Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00971120 LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetConsoleWindow,ShowWindow,LoadLibraryA,RpcMgmtEpEltInqBegin,NtCreateSection,NtMapViewOfSection,CloseHandle,CallWindowProcW, | 0_2_00971120 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0041A060 NtClose, | 2_2_0041A060 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0041A110 NtAllocateVirtualMemory, | 2_2_0041A110 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00419F30 NtCreateFile, | 2_2_00419F30 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00419FE0 NtReadFile, | 2_2_00419FE0 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0041A08A NtAllocateVirtualMemory, | 2_2_0041A08A |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00419FDA NtReadFile, | 2_2_00419FDA |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00419FDC NtReadFile, | 2_2_00419FDC |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048495D0 NtClose,LdrInitializeThunk, | 5_2_048495D0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849540 NtReadFile,LdrInitializeThunk, | 5_2_04849540 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048496D0 NtCreateKey,LdrInitializeThunk, | 5_2_048496D0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048496E0 NtFreeVirtualMemory,LdrInitializeThunk, | 5_2_048496E0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849650 NtQueryValueKey,LdrInitializeThunk, | 5_2_04849650 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849660 NtAllocateVirtualMemory,LdrInitializeThunk, | 5_2_04849660 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849780 NtMapViewOfSection,LdrInitializeThunk, | 5_2_04849780 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849FE0 NtCreateMutant,LdrInitializeThunk, | 5_2_04849FE0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849710 NtQueryInformationToken,LdrInitializeThunk, | 5_2_04849710 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849840 NtDelayExecution,LdrInitializeThunk, | 5_2_04849840 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849860 NtQuerySystemInformation,LdrInitializeThunk, | 5_2_04849860 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048499A0 NtCreateSection,LdrInitializeThunk, | 5_2_048499A0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849910 NtAdjustPrivilegesToken,LdrInitializeThunk, | 5_2_04849910 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849A50 NtCreateFile,LdrInitializeThunk, | 5_2_04849A50 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048495F0 NtQueryInformationFile, | 5_2_048495F0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849520 NtWaitForSingleObject, | 5_2_04849520 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0484AD30 NtSetContextThread, | 5_2_0484AD30 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849560 NtWriteFile, | 5_2_04849560 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849610 NtEnumerateValueKey, | 5_2_04849610 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849670 NtQueryInformationProcess, | 5_2_04849670 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048497A0 NtUnmapViewOfSection, | 5_2_048497A0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0484A710 NtOpenProcessToken, | 5_2_0484A710 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849730 NtQueryVirtualMemory, | 5_2_04849730 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849760 NtOpenProcess, | 5_2_04849760 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0484A770 NtOpenThread, | 5_2_0484A770 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849770 NtSetInformationFile, | 5_2_04849770 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048498A0 NtWriteVirtualMemory, | 5_2_048498A0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048498F0 NtReadVirtualMemory, | 5_2_048498F0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849820 NtEnumerateKey, | 5_2_04849820 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0484B040 NtSuspendThread, | 5_2_0484B040 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048499D0 NtCreateProcessEx, | 5_2_048499D0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849950 NtQueueApcThread, | 5_2_04849950 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849A80 NtOpenDirectoryObject, | 5_2_04849A80 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849A00 NtProtectVirtualMemory, | 5_2_04849A00 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849A10 NtQuerySection, | 5_2_04849A10 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849A20 NtResumeThread, | 5_2_04849A20 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0484A3B0 NtGetContextThread, | 5_2_0484A3B0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04849B00 NtSetValueKey, | 5_2_04849B00 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0074A060 NtClose, | 5_2_0074A060 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0074A110 NtAllocateVirtualMemory, | 5_2_0074A110 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_00749F30 NtCreateFile, | 5_2_00749F30 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_00749FE0 NtReadFile, | 5_2_00749FE0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0074A08A NtAllocateVirtualMemory, | 5_2_0074A08A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_00749FDC NtReadFile, | 5_2_00749FDC |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_00749FDA NtReadFile, | 5_2_00749FDA |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009881F9 | 0_2_009881F9 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009743F3 | 0_2_009743F3 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00998313 | 0_2_00998313 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009A8418 | 0_2_009A8418 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_0098845E | 0_2_0098845E |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009A8538 | 0_2_009A8538 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009886D2 | 0_2_009886D2 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00988937 | 0_2_00988937 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009A2A60 | 0_2_009A2A60 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00988B9C | 0_2_00988B9C |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00988E10 | 0_2_00988E10 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009A2F80 | 0_2_009A2F80 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009AB025 | 0_2_009AB025 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009A33B0 | 0_2_009A33B0 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009874AF | 0_2_009874AF |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009A169A | 0_2_009A169A |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009876E1 | 0_2_009876E1 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009A98F9 | 0_2_009A98F9 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00987922 | 0_2_00987922 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009A3A76 | 0_2_009A3A76 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00987B54 | 0_2_00987B54 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00987D86 | 0_2_00987D86 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00987FC7 | 0_2_00987FC7 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0040102F | 2_2_0040102F |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00401030 | 2_2_00401030 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0041D1EF | 2_2_0041D1EF |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0041E18E | 2_2_0041E18E |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0041DAA3 | 2_2_0041DAA3 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00402D87 | 2_2_00402D87 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00402D90 | 2_2_00402D90 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00409E40 | 2_2_00409E40 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00409E3C | 2_2_00409E3C |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0041D6FE | 2_2_0041D6FE |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00402FB0 | 2_2_00402FB0 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009AC1A3 | 2_2_009AC1A3 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009881F9 | 2_2_009881F9 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009743F3 | 2_2_009743F3 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00998313 | 2_2_00998313 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009A8418 | 2_2_009A8418 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0098845E | 2_2_0098845E |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009A8538 | 2_2_009A8538 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009886D2 | 2_2_009886D2 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00988937 | 2_2_00988937 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009A2A60 | 2_2_009A2A60 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00988B9C | 2_2_00988B9C |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00988E10 | 2_2_00988E10 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009A2F80 | 2_2_009A2F80 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009AB025 | 2_2_009AB025 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009A33B0 | 2_2_009A33B0 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009874AF | 2_2_009874AF |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009AB521 | 2_2_009AB521 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481841F | 5_2_0481841F |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CD466 | 5_2_048CD466 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04832581 | 5_2_04832581 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D25DD | 5_2_048D25DD |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481D5E0 | 5_2_0481D5E0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D2D07 | 5_2_048D2D07 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04800D20 | 5_2_04800D20 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D1D55 | 5_2_048D1D55 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D2EF7 | 5_2_048D2EF7 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CD616 | 5_2_048CD616 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04826E30 | 5_2_04826E30 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048DDFCE | 5_2_048DDFCE |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D1FF1 | 5_2_048D1FF1 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481B090 | 5_2_0481B090 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048320A0 | 5_2_048320A0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D20A8 | 5_2_048D20A8 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D28EC | 5_2_048D28EC |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1002 | 5_2_048C1002 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048DE824 | 5_2_048DE824 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480F900 | 5_2_0480F900 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04824120 | 5_2_04824120 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D22AE | 5_2_048D22AE |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048BFA2B | 5_2_048BFA2B |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483EBB0 | 5_2_0483EBB0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C03DA | 5_2_048C03DA |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CDBD2 | 5_2_048CDBD2 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D2B28 | 5_2_048D2B28 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0074D1EF | 5_2_0074D1EF |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0074E18E | 5_2_0074E18E |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0074DAAF | 5_2_0074DAAF |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_00732D90 | 5_2_00732D90 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_00732D87 | 5_2_00732D87 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_00739E40 | 5_2_00739E40 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_00739E3C | 5_2_00739E3C |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0074D6FE | 5_2_0074D6FE |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_00732FB0 | 5_2_00732FB0 |
Source: 00000002.00000002.283524182.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.283524182.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000005.00000002.1315254227.0000000000EA0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000005.00000002.1315254227.0000000000EA0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000005.00000002.1314348434.0000000000730000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000005.00000002.1314348434.0000000000730000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.244233732.00000000009B8000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.244233732.00000000009B8000.00000004.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.283891864.00000000013E0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.283891864.00000000013E0000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.283912769.0000000001410000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.283912769.0000000001410000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000005.00000002.1315337696.0000000000ED0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000005.00000002.1315337696.0000000000ED0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.2.inv.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.2.inv.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.inv.exe.970000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0.2.inv.exe.970000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.2.inv.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.2.inv.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009950BD mov eax, dword ptr fs:[00000030h] | 0_2_009950BD |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00971000 mov eax, dword ptr fs:[00000030h] | 0_2_00971000 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_0097B073 mov eax, dword ptr fs:[00000030h] | 0_2_0097B073 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_0099519E mov eax, dword ptr fs:[00000030h] | 0_2_0099519E |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_0097B101 mov ecx, dword ptr fs:[00000030h] | 0_2_0097B101 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00995100 mov eax, dword ptr fs:[00000030h] | 0_2_00995100 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00995143 mov eax, dword ptr fs:[00000030h] | 0_2_00995143 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009952A8 mov eax, dword ptr fs:[00000030h] | 0_2_009952A8 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_009952EC mov eax, dword ptr fs:[00000030h] | 0_2_009952EC |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_00995264 mov eax, dword ptr fs:[00000030h] | 0_2_00995264 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 0_2_0099531D mov eax, dword ptr fs:[00000030h] | 0_2_0099531D |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009950BD mov eax, dword ptr fs:[00000030h] | 2_2_009950BD |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00971000 mov eax, dword ptr fs:[00000030h] | 2_2_00971000 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0097B073 mov eax, dword ptr fs:[00000030h] | 2_2_0097B073 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0099519E mov eax, dword ptr fs:[00000030h] | 2_2_0099519E |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0097B101 mov ecx, dword ptr fs:[00000030h] | 2_2_0097B101 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00995100 mov eax, dword ptr fs:[00000030h] | 2_2_00995100 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00995143 mov eax, dword ptr fs:[00000030h] | 2_2_00995143 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009952A8 mov eax, dword ptr fs:[00000030h] | 2_2_009952A8 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_009952EC mov eax, dword ptr fs:[00000030h] | 2_2_009952EC |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_00995264 mov eax, dword ptr fs:[00000030h] | 2_2_00995264 |
Source: C:\Users\user\Desktop\inv.exe | Code function: 2_2_0099531D mov eax, dword ptr fs:[00000030h] | 2_2_0099531D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481849B mov eax, dword ptr fs:[00000030h] | 5_2_0481849B |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D8CD6 mov eax, dword ptr fs:[00000030h] | 5_2_048D8CD6 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C14FB mov eax, dword ptr fs:[00000030h] | 5_2_048C14FB |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886CF0 mov eax, dword ptr fs:[00000030h] | 5_2_04886CF0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886CF0 mov eax, dword ptr fs:[00000030h] | 5_2_04886CF0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886CF0 mov eax, dword ptr fs:[00000030h] | 5_2_04886CF0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D740D mov eax, dword ptr fs:[00000030h] | 5_2_048D740D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D740D mov eax, dword ptr fs:[00000030h] | 5_2_048D740D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D740D mov eax, dword ptr fs:[00000030h] | 5_2_048D740D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886C0A mov eax, dword ptr fs:[00000030h] | 5_2_04886C0A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886C0A mov eax, dword ptr fs:[00000030h] | 5_2_04886C0A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886C0A mov eax, dword ptr fs:[00000030h] | 5_2_04886C0A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886C0A mov eax, dword ptr fs:[00000030h] | 5_2_04886C0A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1C06 mov eax, dword ptr fs:[00000030h] | 5_2_048C1C06 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483BC2C mov eax, dword ptr fs:[00000030h] | 5_2_0483BC2C |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483A44B mov eax, dword ptr fs:[00000030h] | 5_2_0483A44B |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0489C450 mov eax, dword ptr fs:[00000030h] | 5_2_0489C450 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0489C450 mov eax, dword ptr fs:[00000030h] | 5_2_0489C450 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482746D mov eax, dword ptr fs:[00000030h] | 5_2_0482746D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04832581 mov eax, dword ptr fs:[00000030h] | 5_2_04832581 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04832581 mov eax, dword ptr fs:[00000030h] | 5_2_04832581 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04832581 mov eax, dword ptr fs:[00000030h] | 5_2_04832581 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04832581 mov eax, dword ptr fs:[00000030h] | 5_2_04832581 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04802D8A mov eax, dword ptr fs:[00000030h] | 5_2_04802D8A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04802D8A mov eax, dword ptr fs:[00000030h] | 5_2_04802D8A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04802D8A mov eax, dword ptr fs:[00000030h] | 5_2_04802D8A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04802D8A mov eax, dword ptr fs:[00000030h] | 5_2_04802D8A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04802D8A mov eax, dword ptr fs:[00000030h] | 5_2_04802D8A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483FD9B mov eax, dword ptr fs:[00000030h] | 5_2_0483FD9B |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483FD9B mov eax, dword ptr fs:[00000030h] | 5_2_0483FD9B |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D05AC mov eax, dword ptr fs:[00000030h] | 5_2_048D05AC |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D05AC mov eax, dword ptr fs:[00000030h] | 5_2_048D05AC |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048335A1 mov eax, dword ptr fs:[00000030h] | 5_2_048335A1 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04831DB5 mov eax, dword ptr fs:[00000030h] | 5_2_04831DB5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04831DB5 mov eax, dword ptr fs:[00000030h] | 5_2_04831DB5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04831DB5 mov eax, dword ptr fs:[00000030h] | 5_2_04831DB5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886DC9 mov eax, dword ptr fs:[00000030h] | 5_2_04886DC9 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886DC9 mov eax, dword ptr fs:[00000030h] | 5_2_04886DC9 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886DC9 mov eax, dword ptr fs:[00000030h] | 5_2_04886DC9 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886DC9 mov ecx, dword ptr fs:[00000030h] | 5_2_04886DC9 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886DC9 mov eax, dword ptr fs:[00000030h] | 5_2_04886DC9 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04886DC9 mov eax, dword ptr fs:[00000030h] | 5_2_04886DC9 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481D5E0 mov eax, dword ptr fs:[00000030h] | 5_2_0481D5E0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481D5E0 mov eax, dword ptr fs:[00000030h] | 5_2_0481D5E0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CFDE2 mov eax, dword ptr fs:[00000030h] | 5_2_048CFDE2 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CFDE2 mov eax, dword ptr fs:[00000030h] | 5_2_048CFDE2 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CFDE2 mov eax, dword ptr fs:[00000030h] | 5_2_048CFDE2 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CFDE2 mov eax, dword ptr fs:[00000030h] | 5_2_048CFDE2 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048B8DF1 mov eax, dword ptr fs:[00000030h] | 5_2_048B8DF1 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480AD30 mov eax, dword ptr fs:[00000030h] | 5_2_0480AD30 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04813D34 mov eax, dword ptr fs:[00000030h] | 5_2_04813D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CE539 mov eax, dword ptr fs:[00000030h] | 5_2_048CE539 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04834D3B mov eax, dword ptr fs:[00000030h] | 5_2_04834D3B |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04834D3B mov eax, dword ptr fs:[00000030h] | 5_2_04834D3B |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04834D3B mov eax, dword ptr fs:[00000030h] | 5_2_04834D3B |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D8D34 mov eax, dword ptr fs:[00000030h] | 5_2_048D8D34 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0488A537 mov eax, dword ptr fs:[00000030h] | 5_2_0488A537 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04843D43 mov eax, dword ptr fs:[00000030h] | 5_2_04843D43 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04883540 mov eax, dword ptr fs:[00000030h] | 5_2_04883540 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048B3D40 mov eax, dword ptr fs:[00000030h] | 5_2_048B3D40 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04827D50 mov eax, dword ptr fs:[00000030h] | 5_2_04827D50 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482C577 mov eax, dword ptr fs:[00000030h] | 5_2_0482C577 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482C577 mov eax, dword ptr fs:[00000030h] | 5_2_0482C577 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0489FE87 mov eax, dword ptr fs:[00000030h] | 5_2_0489FE87 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D0EA5 mov eax, dword ptr fs:[00000030h] | 5_2_048D0EA5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D0EA5 mov eax, dword ptr fs:[00000030h] | 5_2_048D0EA5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D0EA5 mov eax, dword ptr fs:[00000030h] | 5_2_048D0EA5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048846A7 mov eax, dword ptr fs:[00000030h] | 5_2_048846A7 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04848EC7 mov eax, dword ptr fs:[00000030h] | 5_2_04848EC7 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048BFEC0 mov eax, dword ptr fs:[00000030h] | 5_2_048BFEC0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048336CC mov eax, dword ptr fs:[00000030h] | 5_2_048336CC |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D8ED6 mov eax, dword ptr fs:[00000030h] | 5_2_048D8ED6 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048316E0 mov ecx, dword ptr fs:[00000030h] | 5_2_048316E0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048176E2 mov eax, dword ptr fs:[00000030h] | 5_2_048176E2 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480C600 mov eax, dword ptr fs:[00000030h] | 5_2_0480C600 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480C600 mov eax, dword ptr fs:[00000030h] | 5_2_0480C600 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480C600 mov eax, dword ptr fs:[00000030h] | 5_2_0480C600 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04838E00 mov eax, dword ptr fs:[00000030h] | 5_2_04838E00 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C1608 mov eax, dword ptr fs:[00000030h] | 5_2_048C1608 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483A61C mov eax, dword ptr fs:[00000030h] | 5_2_0483A61C |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483A61C mov eax, dword ptr fs:[00000030h] | 5_2_0483A61C |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480E620 mov eax, dword ptr fs:[00000030h] | 5_2_0480E620 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048BFE3F mov eax, dword ptr fs:[00000030h] | 5_2_048BFE3F |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04817E41 mov eax, dword ptr fs:[00000030h] | 5_2_04817E41 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04817E41 mov eax, dword ptr fs:[00000030h] | 5_2_04817E41 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04817E41 mov eax, dword ptr fs:[00000030h] | 5_2_04817E41 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04817E41 mov eax, dword ptr fs:[00000030h] | 5_2_04817E41 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04817E41 mov eax, dword ptr fs:[00000030h] | 5_2_04817E41 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04817E41 mov eax, dword ptr fs:[00000030h] | 5_2_04817E41 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CAE44 mov eax, dword ptr fs:[00000030h] | 5_2_048CAE44 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CAE44 mov eax, dword ptr fs:[00000030h] | 5_2_048CAE44 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481766D mov eax, dword ptr fs:[00000030h] | 5_2_0481766D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482AE73 mov eax, dword ptr fs:[00000030h] | 5_2_0482AE73 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482AE73 mov eax, dword ptr fs:[00000030h] | 5_2_0482AE73 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482AE73 mov eax, dword ptr fs:[00000030h] | 5_2_0482AE73 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482AE73 mov eax, dword ptr fs:[00000030h] | 5_2_0482AE73 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482AE73 mov eax, dword ptr fs:[00000030h] | 5_2_0482AE73 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04818794 mov eax, dword ptr fs:[00000030h] | 5_2_04818794 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04887794 mov eax, dword ptr fs:[00000030h] | 5_2_04887794 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04887794 mov eax, dword ptr fs:[00000030h] | 5_2_04887794 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04887794 mov eax, dword ptr fs:[00000030h] | 5_2_04887794 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048437F5 mov eax, dword ptr fs:[00000030h] | 5_2_048437F5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D070D mov eax, dword ptr fs:[00000030h] | 5_2_048D070D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D070D mov eax, dword ptr fs:[00000030h] | 5_2_048D070D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483A70E mov eax, dword ptr fs:[00000030h] | 5_2_0483A70E |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483A70E mov eax, dword ptr fs:[00000030h] | 5_2_0483A70E |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482F716 mov eax, dword ptr fs:[00000030h] | 5_2_0482F716 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0489FF10 mov eax, dword ptr fs:[00000030h] | 5_2_0489FF10 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0489FF10 mov eax, dword ptr fs:[00000030h] | 5_2_0489FF10 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04804F2E mov eax, dword ptr fs:[00000030h] | 5_2_04804F2E |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04804F2E mov eax, dword ptr fs:[00000030h] | 5_2_04804F2E |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483E730 mov eax, dword ptr fs:[00000030h] | 5_2_0483E730 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481EF40 mov eax, dword ptr fs:[00000030h] | 5_2_0481EF40 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481FF60 mov eax, dword ptr fs:[00000030h] | 5_2_0481FF60 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D8F6A mov eax, dword ptr fs:[00000030h] | 5_2_048D8F6A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04809080 mov eax, dword ptr fs:[00000030h] | 5_2_04809080 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04883884 mov eax, dword ptr fs:[00000030h] | 5_2_04883884 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04883884 mov eax, dword ptr fs:[00000030h] | 5_2_04883884 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048320A0 mov eax, dword ptr fs:[00000030h] | 5_2_048320A0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048320A0 mov eax, dword ptr fs:[00000030h] | 5_2_048320A0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048320A0 mov eax, dword ptr fs:[00000030h] | 5_2_048320A0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048320A0 mov eax, dword ptr fs:[00000030h] | 5_2_048320A0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048320A0 mov eax, dword ptr fs:[00000030h] | 5_2_048320A0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048320A0 mov eax, dword ptr fs:[00000030h] | 5_2_048320A0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048490AF mov eax, dword ptr fs:[00000030h] | 5_2_048490AF |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483F0BF mov ecx, dword ptr fs:[00000030h] | 5_2_0483F0BF |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483F0BF mov eax, dword ptr fs:[00000030h] | 5_2_0483F0BF |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483F0BF mov eax, dword ptr fs:[00000030h] | 5_2_0483F0BF |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0489B8D0 mov eax, dword ptr fs:[00000030h] | 5_2_0489B8D0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0489B8D0 mov ecx, dword ptr fs:[00000030h] | 5_2_0489B8D0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0489B8D0 mov eax, dword ptr fs:[00000030h] | 5_2_0489B8D0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0489B8D0 mov eax, dword ptr fs:[00000030h] | 5_2_0489B8D0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0489B8D0 mov eax, dword ptr fs:[00000030h] | 5_2_0489B8D0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0489B8D0 mov eax, dword ptr fs:[00000030h] | 5_2_0489B8D0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048040E1 mov eax, dword ptr fs:[00000030h] | 5_2_048040E1 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048040E1 mov eax, dword ptr fs:[00000030h] | 5_2_048040E1 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048040E1 mov eax, dword ptr fs:[00000030h] | 5_2_048040E1 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048058EC mov eax, dword ptr fs:[00000030h] | 5_2_048058EC |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D4015 mov eax, dword ptr fs:[00000030h] | 5_2_048D4015 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D4015 mov eax, dword ptr fs:[00000030h] | 5_2_048D4015 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04887016 mov eax, dword ptr fs:[00000030h] | 5_2_04887016 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04887016 mov eax, dword ptr fs:[00000030h] | 5_2_04887016 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04887016 mov eax, dword ptr fs:[00000030h] | 5_2_04887016 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481B02A mov eax, dword ptr fs:[00000030h] | 5_2_0481B02A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481B02A mov eax, dword ptr fs:[00000030h] | 5_2_0481B02A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481B02A mov eax, dword ptr fs:[00000030h] | 5_2_0481B02A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481B02A mov eax, dword ptr fs:[00000030h] | 5_2_0481B02A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483002D mov eax, dword ptr fs:[00000030h] | 5_2_0483002D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483002D mov eax, dword ptr fs:[00000030h] | 5_2_0483002D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483002D mov eax, dword ptr fs:[00000030h] | 5_2_0483002D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483002D mov eax, dword ptr fs:[00000030h] | 5_2_0483002D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483002D mov eax, dword ptr fs:[00000030h] | 5_2_0483002D |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04820050 mov eax, dword ptr fs:[00000030h] | 5_2_04820050 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04820050 mov eax, dword ptr fs:[00000030h] | 5_2_04820050 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D1074 mov eax, dword ptr fs:[00000030h] | 5_2_048D1074 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C2073 mov eax, dword ptr fs:[00000030h] | 5_2_048C2073 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482C182 mov eax, dword ptr fs:[00000030h] | 5_2_0482C182 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483A185 mov eax, dword ptr fs:[00000030h] | 5_2_0483A185 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04832990 mov eax, dword ptr fs:[00000030h] | 5_2_04832990 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048361A0 mov eax, dword ptr fs:[00000030h] | 5_2_048361A0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048361A0 mov eax, dword ptr fs:[00000030h] | 5_2_048361A0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C49A4 mov eax, dword ptr fs:[00000030h] | 5_2_048C49A4 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C49A4 mov eax, dword ptr fs:[00000030h] | 5_2_048C49A4 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C49A4 mov eax, dword ptr fs:[00000030h] | 5_2_048C49A4 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C49A4 mov eax, dword ptr fs:[00000030h] | 5_2_048C49A4 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048869A6 mov eax, dword ptr fs:[00000030h] | 5_2_048869A6 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048851BE mov eax, dword ptr fs:[00000030h] | 5_2_048851BE |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048851BE mov eax, dword ptr fs:[00000030h] | 5_2_048851BE |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048851BE mov eax, dword ptr fs:[00000030h] | 5_2_048851BE |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048851BE mov eax, dword ptr fs:[00000030h] | 5_2_048851BE |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048941E8 mov eax, dword ptr fs:[00000030h] | 5_2_048941E8 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480B1E1 mov eax, dword ptr fs:[00000030h] | 5_2_0480B1E1 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480B1E1 mov eax, dword ptr fs:[00000030h] | 5_2_0480B1E1 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480B1E1 mov eax, dword ptr fs:[00000030h] | 5_2_0480B1E1 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04809100 mov eax, dword ptr fs:[00000030h] | 5_2_04809100 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04809100 mov eax, dword ptr fs:[00000030h] | 5_2_04809100 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04809100 mov eax, dword ptr fs:[00000030h] | 5_2_04809100 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04824120 mov eax, dword ptr fs:[00000030h] | 5_2_04824120 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04824120 mov eax, dword ptr fs:[00000030h] | 5_2_04824120 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04824120 mov eax, dword ptr fs:[00000030h] | 5_2_04824120 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04824120 mov eax, dword ptr fs:[00000030h] | 5_2_04824120 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04824120 mov ecx, dword ptr fs:[00000030h] | 5_2_04824120 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483513A mov eax, dword ptr fs:[00000030h] | 5_2_0483513A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483513A mov eax, dword ptr fs:[00000030h] | 5_2_0483513A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482B944 mov eax, dword ptr fs:[00000030h] | 5_2_0482B944 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482B944 mov eax, dword ptr fs:[00000030h] | 5_2_0482B944 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480C962 mov eax, dword ptr fs:[00000030h] | 5_2_0480C962 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480B171 mov eax, dword ptr fs:[00000030h] | 5_2_0480B171 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480B171 mov eax, dword ptr fs:[00000030h] | 5_2_0480B171 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483D294 mov eax, dword ptr fs:[00000030h] | 5_2_0483D294 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483D294 mov eax, dword ptr fs:[00000030h] | 5_2_0483D294 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048052A5 mov eax, dword ptr fs:[00000030h] | 5_2_048052A5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048052A5 mov eax, dword ptr fs:[00000030h] | 5_2_048052A5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048052A5 mov eax, dword ptr fs:[00000030h] | 5_2_048052A5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048052A5 mov eax, dword ptr fs:[00000030h] | 5_2_048052A5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048052A5 mov eax, dword ptr fs:[00000030h] | 5_2_048052A5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481AAB0 mov eax, dword ptr fs:[00000030h] | 5_2_0481AAB0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0481AAB0 mov eax, dword ptr fs:[00000030h] | 5_2_0481AAB0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483FAB0 mov eax, dword ptr fs:[00000030h] | 5_2_0483FAB0 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04832ACB mov eax, dword ptr fs:[00000030h] | 5_2_04832ACB |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04832AE4 mov eax, dword ptr fs:[00000030h] | 5_2_04832AE4 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04818A0A mov eax, dword ptr fs:[00000030h] | 5_2_04818A0A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04805210 mov eax, dword ptr fs:[00000030h] | 5_2_04805210 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04805210 mov ecx, dword ptr fs:[00000030h] | 5_2_04805210 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04805210 mov eax, dword ptr fs:[00000030h] | 5_2_04805210 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04805210 mov eax, dword ptr fs:[00000030h] | 5_2_04805210 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480AA16 mov eax, dword ptr fs:[00000030h] | 5_2_0480AA16 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480AA16 mov eax, dword ptr fs:[00000030h] | 5_2_0480AA16 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CAA16 mov eax, dword ptr fs:[00000030h] | 5_2_048CAA16 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CAA16 mov eax, dword ptr fs:[00000030h] | 5_2_048CAA16 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04823A1C mov eax, dword ptr fs:[00000030h] | 5_2_04823A1C |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04844A2C mov eax, dword ptr fs:[00000030h] | 5_2_04844A2C |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04844A2C mov eax, dword ptr fs:[00000030h] | 5_2_04844A2C |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04809240 mov eax, dword ptr fs:[00000030h] | 5_2_04809240 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04809240 mov eax, dword ptr fs:[00000030h] | 5_2_04809240 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04809240 mov eax, dword ptr fs:[00000030h] | 5_2_04809240 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04809240 mov eax, dword ptr fs:[00000030h] | 5_2_04809240 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048CEA55 mov eax, dword ptr fs:[00000030h] | 5_2_048CEA55 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04894257 mov eax, dword ptr fs:[00000030h] | 5_2_04894257 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048BB260 mov eax, dword ptr fs:[00000030h] | 5_2_048BB260 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048BB260 mov eax, dword ptr fs:[00000030h] | 5_2_048BB260 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D8A62 mov eax, dword ptr fs:[00000030h] | 5_2_048D8A62 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0484927A mov eax, dword ptr fs:[00000030h] | 5_2_0484927A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C138A mov eax, dword ptr fs:[00000030h] | 5_2_048C138A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048BD380 mov ecx, dword ptr fs:[00000030h] | 5_2_048BD380 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04811B8F mov eax, dword ptr fs:[00000030h] | 5_2_04811B8F |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04811B8F mov eax, dword ptr fs:[00000030h] | 5_2_04811B8F |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0483B390 mov eax, dword ptr fs:[00000030h] | 5_2_0483B390 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04832397 mov eax, dword ptr fs:[00000030h] | 5_2_04832397 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D5BA5 mov eax, dword ptr fs:[00000030h] | 5_2_048D5BA5 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04834BAD mov eax, dword ptr fs:[00000030h] | 5_2_04834BAD |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04834BAD mov eax, dword ptr fs:[00000030h] | 5_2_04834BAD |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04834BAD mov eax, dword ptr fs:[00000030h] | 5_2_04834BAD |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048853CA mov eax, dword ptr fs:[00000030h] | 5_2_048853CA |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048853CA mov eax, dword ptr fs:[00000030h] | 5_2_048853CA |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048303E2 mov eax, dword ptr fs:[00000030h] | 5_2_048303E2 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048303E2 mov eax, dword ptr fs:[00000030h] | 5_2_048303E2 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048303E2 mov eax, dword ptr fs:[00000030h] | 5_2_048303E2 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048303E2 mov eax, dword ptr fs:[00000030h] | 5_2_048303E2 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048303E2 mov eax, dword ptr fs:[00000030h] | 5_2_048303E2 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048303E2 mov eax, dword ptr fs:[00000030h] | 5_2_048303E2 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0482DBE9 mov eax, dword ptr fs:[00000030h] | 5_2_0482DBE9 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048C131B mov eax, dword ptr fs:[00000030h] | 5_2_048C131B |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480DB40 mov eax, dword ptr fs:[00000030h] | 5_2_0480DB40 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_048D8B58 mov eax, dword ptr fs:[00000030h] | 5_2_048D8B58 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480F358 mov eax, dword ptr fs:[00000030h] | 5_2_0480F358 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_0480DB60 mov ecx, dword ptr fs:[00000030h] | 5_2_0480DB60 |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04833B7A mov eax, dword ptr fs:[00000030h] | 5_2_04833B7A |
Source: C:\Windows\SysWOW64\systray.exe | Code function: 5_2_04833B7A mov eax, dword ptr fs:[00000030h] | 5_2_04833B7A |