 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640535 mov eax, dword ptr fs:[00000030h] | 7_2_03640535 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640535 mov eax, dword ptr fs:[00000030h] | 7_2_03640535 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640535 mov eax, dword ptr fs:[00000030h] | 7_2_03640535 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E53E mov eax, dword ptr fs:[00000030h] | 7_2_0365E53E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E53E mov eax, dword ptr fs:[00000030h] | 7_2_0365E53E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E53E mov eax, dword ptr fs:[00000030h] | 7_2_0365E53E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E53E mov eax, dword ptr fs:[00000030h] | 7_2_0365E53E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E53E mov eax, dword ptr fs:[00000030h] | 7_2_0365E53E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C6500 mov eax, dword ptr fs:[00000030h] | 7_2_036C6500 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03704500 mov eax, dword ptr fs:[00000030h] | 7_2_03704500 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03704500 mov eax, dword ptr fs:[00000030h] | 7_2_03704500 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03704500 mov eax, dword ptr fs:[00000030h] | 7_2_03704500 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03704500 mov eax, dword ptr fs:[00000030h] | 7_2_03704500 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03704500 mov eax, dword ptr fs:[00000030h] | 7_2_03704500 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03704500 mov eax, dword ptr fs:[00000030h] | 7_2_03704500 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03704500 mov eax, dword ptr fs:[00000030h] | 7_2_03704500 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E5E7 mov eax, dword ptr fs:[00000030h] | 7_2_0365E5E7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E5E7 mov eax, dword ptr fs:[00000030h] | 7_2_0365E5E7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E5E7 mov eax, dword ptr fs:[00000030h] | 7_2_0365E5E7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E5E7 mov eax, dword ptr fs:[00000030h] | 7_2_0365E5E7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E5E7 mov eax, dword ptr fs:[00000030h] | 7_2_0365E5E7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E5E7 mov eax, dword ptr fs:[00000030h] | 7_2_0365E5E7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E5E7 mov eax, dword ptr fs:[00000030h] | 7_2_0365E5E7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365E5E7 mov eax, dword ptr fs:[00000030h] | 7_2_0365E5E7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036325E0 mov eax, dword ptr fs:[00000030h] | 7_2_036325E0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366C5ED mov eax, dword ptr fs:[00000030h] | 7_2_0366C5ED |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366C5ED mov eax, dword ptr fs:[00000030h] | 7_2_0366C5ED |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E5CF mov eax, dword ptr fs:[00000030h] | 7_2_0366E5CF |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E5CF mov eax, dword ptr fs:[00000030h] | 7_2_0366E5CF |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036365D0 mov eax, dword ptr fs:[00000030h] | 7_2_036365D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366A5D0 mov eax, dword ptr fs:[00000030h] | 7_2_0366A5D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366A5D0 mov eax, dword ptr fs:[00000030h] | 7_2_0366A5D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B05A7 mov eax, dword ptr fs:[00000030h] | 7_2_036B05A7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B05A7 mov eax, dword ptr fs:[00000030h] | 7_2_036B05A7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B05A7 mov eax, dword ptr fs:[00000030h] | 7_2_036B05A7 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036545B1 mov eax, dword ptr fs:[00000030h] | 7_2_036545B1 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036545B1 mov eax, dword ptr fs:[00000030h] | 7_2_036545B1 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03632582 mov eax, dword ptr fs:[00000030h] | 7_2_03632582 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03632582 mov ecx, dword ptr fs:[00000030h] | 7_2_03632582 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03664588 mov eax, dword ptr fs:[00000030h] | 7_2_03664588 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E59C mov eax, dword ptr fs:[00000030h] | 7_2_0366E59C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036BC460 mov ecx, dword ptr fs:[00000030h] | 7_2_036BC460 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365A470 mov eax, dword ptr fs:[00000030h] | 7_2_0365A470 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365A470 mov eax, dword ptr fs:[00000030h] | 7_2_0365A470 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365A470 mov eax, dword ptr fs:[00000030h] | 7_2_0365A470 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E443 mov eax, dword ptr fs:[00000030h] | 7_2_0366E443 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E443 mov eax, dword ptr fs:[00000030h] | 7_2_0366E443 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E443 mov eax, dword ptr fs:[00000030h] | 7_2_0366E443 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E443 mov eax, dword ptr fs:[00000030h] | 7_2_0366E443 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E443 mov eax, dword ptr fs:[00000030h] | 7_2_0366E443 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E443 mov eax, dword ptr fs:[00000030h] | 7_2_0366E443 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E443 mov eax, dword ptr fs:[00000030h] | 7_2_0366E443 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366E443 mov eax, dword ptr fs:[00000030h] | 7_2_0366E443 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036EA456 mov eax, dword ptr fs:[00000030h] | 7_2_036EA456 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362645D mov eax, dword ptr fs:[00000030h] | 7_2_0362645D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365245A mov eax, dword ptr fs:[00000030h] | 7_2_0365245A |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362E420 mov eax, dword ptr fs:[00000030h] | 7_2_0362E420 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362E420 mov eax, dword ptr fs:[00000030h] | 7_2_0362E420 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362E420 mov eax, dword ptr fs:[00000030h] | 7_2_0362E420 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362C427 mov eax, dword ptr fs:[00000030h] | 7_2_0362C427 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B6420 mov eax, dword ptr fs:[00000030h] | 7_2_036B6420 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B6420 mov eax, dword ptr fs:[00000030h] | 7_2_036B6420 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B6420 mov eax, dword ptr fs:[00000030h] | 7_2_036B6420 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B6420 mov eax, dword ptr fs:[00000030h] | 7_2_036B6420 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B6420 mov eax, dword ptr fs:[00000030h] | 7_2_036B6420 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B6420 mov eax, dword ptr fs:[00000030h] | 7_2_036B6420 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B6420 mov eax, dword ptr fs:[00000030h] | 7_2_036B6420 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366A430 mov eax, dword ptr fs:[00000030h] | 7_2_0366A430 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03668402 mov eax, dword ptr fs:[00000030h] | 7_2_03668402 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03668402 mov eax, dword ptr fs:[00000030h] | 7_2_03668402 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03668402 mov eax, dword ptr fs:[00000030h] | 7_2_03668402 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036304E5 mov ecx, dword ptr fs:[00000030h] | 7_2_036304E5 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036364AB mov eax, dword ptr fs:[00000030h] | 7_2_036364AB |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036644B0 mov ecx, dword ptr fs:[00000030h] | 7_2_036644B0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036BA4B0 mov eax, dword ptr fs:[00000030h] | 7_2_036BA4B0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036EA49A mov eax, dword ptr fs:[00000030h] | 7_2_036EA49A |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0362CB7E mov eax, dword ptr fs:[00000030h] | 7_2_0362CB7E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E4B4B mov eax, dword ptr fs:[00000030h] | 7_2_036E4B4B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E4B4B mov eax, dword ptr fs:[00000030h] | 7_2_036E4B4B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03702B57 mov eax, dword ptr fs:[00000030h] | 7_2_03702B57 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03702B57 mov eax, dword ptr fs:[00000030h] | 7_2_03702B57 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03702B57 mov eax, dword ptr fs:[00000030h] | 7_2_03702B57 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03702B57 mov eax, dword ptr fs:[00000030h] | 7_2_03702B57 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C6B40 mov eax, dword ptr fs:[00000030h] | 7_2_036C6B40 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C6B40 mov eax, dword ptr fs:[00000030h] | 7_2_036C6B40 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FAB40 mov eax, dword ptr fs:[00000030h] | 7_2_036FAB40 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D8B42 mov eax, dword ptr fs:[00000030h] | 7_2_036D8B42 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03628B50 mov eax, dword ptr fs:[00000030h] | 7_2_03628B50 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DEB50 mov eax, dword ptr fs:[00000030h] | 7_2_036DEB50 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365EB20 mov eax, dword ptr fs:[00000030h] | 7_2_0365EB20 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365EB20 mov eax, dword ptr fs:[00000030h] | 7_2_0365EB20 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F8B28 mov eax, dword ptr fs:[00000030h] | 7_2_036F8B28 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036F8B28 mov eax, dword ptr fs:[00000030h] | 7_2_036F8B28 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03704B00 mov eax, dword ptr fs:[00000030h] | 7_2_03704B00 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AEB1D mov eax, dword ptr fs:[00000030h] | 7_2_036AEB1D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AEB1D mov eax, dword ptr fs:[00000030h] | 7_2_036AEB1D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AEB1D mov eax, dword ptr fs:[00000030h] | 7_2_036AEB1D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AEB1D mov eax, dword ptr fs:[00000030h] | 7_2_036AEB1D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AEB1D mov eax, dword ptr fs:[00000030h] | 7_2_036AEB1D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AEB1D mov eax, dword ptr fs:[00000030h] | 7_2_036AEB1D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AEB1D mov eax, dword ptr fs:[00000030h] | 7_2_036AEB1D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AEB1D mov eax, dword ptr fs:[00000030h] | 7_2_036AEB1D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AEB1D mov eax, dword ptr fs:[00000030h] | 7_2_036AEB1D |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03638BF0 mov eax, dword ptr fs:[00000030h] | 7_2_03638BF0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03638BF0 mov eax, dword ptr fs:[00000030h] | 7_2_03638BF0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03638BF0 mov eax, dword ptr fs:[00000030h] | 7_2_03638BF0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365EBFC mov eax, dword ptr fs:[00000030h] | 7_2_0365EBFC |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036BCBF0 mov eax, dword ptr fs:[00000030h] | 7_2_036BCBF0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03650BCB mov eax, dword ptr fs:[00000030h] | 7_2_03650BCB |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03650BCB mov eax, dword ptr fs:[00000030h] | 7_2_03650BCB |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03650BCB mov eax, dword ptr fs:[00000030h] | 7_2_03650BCB |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03630BCD mov eax, dword ptr fs:[00000030h] | 7_2_03630BCD |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03630BCD mov eax, dword ptr fs:[00000030h] | 7_2_03630BCD |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03630BCD mov eax, dword ptr fs:[00000030h] | 7_2_03630BCD |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DEBD0 mov eax, dword ptr fs:[00000030h] | 7_2_036DEBD0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640BBE mov eax, dword ptr fs:[00000030h] | 7_2_03640BBE |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640BBE mov eax, dword ptr fs:[00000030h] | 7_2_03640BBE |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E4BB0 mov eax, dword ptr fs:[00000030h] | 7_2_036E4BB0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036E4BB0 mov eax, dword ptr fs:[00000030h] | 7_2_036E4BB0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366CA6F mov eax, dword ptr fs:[00000030h] | 7_2_0366CA6F |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366CA6F mov eax, dword ptr fs:[00000030h] | 7_2_0366CA6F |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366CA6F mov eax, dword ptr fs:[00000030h] | 7_2_0366CA6F |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036DEA60 mov eax, dword ptr fs:[00000030h] | 7_2_036DEA60 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036ACA72 mov eax, dword ptr fs:[00000030h] | 7_2_036ACA72 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036ACA72 mov eax, dword ptr fs:[00000030h] | 7_2_036ACA72 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03636A50 mov eax, dword ptr fs:[00000030h] | 7_2_03636A50 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03636A50 mov eax, dword ptr fs:[00000030h] | 7_2_03636A50 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03636A50 mov eax, dword ptr fs:[00000030h] | 7_2_03636A50 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03636A50 mov eax, dword ptr fs:[00000030h] | 7_2_03636A50 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03636A50 mov eax, dword ptr fs:[00000030h] | 7_2_03636A50 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03636A50 mov eax, dword ptr fs:[00000030h] | 7_2_03636A50 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03636A50 mov eax, dword ptr fs:[00000030h] | 7_2_03636A50 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640A5B mov eax, dword ptr fs:[00000030h] | 7_2_03640A5B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03640A5B mov eax, dword ptr fs:[00000030h] | 7_2_03640A5B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366CA24 mov eax, dword ptr fs:[00000030h] | 7_2_0366CA24 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0365EA2E mov eax, dword ptr fs:[00000030h] | 7_2_0365EA2E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03654A35 mov eax, dword ptr fs:[00000030h] | 7_2_03654A35 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03654A35 mov eax, dword ptr fs:[00000030h] | 7_2_03654A35 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366CA38 mov eax, dword ptr fs:[00000030h] | 7_2_0366CA38 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036BCA11 mov eax, dword ptr fs:[00000030h] | 7_2_036BCA11 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366AAEE mov eax, dword ptr fs:[00000030h] | 7_2_0366AAEE |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0366AAEE mov eax, dword ptr fs:[00000030h] | 7_2_0366AAEE |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03686ACC mov eax, dword ptr fs:[00000030h] | 7_2_03686ACC |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03686ACC mov eax, dword ptr fs:[00000030h] | 7_2_03686ACC |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03686ACC mov eax, dword ptr fs:[00000030h] | 7_2_03686ACC |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03630AD0 mov eax, dword ptr fs:[00000030h] | 7_2_03630AD0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03664AD0 mov eax, dword ptr fs:[00000030h] | 7_2_03664AD0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03664AD0 mov eax, dword ptr fs:[00000030h] | 7_2_03664AD0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03638AA0 mov eax, dword ptr fs:[00000030h] | 7_2_03638AA0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03638AA0 mov eax, dword ptr fs:[00000030h] | 7_2_03638AA0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03686AA4 mov eax, dword ptr fs:[00000030h] | 7_2_03686AA4 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363EA80 mov eax, dword ptr fs:[00000030h] | 7_2_0363EA80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363EA80 mov eax, dword ptr fs:[00000030h] | 7_2_0363EA80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363EA80 mov eax, dword ptr fs:[00000030h] | 7_2_0363EA80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363EA80 mov eax, dword ptr fs:[00000030h] | 7_2_0363EA80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363EA80 mov eax, dword ptr fs:[00000030h] | 7_2_0363EA80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363EA80 mov eax, dword ptr fs:[00000030h] | 7_2_0363EA80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363EA80 mov eax, dword ptr fs:[00000030h] | 7_2_0363EA80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363EA80 mov eax, dword ptr fs:[00000030h] | 7_2_0363EA80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363EA80 mov eax, dword ptr fs:[00000030h] | 7_2_0363EA80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03704A80 mov eax, dword ptr fs:[00000030h] | 7_2_03704A80 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03668A90 mov edx, dword ptr fs:[00000030h] | 7_2_03668A90 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03656962 mov eax, dword ptr fs:[00000030h] | 7_2_03656962 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03656962 mov eax, dword ptr fs:[00000030h] | 7_2_03656962 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03656962 mov eax, dword ptr fs:[00000030h] | 7_2_03656962 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0367096E mov eax, dword ptr fs:[00000030h] | 7_2_0367096E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0367096E mov edx, dword ptr fs:[00000030h] | 7_2_0367096E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0367096E mov eax, dword ptr fs:[00000030h] | 7_2_0367096E |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D4978 mov eax, dword ptr fs:[00000030h] | 7_2_036D4978 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036D4978 mov eax, dword ptr fs:[00000030h] | 7_2_036D4978 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036BC97C mov eax, dword ptr fs:[00000030h] | 7_2_036BC97C |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B0946 mov eax, dword ptr fs:[00000030h] | 7_2_036B0946 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03704940 mov eax, dword ptr fs:[00000030h] | 7_2_03704940 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B892A mov eax, dword ptr fs:[00000030h] | 7_2_036B892A |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C892B mov eax, dword ptr fs:[00000030h] | 7_2_036C892B |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AE908 mov eax, dword ptr fs:[00000030h] | 7_2_036AE908 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036AE908 mov eax, dword ptr fs:[00000030h] | 7_2_036AE908 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036BC912 mov eax, dword ptr fs:[00000030h] | 7_2_036BC912 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03628918 mov eax, dword ptr fs:[00000030h] | 7_2_03628918 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03628918 mov eax, dword ptr fs:[00000030h] | 7_2_03628918 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036BE9E0 mov eax, dword ptr fs:[00000030h] | 7_2_036BE9E0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036629F9 mov eax, dword ptr fs:[00000030h] | 7_2_036629F9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036629F9 mov eax, dword ptr fs:[00000030h] | 7_2_036629F9 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C69C0 mov eax, dword ptr fs:[00000030h] | 7_2_036C69C0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A9D0 mov eax, dword ptr fs:[00000030h] | 7_2_0363A9D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A9D0 mov eax, dword ptr fs:[00000030h] | 7_2_0363A9D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A9D0 mov eax, dword ptr fs:[00000030h] | 7_2_0363A9D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A9D0 mov eax, dword ptr fs:[00000030h] | 7_2_0363A9D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A9D0 mov eax, dword ptr fs:[00000030h] | 7_2_0363A9D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_0363A9D0 mov eax, dword ptr fs:[00000030h] | 7_2_0363A9D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036649D0 mov eax, dword ptr fs:[00000030h] | 7_2_036649D0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036FA9D3 mov eax, dword ptr fs:[00000030h] | 7_2_036FA9D3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036429A0 mov eax, dword ptr fs:[00000030h] | 7_2_036429A0 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036309AD mov eax, dword ptr fs:[00000030h] | 7_2_036309AD |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036309AD mov eax, dword ptr fs:[00000030h] | 7_2_036309AD |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B89B3 mov esi, dword ptr fs:[00000030h] | 7_2_036B89B3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B89B3 mov eax, dword ptr fs:[00000030h] | 7_2_036B89B3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036B89B3 mov eax, dword ptr fs:[00000030h] | 7_2_036B89B3 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036BE872 mov eax, dword ptr fs:[00000030h] | 7_2_036BE872 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036BE872 mov eax, dword ptr fs:[00000030h] | 7_2_036BE872 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C6870 mov eax, dword ptr fs:[00000030h] | 7_2_036C6870 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_036C6870 mov eax, dword ptr fs:[00000030h] | 7_2_036C6870 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03642840 mov ecx, dword ptr fs:[00000030h] | 7_2_03642840 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03660854 mov eax, dword ptr fs:[00000030h] | 7_2_03660854 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03634859 mov eax, dword ptr fs:[00000030h] | 7_2_03634859 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03634859 mov eax, dword ptr fs:[00000030h] | 7_2_03634859 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03652835 mov eax, dword ptr fs:[00000030h] | 7_2_03652835 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03652835 mov eax, dword ptr fs:[00000030h] | 7_2_03652835 |
| Source: C:\Windows\SysWOW64\svchost.exe | Code function: 7_2_03652835 mov eax, dword ptr fs:[00000030h] | 7_2_03652835 |
Edit tour
brief nr. 001150_51_2024-11-19_134943.docx.exe (PID: 6892 cmdline: 
svchost.exe (PID: 5128 cmdline: 
explorer.exe (PID: 4056 cmdline: 
cmd.exe (PID: 3232 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node