| Source: C:\Users\user\Desktop\20210113432.exe |
Code function: 2_2_00419D50 NtCreateFile, |
2_2_00419D50 |
| Source: C:\Users\user\Desktop\20210113432.exe |
Code function: 2_2_00419E00 NtReadFile, |
2_2_00419E00 |
| Source: C:\Users\user\Desktop\20210113432.exe |
Code function: 2_2_00419E80 NtClose, |
2_2_00419E80 |
| Source: C:\Users\user\Desktop\20210113432.exe |
Code function: 2_2_00419F30 NtAllocateVirtualMemory, |
2_2_00419F30 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949840 NtDelayExecution,LdrInitializeThunk, |
10_2_04949840 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949860 NtQuerySystemInformation,LdrInitializeThunk, |
10_2_04949860 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049499A0 NtCreateSection,LdrInitializeThunk, |
10_2_049499A0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049495D0 NtClose,LdrInitializeThunk, |
10_2_049495D0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949910 NtAdjustPrivilegesToken,LdrInitializeThunk, |
10_2_04949910 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949540 NtReadFile,LdrInitializeThunk, |
10_2_04949540 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049496D0 NtCreateKey,LdrInitializeThunk, |
10_2_049496D0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049496E0 NtFreeVirtualMemory,LdrInitializeThunk, |
10_2_049496E0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949650 NtQueryValueKey,LdrInitializeThunk, |
10_2_04949650 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949A50 NtCreateFile,LdrInitializeThunk, |
10_2_04949A50 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949660 NtAllocateVirtualMemory,LdrInitializeThunk, |
10_2_04949660 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949780 NtMapViewOfSection,LdrInitializeThunk, |
10_2_04949780 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949FE0 NtCreateMutant,LdrInitializeThunk, |
10_2_04949FE0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949710 NtQueryInformationToken,LdrInitializeThunk, |
10_2_04949710 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049498A0 NtWriteVirtualMemory, |
10_2_049498A0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049498F0 NtReadVirtualMemory, |
10_2_049498F0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949820 NtEnumerateKey, |
10_2_04949820 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0494B040 NtSuspendThread, |
10_2_0494B040 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049499D0 NtCreateProcessEx, |
10_2_049499D0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049495F0 NtQueryInformationFile, |
10_2_049495F0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0494AD30 NtSetContextThread, |
10_2_0494AD30 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949520 NtWaitForSingleObject, |
10_2_04949520 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949950 NtQueueApcThread, |
10_2_04949950 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949560 NtWriteFile, |
10_2_04949560 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949A80 NtOpenDirectoryObject, |
10_2_04949A80 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949610 NtEnumerateValueKey, |
10_2_04949610 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949A10 NtQuerySection, |
10_2_04949A10 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949A00 NtProtectVirtualMemory, |
10_2_04949A00 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949A20 NtResumeThread, |
10_2_04949A20 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949670 NtQueryInformationProcess, |
10_2_04949670 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0494A3B0 NtGetContextThread, |
10_2_0494A3B0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049497A0 NtUnmapViewOfSection, |
10_2_049497A0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0494A710 NtOpenProcessToken, |
10_2_0494A710 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949B00 NtSetValueKey, |
10_2_04949B00 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949730 NtQueryVirtualMemory, |
10_2_04949730 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949770 NtSetInformationFile, |
10_2_04949770 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0494A770 NtOpenThread, |
10_2_0494A770 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04949760 NtOpenProcess, |
10_2_04949760 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_00859D50 NtCreateFile, |
10_2_00859D50 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_00859E80 NtClose, |
10_2_00859E80 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_00859E00 NtReadFile, |
10_2_00859E00 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_00859F30 NtAllocateVirtualMemory, |
10_2_00859F30 |
| Source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000002.00000002.292282705.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000002.00000002.292860797.0000000000FA0000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000002.00000002.292893509.0000000000FD0000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000A.00000002.608235270.0000000000D60000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000A.00000002.608474774.0000000000D90000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000000.00000002.255709550.0000000003E39000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000A.00000002.606729919.0000000000840000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 2.2.20210113432.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 2.2.20210113432.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 2.2.20210113432.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 2.2.20210113432.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: UPDATE [dbo].[Customer] SET [Address] = @Address, [Postal_Code] = @Postal_Code, [Country] = @Country, [C_ID] = @C_ID, [C_City] = @C_City, [C_Phone] = @C_Phone WHERE (((@IsNull_Address = 1 AND [Address] IS NULL) OR ([Address] = @Original_Address)) AND ((@IsNull_Postal_Code = 1 AND [Postal_Code] IS NULL) OR ([Postal_Code] = @Original_Postal_Code)) AND ((@IsNull_Country = 1 AND [Country] IS NULL) OR ([Country] = @Original_Country)) AND ([C_ID] = @Original_C_ID) AND ((@IsNull_C_City = 1 AND [C_City] IS NULL) OR ([C_City] = @Original_C_City)) AND ((@IsNull_C_Phone = 1 AND [C_Phone] IS NULL) OR ([C_Phone] = @Original_C_Phone))); |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: INSERT INTO [dbo].[Invoice] ([C_ID], [INV_ID], [M_ID], [Services_Cost], [Inv_Date], [Electr_Cost], [Water_Cost], [Total_Cost]) VALUES (@C_ID, @INV_ID, @M_ID, @Services_Cost, @Inv_Date, @Electr_Cost, @Water_Cost, @Total_Cost); |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: INSERT INTO [dbo].[Payment_Method] ([M_ID], [Method]) VALUES (@M_ID, @Method); |
| Source: 20210113432.exe |
Binary or memory string: INSERT INTO [dbo].[Room_Type] ([TYPE_ID], [Name], [Description]) VALUES (@TYPE_ID, @Name, @Description); SELECT TYPE_ID, Name, Des |
| Source: 20210113432.exe |
Binary or memory string: INSERT INTO [dbo].[Payment_Method] ([M_ID], [Method]) VALUES (@M_ID, @Method); SELECT M_ID, Method FROM Payment_Method WHERE (M_ID |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: INSERT INTO [dbo].[Services] ([Price], [Name], [Description], [Serv_Date], [S_ID]) VALUES (@Price, @Name, @Description, @Serv_Date, @S_ID); |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: INSERT INTO [dbo].[Customer] ([Address], [Postal_Code], [Country], [C_ID], [C_City], [C_Phone]) VALUES (@Address, @Postal_Code, @Country, @C_ID, @C_City, @C_Phone); |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: UPDATE [dbo].[Invoice] SET [C_ID] = @C_ID, [INV_ID] = @INV_ID, [M_ID] = @M_ID, [Services_Cost] = @Services_Cost, [Inv_Date] = @Inv_Date, [Electr_Cost] = @Electr_Cost, [Water_Cost] = @Water_Cost, [Total_Cost] = @Total_Cost WHERE (((@IsNull_C_ID = 1 AND [C_ID] IS NULL) OR ([C_ID] = @Original_C_ID)) AND ([INV_ID] = @Original_INV_ID) AND ((@IsNull_M_ID = 1 AND [M_ID] IS NULL) OR ([M_ID] = @Original_M_ID)) AND ((@IsNull_Services_Cost = 1 AND [Services_Cost] IS NULL) OR ([Services_Cost] = @Original_Services_Cost)) AND ((@IsNull_Inv_Date = 1 AND [Inv_Date] IS NULL) OR ([Inv_Date] = @Original_Inv_Date)) AND ((@IsNull_Electr_Cost = 1 AND [Electr_Cost] IS NULL) OR ([Electr_Cost] = @Original_Electr_Cost)) AND ((@IsNull_Water_Cost = 1 AND [Water_Cost] IS NULL) OR ([Water_Cost] = @Original_Water_Cost)) AND ((@IsNull_Total_Cost = 1 AND [Total_Cost] IS NULL) OR ([Total_Cost] = @Original_Total_Cost))); |
| Source: 20210113432.exe |
Binary or memory string: INSERT INTO [dbo].[Person] ([First_Name], [Last_Name], [SIN]) VALUES (@First_Name, @Last_Name, @SIN); SELECT First_Name, Last_Name |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: UPDATE [dbo].[Person] SET [First_Name] = @First_Name, [Last_Name] = @Last_Name, [SIN] = @SIN WHERE (((@IsNull_First_Name = 1 AND [First_Name] IS NULL) OR ([First_Name] = @Original_First_Name)) AND ((@IsNull_Last_Name = 1 AND [Last_Name] IS NULL) OR ([Last_Name] = @Original_Last_Name)) AND ([SIN] = @Original_SIN)); |
| Source: 20210113432.exe |
Binary or memory string: INSERT INTO [dbo].[Employee] ([E_ID], [Position]) VALUES (@E_ID, @Position); SELECT E_ID, Position FROM Employee WHERE (E_ID = @E_ |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: INSERT INTO [dbo].[Employee] ([E_ID], [Position]) VALUES (@E_ID, @Position); |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: UPDATE [dbo].[Payment_Method] SET [M_ID] = @M_ID, [Method] = @Method WHERE (([M_ID] = @Original_M_ID) AND ((@IsNull_Method = 1 AND [Method] IS NULL) OR ([Method] = @Original_Method))); |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: UPDATE [dbo].[Rooms] SET [R_ID] = @R_ID, [Price] = @Price, [Smoking_Allowed] = @Smoking_Allowed, [Description] = @Description, [Num_Of_Beds] = @Num_Of_Beds, [Floor] = @Floor WHERE (([R_ID] = @Original_R_ID) AND ((@IsNull_Price = 1 AND [Price] IS NULL) OR ([Price] = @Original_Price)) AND ((@IsNull_Smoking_Allowed = 1 AND [Smoking_Allowed] IS NULL) OR ([Smoking_Allowed] = @Original_Smoking_Allowed)) AND ((@IsNull_Description = 1 AND [Description] IS NULL) OR ([Description] = @Original_Description)) AND ((@IsNull_Num_Of_Beds = 1 AND [Num_Of_Beds] IS NULL) OR ([Num_Of_Beds] = @Original_Num_Of_Beds)) AND ((@IsNull_Floor = 1 AND [Floor] IS NULL) OR ([Floor] = @Original_Floor))); |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: UPDATE [dbo].[Room_Type] SET [TYPE_ID] = @TYPE_ID, [Name] = @Name, [Description] = @Description WHERE (([TYPE_ID] = @Original_TYPE_ID) AND ((@IsNull_Name = 1 AND [Name] IS NULL) OR ([Name] = @Original_Name)) AND ((@IsNull_Description = 1 AND [Description] IS NULL) OR ([Description] = @Original_Description))); |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: UPDATE [dbo].[Reservation] SET [C_ID] = @C_ID, [Date] = @Date, [RES_ID] = @RES_ID, [R_ID] = @R_ID, [Check_Out_Time] = @Check_Out_Time, [Check_In_Time] = @Check_In_Time WHERE (((@IsNull_C_ID = 1 AND [C_ID] IS NULL) OR ([C_ID] = @Original_C_ID)) AND ((@IsNull_Date = 1 AND [Date] IS NULL) OR ([Date] = @Original_Date)) AND ([RES_ID] = @Original_RES_ID) AND ((@IsNull_R_ID = 1 AND [R_ID] IS NULL) OR ([R_ID] = @Original_R_ID)) AND ((@IsNull_Check_Out_Time = 1 AND [Check_Out_Time] IS NULL) OR ([Check_Out_Time] = @Original_Check_Out_Time)) AND ((@IsNull_Check_In_Time = 1 AND [Check_In_Time] IS NULL) OR ([Check_In_Time] = @Original_Check_In_Time))); |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: UPDATE [dbo].[Employee] SET [E_ID] = @E_ID, [Position] = @Position WHERE (([E_ID] = @Original_E_ID) AND ((@IsNull_Position = 1 AND [Position] IS NULL) OR ([Position] = @Original_Position))); |
| Source: 20210113432.exe, 00000000.00000002.253951343.0000000000922000.00000002.00020000.sdmp, 20210113432.exe, 00000002.00000002.292323607.0000000000942000.00000002.00020000.sdmp |
Binary or memory string: UPDATE [dbo].[Services] SET [Price] = @Price, [Name] = @Name, [Description] = @Description, [Serv_Date] = @Serv_Date, [S_ID] = @S_ID WHERE (((@IsNull_Price = 1 AND [Price] IS NULL) OR ([Price] = @Original_Price)) AND ((@IsNull_Name = 1 AND [Name] IS NULL) OR ([Name] = @Original_Name)) AND ((@IsNull_Description = 1 AND [Description] IS NULL) OR ([Description] = @Original_Description)) AND ((@IsNull_Serv_Date = 1 AND [Serv_Date] IS NULL) OR ([Serv_Date] = @Original_Serv_Date)) AND ([S_ID] = @Original_S_ID)); |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0491849B mov eax, dword ptr fs:[00000030h] |
10_2_0491849B |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04909080 mov eax, dword ptr fs:[00000030h] |
10_2_04909080 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04983884 mov eax, dword ptr fs:[00000030h] |
10_2_04983884 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04983884 mov eax, dword ptr fs:[00000030h] |
10_2_04983884 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493F0BF mov ecx, dword ptr fs:[00000030h] |
10_2_0493F0BF |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493F0BF mov eax, dword ptr fs:[00000030h] |
10_2_0493F0BF |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493F0BF mov eax, dword ptr fs:[00000030h] |
10_2_0493F0BF |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049320A0 mov eax, dword ptr fs:[00000030h] |
10_2_049320A0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049320A0 mov eax, dword ptr fs:[00000030h] |
10_2_049320A0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049320A0 mov eax, dword ptr fs:[00000030h] |
10_2_049320A0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049320A0 mov eax, dword ptr fs:[00000030h] |
10_2_049320A0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049320A0 mov eax, dword ptr fs:[00000030h] |
10_2_049320A0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049320A0 mov eax, dword ptr fs:[00000030h] |
10_2_049320A0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049490AF mov eax, dword ptr fs:[00000030h] |
10_2_049490AF |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0499B8D0 mov eax, dword ptr fs:[00000030h] |
10_2_0499B8D0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0499B8D0 mov ecx, dword ptr fs:[00000030h] |
10_2_0499B8D0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0499B8D0 mov eax, dword ptr fs:[00000030h] |
10_2_0499B8D0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0499B8D0 mov eax, dword ptr fs:[00000030h] |
10_2_0499B8D0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0499B8D0 mov eax, dword ptr fs:[00000030h] |
10_2_0499B8D0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0499B8D0 mov eax, dword ptr fs:[00000030h] |
10_2_0499B8D0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D8CD6 mov eax, dword ptr fs:[00000030h] |
10_2_049D8CD6 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C14FB mov eax, dword ptr fs:[00000030h] |
10_2_049C14FB |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986CF0 mov eax, dword ptr fs:[00000030h] |
10_2_04986CF0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986CF0 mov eax, dword ptr fs:[00000030h] |
10_2_04986CF0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986CF0 mov eax, dword ptr fs:[00000030h] |
10_2_04986CF0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049058EC mov eax, dword ptr fs:[00000030h] |
10_2_049058EC |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D4015 mov eax, dword ptr fs:[00000030h] |
10_2_049D4015 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D4015 mov eax, dword ptr fs:[00000030h] |
10_2_049D4015 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04987016 mov eax, dword ptr fs:[00000030h] |
10_2_04987016 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04987016 mov eax, dword ptr fs:[00000030h] |
10_2_04987016 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04987016 mov eax, dword ptr fs:[00000030h] |
10_2_04987016 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D740D mov eax, dword ptr fs:[00000030h] |
10_2_049D740D |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D740D mov eax, dword ptr fs:[00000030h] |
10_2_049D740D |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D740D mov eax, dword ptr fs:[00000030h] |
10_2_049D740D |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986C0A mov eax, dword ptr fs:[00000030h] |
10_2_04986C0A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986C0A mov eax, dword ptr fs:[00000030h] |
10_2_04986C0A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986C0A mov eax, dword ptr fs:[00000030h] |
10_2_04986C0A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986C0A mov eax, dword ptr fs:[00000030h] |
10_2_04986C0A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
10_2_049C1C06 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0491B02A mov eax, dword ptr fs:[00000030h] |
10_2_0491B02A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0491B02A mov eax, dword ptr fs:[00000030h] |
10_2_0491B02A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0491B02A mov eax, dword ptr fs:[00000030h] |
10_2_0491B02A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0491B02A mov eax, dword ptr fs:[00000030h] |
10_2_0491B02A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493002D mov eax, dword ptr fs:[00000030h] |
10_2_0493002D |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493002D mov eax, dword ptr fs:[00000030h] |
10_2_0493002D |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493002D mov eax, dword ptr fs:[00000030h] |
10_2_0493002D |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493002D mov eax, dword ptr fs:[00000030h] |
10_2_0493002D |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493002D mov eax, dword ptr fs:[00000030h] |
10_2_0493002D |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493BC2C mov eax, dword ptr fs:[00000030h] |
10_2_0493BC2C |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04920050 mov eax, dword ptr fs:[00000030h] |
10_2_04920050 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04920050 mov eax, dword ptr fs:[00000030h] |
10_2_04920050 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0499C450 mov eax, dword ptr fs:[00000030h] |
10_2_0499C450 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0499C450 mov eax, dword ptr fs:[00000030h] |
10_2_0499C450 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493A44B mov eax, dword ptr fs:[00000030h] |
10_2_0493A44B |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D1074 mov eax, dword ptr fs:[00000030h] |
10_2_049D1074 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C2073 mov eax, dword ptr fs:[00000030h] |
10_2_049C2073 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492746D mov eax, dword ptr fs:[00000030h] |
10_2_0492746D |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04932990 mov eax, dword ptr fs:[00000030h] |
10_2_04932990 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493FD9B mov eax, dword ptr fs:[00000030h] |
10_2_0493FD9B |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493FD9B mov eax, dword ptr fs:[00000030h] |
10_2_0493FD9B |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492C182 mov eax, dword ptr fs:[00000030h] |
10_2_0492C182 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04932581 mov eax, dword ptr fs:[00000030h] |
10_2_04932581 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04932581 mov eax, dword ptr fs:[00000030h] |
10_2_04932581 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04932581 mov eax, dword ptr fs:[00000030h] |
10_2_04932581 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04932581 mov eax, dword ptr fs:[00000030h] |
10_2_04932581 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493A185 mov eax, dword ptr fs:[00000030h] |
10_2_0493A185 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04902D8A mov eax, dword ptr fs:[00000030h] |
10_2_04902D8A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04902D8A mov eax, dword ptr fs:[00000030h] |
10_2_04902D8A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04902D8A mov eax, dword ptr fs:[00000030h] |
10_2_04902D8A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04902D8A mov eax, dword ptr fs:[00000030h] |
10_2_04902D8A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04902D8A mov eax, dword ptr fs:[00000030h] |
10_2_04902D8A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04931DB5 mov eax, dword ptr fs:[00000030h] |
10_2_04931DB5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04931DB5 mov eax, dword ptr fs:[00000030h] |
10_2_04931DB5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04931DB5 mov eax, dword ptr fs:[00000030h] |
10_2_04931DB5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049851BE mov eax, dword ptr fs:[00000030h] |
10_2_049851BE |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049851BE mov eax, dword ptr fs:[00000030h] |
10_2_049851BE |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049851BE mov eax, dword ptr fs:[00000030h] |
10_2_049851BE |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049851BE mov eax, dword ptr fs:[00000030h] |
10_2_049851BE |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D05AC mov eax, dword ptr fs:[00000030h] |
10_2_049D05AC |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D05AC mov eax, dword ptr fs:[00000030h] |
10_2_049D05AC |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049335A1 mov eax, dword ptr fs:[00000030h] |
10_2_049335A1 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049361A0 mov eax, dword ptr fs:[00000030h] |
10_2_049361A0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049361A0 mov eax, dword ptr fs:[00000030h] |
10_2_049361A0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049869A6 mov eax, dword ptr fs:[00000030h] |
10_2_049869A6 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986DC9 mov eax, dword ptr fs:[00000030h] |
10_2_04986DC9 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986DC9 mov eax, dword ptr fs:[00000030h] |
10_2_04986DC9 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986DC9 mov eax, dword ptr fs:[00000030h] |
10_2_04986DC9 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986DC9 mov ecx, dword ptr fs:[00000030h] |
10_2_04986DC9 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986DC9 mov eax, dword ptr fs:[00000030h] |
10_2_04986DC9 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04986DC9 mov eax, dword ptr fs:[00000030h] |
10_2_04986DC9 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049B8DF1 mov eax, dword ptr fs:[00000030h] |
10_2_049B8DF1 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490B1E1 mov eax, dword ptr fs:[00000030h] |
10_2_0490B1E1 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490B1E1 mov eax, dword ptr fs:[00000030h] |
10_2_0490B1E1 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490B1E1 mov eax, dword ptr fs:[00000030h] |
10_2_0490B1E1 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049941E8 mov eax, dword ptr fs:[00000030h] |
10_2_049941E8 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0491D5E0 mov eax, dword ptr fs:[00000030h] |
10_2_0491D5E0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0491D5E0 mov eax, dword ptr fs:[00000030h] |
10_2_0491D5E0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049CFDE2 mov eax, dword ptr fs:[00000030h] |
10_2_049CFDE2 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049CFDE2 mov eax, dword ptr fs:[00000030h] |
10_2_049CFDE2 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049CFDE2 mov eax, dword ptr fs:[00000030h] |
10_2_049CFDE2 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049CFDE2 mov eax, dword ptr fs:[00000030h] |
10_2_049CFDE2 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04909100 mov eax, dword ptr fs:[00000030h] |
10_2_04909100 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04909100 mov eax, dword ptr fs:[00000030h] |
10_2_04909100 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04909100 mov eax, dword ptr fs:[00000030h] |
10_2_04909100 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490AD30 mov eax, dword ptr fs:[00000030h] |
10_2_0490AD30 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04913D34 mov eax, dword ptr fs:[00000030h] |
10_2_04913D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049CE539 mov eax, dword ptr fs:[00000030h] |
10_2_049CE539 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04934D3B mov eax, dword ptr fs:[00000030h] |
10_2_04934D3B |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04934D3B mov eax, dword ptr fs:[00000030h] |
10_2_04934D3B |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04934D3B mov eax, dword ptr fs:[00000030h] |
10_2_04934D3B |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D8D34 mov eax, dword ptr fs:[00000030h] |
10_2_049D8D34 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493513A mov eax, dword ptr fs:[00000030h] |
10_2_0493513A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493513A mov eax, dword ptr fs:[00000030h] |
10_2_0493513A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0498A537 mov eax, dword ptr fs:[00000030h] |
10_2_0498A537 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04924120 mov eax, dword ptr fs:[00000030h] |
10_2_04924120 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04924120 mov eax, dword ptr fs:[00000030h] |
10_2_04924120 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04924120 mov eax, dword ptr fs:[00000030h] |
10_2_04924120 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04924120 mov eax, dword ptr fs:[00000030h] |
10_2_04924120 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04924120 mov ecx, dword ptr fs:[00000030h] |
10_2_04924120 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04927D50 mov eax, dword ptr fs:[00000030h] |
10_2_04927D50 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492B944 mov eax, dword ptr fs:[00000030h] |
10_2_0492B944 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492B944 mov eax, dword ptr fs:[00000030h] |
10_2_0492B944 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04943D43 mov eax, dword ptr fs:[00000030h] |
10_2_04943D43 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04983540 mov eax, dword ptr fs:[00000030h] |
10_2_04983540 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490B171 mov eax, dword ptr fs:[00000030h] |
10_2_0490B171 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490B171 mov eax, dword ptr fs:[00000030h] |
10_2_0490B171 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492C577 mov eax, dword ptr fs:[00000030h] |
10_2_0492C577 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492C577 mov eax, dword ptr fs:[00000030h] |
10_2_0492C577 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490C962 mov eax, dword ptr fs:[00000030h] |
10_2_0490C962 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493D294 mov eax, dword ptr fs:[00000030h] |
10_2_0493D294 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493D294 mov eax, dword ptr fs:[00000030h] |
10_2_0493D294 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0499FE87 mov eax, dword ptr fs:[00000030h] |
10_2_0499FE87 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0491AAB0 mov eax, dword ptr fs:[00000030h] |
10_2_0491AAB0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0491AAB0 mov eax, dword ptr fs:[00000030h] |
10_2_0491AAB0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493FAB0 mov eax, dword ptr fs:[00000030h] |
10_2_0493FAB0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049052A5 mov eax, dword ptr fs:[00000030h] |
10_2_049052A5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049052A5 mov eax, dword ptr fs:[00000030h] |
10_2_049052A5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049052A5 mov eax, dword ptr fs:[00000030h] |
10_2_049052A5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049052A5 mov eax, dword ptr fs:[00000030h] |
10_2_049052A5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049052A5 mov eax, dword ptr fs:[00000030h] |
10_2_049052A5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D0EA5 mov eax, dword ptr fs:[00000030h] |
10_2_049D0EA5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D0EA5 mov eax, dword ptr fs:[00000030h] |
10_2_049D0EA5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D0EA5 mov eax, dword ptr fs:[00000030h] |
10_2_049D0EA5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049846A7 mov eax, dword ptr fs:[00000030h] |
10_2_049846A7 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D8ED6 mov eax, dword ptr fs:[00000030h] |
10_2_049D8ED6 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04948EC7 mov eax, dword ptr fs:[00000030h] |
10_2_04948EC7 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04932ACB mov eax, dword ptr fs:[00000030h] |
10_2_04932ACB |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049BFEC0 mov eax, dword ptr fs:[00000030h] |
10_2_049BFEC0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049336CC mov eax, dword ptr fs:[00000030h] |
10_2_049336CC |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049316E0 mov ecx, dword ptr fs:[00000030h] |
10_2_049316E0 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049176E2 mov eax, dword ptr fs:[00000030h] |
10_2_049176E2 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04932AE4 mov eax, dword ptr fs:[00000030h] |
10_2_04932AE4 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04905210 mov eax, dword ptr fs:[00000030h] |
10_2_04905210 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04905210 mov ecx, dword ptr fs:[00000030h] |
10_2_04905210 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04905210 mov eax, dword ptr fs:[00000030h] |
10_2_04905210 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04905210 mov eax, dword ptr fs:[00000030h] |
10_2_04905210 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490AA16 mov eax, dword ptr fs:[00000030h] |
10_2_0490AA16 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490AA16 mov eax, dword ptr fs:[00000030h] |
10_2_0490AA16 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04923A1C mov eax, dword ptr fs:[00000030h] |
10_2_04923A1C |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493A61C mov eax, dword ptr fs:[00000030h] |
10_2_0493A61C |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493A61C mov eax, dword ptr fs:[00000030h] |
10_2_0493A61C |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490C600 mov eax, dword ptr fs:[00000030h] |
10_2_0490C600 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490C600 mov eax, dword ptr fs:[00000030h] |
10_2_0490C600 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490C600 mov eax, dword ptr fs:[00000030h] |
10_2_0490C600 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04938E00 mov eax, dword ptr fs:[00000030h] |
10_2_04938E00 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C1608 mov eax, dword ptr fs:[00000030h] |
10_2_049C1608 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04918A0A mov eax, dword ptr fs:[00000030h] |
10_2_04918A0A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049BFE3F mov eax, dword ptr fs:[00000030h] |
10_2_049BFE3F |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490E620 mov eax, dword ptr fs:[00000030h] |
10_2_0490E620 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04944A2C mov eax, dword ptr fs:[00000030h] |
10_2_04944A2C |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04944A2C mov eax, dword ptr fs:[00000030h] |
10_2_04944A2C |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049CEA55 mov eax, dword ptr fs:[00000030h] |
10_2_049CEA55 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04994257 mov eax, dword ptr fs:[00000030h] |
10_2_04994257 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04909240 mov eax, dword ptr fs:[00000030h] |
10_2_04909240 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04909240 mov eax, dword ptr fs:[00000030h] |
10_2_04909240 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04909240 mov eax, dword ptr fs:[00000030h] |
10_2_04909240 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04909240 mov eax, dword ptr fs:[00000030h] |
10_2_04909240 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04917E41 mov eax, dword ptr fs:[00000030h] |
10_2_04917E41 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04917E41 mov eax, dword ptr fs:[00000030h] |
10_2_04917E41 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04917E41 mov eax, dword ptr fs:[00000030h] |
10_2_04917E41 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04917E41 mov eax, dword ptr fs:[00000030h] |
10_2_04917E41 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04917E41 mov eax, dword ptr fs:[00000030h] |
10_2_04917E41 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04917E41 mov eax, dword ptr fs:[00000030h] |
10_2_04917E41 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049CAE44 mov eax, dword ptr fs:[00000030h] |
10_2_049CAE44 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049CAE44 mov eax, dword ptr fs:[00000030h] |
10_2_049CAE44 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492AE73 mov eax, dword ptr fs:[00000030h] |
10_2_0492AE73 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492AE73 mov eax, dword ptr fs:[00000030h] |
10_2_0492AE73 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492AE73 mov eax, dword ptr fs:[00000030h] |
10_2_0492AE73 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492AE73 mov eax, dword ptr fs:[00000030h] |
10_2_0492AE73 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492AE73 mov eax, dword ptr fs:[00000030h] |
10_2_0492AE73 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0494927A mov eax, dword ptr fs:[00000030h] |
10_2_0494927A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049BB260 mov eax, dword ptr fs:[00000030h] |
10_2_049BB260 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049BB260 mov eax, dword ptr fs:[00000030h] |
10_2_049BB260 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0491766D mov eax, dword ptr fs:[00000030h] |
10_2_0491766D |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D8A62 mov eax, dword ptr fs:[00000030h] |
10_2_049D8A62 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493B390 mov eax, dword ptr fs:[00000030h] |
10_2_0493B390 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04932397 mov eax, dword ptr fs:[00000030h] |
10_2_04932397 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04918794 mov eax, dword ptr fs:[00000030h] |
10_2_04918794 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04987794 mov eax, dword ptr fs:[00000030h] |
10_2_04987794 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04987794 mov eax, dword ptr fs:[00000030h] |
10_2_04987794 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04987794 mov eax, dword ptr fs:[00000030h] |
10_2_04987794 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C138A mov eax, dword ptr fs:[00000030h] |
10_2_049C138A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049BD380 mov ecx, dword ptr fs:[00000030h] |
10_2_049BD380 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04911B8F mov eax, dword ptr fs:[00000030h] |
10_2_04911B8F |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04911B8F mov eax, dword ptr fs:[00000030h] |
10_2_04911B8F |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D5BA5 mov eax, dword ptr fs:[00000030h] |
10_2_049D5BA5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04934BAD mov eax, dword ptr fs:[00000030h] |
10_2_04934BAD |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04934BAD mov eax, dword ptr fs:[00000030h] |
10_2_04934BAD |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04934BAD mov eax, dword ptr fs:[00000030h] |
10_2_04934BAD |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049853CA mov eax, dword ptr fs:[00000030h] |
10_2_049853CA |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049853CA mov eax, dword ptr fs:[00000030h] |
10_2_049853CA |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049437F5 mov eax, dword ptr fs:[00000030h] |
10_2_049437F5 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049303E2 mov eax, dword ptr fs:[00000030h] |
10_2_049303E2 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049303E2 mov eax, dword ptr fs:[00000030h] |
10_2_049303E2 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049303E2 mov eax, dword ptr fs:[00000030h] |
10_2_049303E2 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049303E2 mov eax, dword ptr fs:[00000030h] |
10_2_049303E2 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049303E2 mov eax, dword ptr fs:[00000030h] |
10_2_049303E2 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049303E2 mov eax, dword ptr fs:[00000030h] |
10_2_049303E2 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492DBE9 mov eax, dword ptr fs:[00000030h] |
10_2_0492DBE9 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0492F716 mov eax, dword ptr fs:[00000030h] |
10_2_0492F716 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049C131B mov eax, dword ptr fs:[00000030h] |
10_2_049C131B |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0499FF10 mov eax, dword ptr fs:[00000030h] |
10_2_0499FF10 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0499FF10 mov eax, dword ptr fs:[00000030h] |
10_2_0499FF10 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D070D mov eax, dword ptr fs:[00000030h] |
10_2_049D070D |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D070D mov eax, dword ptr fs:[00000030h] |
10_2_049D070D |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493A70E mov eax, dword ptr fs:[00000030h] |
10_2_0493A70E |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493A70E mov eax, dword ptr fs:[00000030h] |
10_2_0493A70E |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0493E730 mov eax, dword ptr fs:[00000030h] |
10_2_0493E730 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04904F2E mov eax, dword ptr fs:[00000030h] |
10_2_04904F2E |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04904F2E mov eax, dword ptr fs:[00000030h] |
10_2_04904F2E |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D8B58 mov eax, dword ptr fs:[00000030h] |
10_2_049D8B58 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490F358 mov eax, dword ptr fs:[00000030h] |
10_2_0490F358 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490DB40 mov eax, dword ptr fs:[00000030h] |
10_2_0490DB40 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0491EF40 mov eax, dword ptr fs:[00000030h] |
10_2_0491EF40 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04933B7A mov eax, dword ptr fs:[00000030h] |
10_2_04933B7A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_04933B7A mov eax, dword ptr fs:[00000030h] |
10_2_04933B7A |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0490DB60 mov ecx, dword ptr fs:[00000030h] |
10_2_0490DB60 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_0491FF60 mov eax, dword ptr fs:[00000030h] |
10_2_0491FF60 |
| Source: C:\Windows\SysWOW64\cmstp.exe |
Code function: 10_2_049D8F6A mov eax, dword ptr fs:[00000030h] |
10_2_049D8F6A |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet