| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-0Ch] |
1_3_02C8EA30 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [ebp+08h] |
1_3_02C8EA30 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov edx, dword ptr [eax] |
1_3_02C8EBDC |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov ebx, dword ptr [ecx] |
1_3_02C8EBDC |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then xor ecx, ecx |
1_3_02C8EB88 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then xor edx, edx |
1_3_02C8EB00 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then test eax, 80000000h |
1_3_02C8EB00 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then or edx, 00000080h |
1_3_02C8EB00 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then test eax, 80000000h |
1_3_02C8EB00 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then or edx, 02h |
1_3_02C8EB00 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then or edx, 01h |
1_3_02C8EB00 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-04h] |
1_3_02C8E99C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then lea edx, dword ptr [ebp-08h] |
1_3_02C8E944 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199DCh] |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then push 00000004h |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199D4h] |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199C0h] |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then push 00000000h |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then push 004199E0h |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then xor eax, eax |
1_3_02C8EE2C |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199DCh] |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then push 00000004h |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199D4h] |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199C0h] |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then push 00000000h |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then push 004199E0h |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then xor eax, eax |
1_3_02C8EE24 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then test eax, 15000000h |
1_3_02C8EC84 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [00419A0Ch] |
1_3_02C8EC94 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [004199ECh] |
1_3_02C8EC94 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [00419A0Ch] |
1_3_02C8EC94 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [00419A0Ch] |
1_3_02C8EC94 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 4x nop then mov eax, dword ptr [ebx] |
1_3_02C8EC94 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-0Ch] |
16_3_02CAEA30 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [ebp+08h] |
16_3_02CAEA30 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov edx, dword ptr [eax] |
16_3_02CAEBDC |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov ebx, dword ptr [ecx] |
16_3_02CAEBDC |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then xor ecx, ecx |
16_3_02CAEB88 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then xor edx, edx |
16_3_02CAEB00 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then test eax, 80000000h |
16_3_02CAEB00 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then or edx, 00000080h |
16_3_02CAEB00 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then test eax, 80000000h |
16_3_02CAEB00 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then or edx, 02h |
16_3_02CAEB00 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then or edx, 01h |
16_3_02CAEB00 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-04h] |
16_3_02CAE99C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then lea edx, dword ptr [ebp-08h] |
16_3_02CAE944 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199DCh] |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 00000004h |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199D4h] |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C0h] |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 00000000h |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 004199E0h |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then xor eax, eax |
16_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199DCh] |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 00000004h |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199D4h] |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C0h] |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 00000000h |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 004199E0h |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then xor eax, eax |
16_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then test eax, 15000000h |
16_3_02CAEC84 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [00419A0Ch] |
16_3_02CAEC94 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199ECh] |
16_3_02CAEC94 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [00419A0Ch] |
16_3_02CAEC94 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [00419A0Ch] |
16_3_02CAEC94 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [ebx] |
16_3_02CAEC94 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-0Ch] |
19_3_02CAEA30 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [ebp+08h] |
19_3_02CAEA30 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov edx, dword ptr [eax] |
19_3_02CAEBDC |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov ebx, dword ptr [ecx] |
19_3_02CAEBDC |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then xor ecx, ecx |
19_3_02CAEB88 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then xor edx, edx |
19_3_02CAEB00 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then test eax, 80000000h |
19_3_02CAEB00 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then or edx, 00000080h |
19_3_02CAEB00 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then test eax, 80000000h |
19_3_02CAEB00 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then or edx, 02h |
19_3_02CAEB00 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then or edx, 01h |
19_3_02CAEB00 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-04h] |
19_3_02CAE99C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then lea edx, dword ptr [ebp-08h] |
19_3_02CAE944 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199DCh] |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 00000004h |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199D4h] |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C0h] |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 00000000h |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 004199E0h |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then xor eax, eax |
19_3_02CAEE2C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199DCh] |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 00000004h |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199D4h] |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C0h] |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 00000000h |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 004199E0h |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then xor eax, eax |
19_3_02CAEE24 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then test eax, 15000000h |
19_3_02CAEC84 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [00419A0Ch] |
19_3_02CAEC94 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199ECh] |
19_3_02CAEC94 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [00419A0Ch] |
19_3_02CAEC94 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [00419A0Ch] |
19_3_02CAEC94 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [ebx] |
19_3_02CAEC94 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [00419A0Ch] |
19_3_02D78AF4 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199ECh] |
19_3_02D78AF4 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [00419A0Ch] |
19_3_02D78AF4 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [00419A0Ch] |
19_3_02D78AF4 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [ebx] |
19_3_02D78AF4 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then test eax, 15000000h |
19_3_02D78AE4 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov edx, dword ptr [eax] |
19_3_02D78A3C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov ebx, dword ptr [ecx] |
19_3_02D78A3C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-0Ch] |
19_3_02D78890 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [ebp+08h] |
19_3_02D78890 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then xor ecx, ecx |
19_3_02D789E8 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then xor edx, edx |
19_3_02D78960 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then test eax, 80000000h |
19_3_02D78960 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then or edx, 00000080h |
19_3_02D78960 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then test eax, 80000000h |
19_3_02D78960 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then or edx, 02h |
19_3_02D78960 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then or edx, 01h |
19_3_02D78960 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [ebp-04h] |
19_3_02D787FC |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then lea edx, dword ptr [ebp-08h] |
19_3_02D787A4 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [edi] |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199DCh] |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 00000004h |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199D4h] |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [esi] |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C0h] |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 00000000h |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then mov eax, dword ptr [004199C8h] |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then push 004199E0h |
19_3_02D78C8C |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 4x nop then xor eax, eax |
19_3_02D78C8C |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 4x nop then pop edi |
26_2_104261B2 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 4x nop then pop edi |
26_2_10426213 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 4x nop then pop edi |
26_2_1041C3C2 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A98F0 NtReadVirtualMemory,LdrInitializeThunk, |
4_2_049A98F0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9840 NtDelayExecution,LdrInitializeThunk, |
4_2_049A9840 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9860 NtQuerySystemInformation,LdrInitializeThunk, |
4_2_049A9860 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A99A0 NtCreateSection,LdrInitializeThunk, |
4_2_049A99A0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A95D0 NtClose,LdrInitializeThunk, |
4_2_049A95D0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9910 NtAdjustPrivilegesToken,LdrInitializeThunk, |
4_2_049A9910 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9540 NtReadFile,LdrInitializeThunk, |
4_2_049A9540 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A96E0 NtFreeVirtualMemory,LdrInitializeThunk, |
4_2_049A96E0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9A00 NtProtectVirtualMemory,LdrInitializeThunk, |
4_2_049A9A00 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9A20 NtResumeThread,LdrInitializeThunk, |
4_2_049A9A20 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9A50 NtCreateFile,LdrInitializeThunk, |
4_2_049A9A50 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9660 NtAllocateVirtualMemory,LdrInitializeThunk, |
4_2_049A9660 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9780 NtMapViewOfSection,LdrInitializeThunk, |
4_2_049A9780 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A97A0 NtUnmapViewOfSection,LdrInitializeThunk, |
4_2_049A97A0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9FE0 NtCreateMutant,LdrInitializeThunk, |
4_2_049A9FE0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9710 NtQueryInformationToken,LdrInitializeThunk, |
4_2_049A9710 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A98A0 NtWriteVirtualMemory, |
4_2_049A98A0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9820 NtEnumerateKey, |
4_2_049A9820 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049AB040 NtSuspendThread, |
4_2_049AB040 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A99D0 NtCreateProcessEx, |
4_2_049A99D0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A95F0 NtQueryInformationFile, |
4_2_049A95F0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049AAD30 NtSetContextThread, |
4_2_049AAD30 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9520 NtWaitForSingleObject, |
4_2_049A9520 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9950 NtQueueApcThread, |
4_2_049A9950 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9560 NtWriteFile, |
4_2_049A9560 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9A80 NtOpenDirectoryObject, |
4_2_049A9A80 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A96D0 NtCreateKey, |
4_2_049A96D0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9610 NtEnumerateValueKey, |
4_2_049A9610 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9A10 NtQuerySection, |
4_2_049A9A10 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9650 NtQueryValueKey, |
4_2_049A9650 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9670 NtQueryInformationProcess, |
4_2_049A9670 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049AA3B0 NtGetContextThread, |
4_2_049AA3B0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049AA710 NtOpenProcessToken, |
4_2_049AA710 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9B00 NtSetValueKey, |
4_2_049A9B00 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9730 NtQueryVirtualMemory, |
4_2_049A9730 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9770 NtSetInformationFile, |
4_2_049A9770 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049AA770 NtOpenThread, |
4_2_049AA770 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A9760 NtOpenProcess, |
4_2_049A9760 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9710 NtQueryInformationToken,LdrInitializeThunk, |
26_2_030E9710 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9780 NtMapViewOfSection,LdrInitializeThunk, |
26_2_030E9780 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E97A0 NtUnmapViewOfSection,LdrInitializeThunk, |
26_2_030E97A0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9FE0 NtCreateMutant,LdrInitializeThunk, |
26_2_030E9FE0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9A00 NtProtectVirtualMemory,LdrInitializeThunk, |
26_2_030E9A00 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9A20 NtResumeThread,LdrInitializeThunk, |
26_2_030E9A20 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9A50 NtCreateFile,LdrInitializeThunk, |
26_2_030E9A50 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9660 NtAllocateVirtualMemory,LdrInitializeThunk, |
26_2_030E9660 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E96E0 NtFreeVirtualMemory,LdrInitializeThunk, |
26_2_030E96E0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9910 NtAdjustPrivilegesToken,LdrInitializeThunk, |
26_2_030E9910 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9540 NtReadFile,LdrInitializeThunk, |
26_2_030E9540 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E99A0 NtCreateSection,LdrInitializeThunk, |
26_2_030E99A0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E95D0 NtClose,LdrInitializeThunk, |
26_2_030E95D0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9840 NtDelayExecution,LdrInitializeThunk, |
26_2_030E9840 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9860 NtQuerySystemInformation,LdrInitializeThunk, |
26_2_030E9860 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E98F0 NtReadVirtualMemory,LdrInitializeThunk, |
26_2_030E98F0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9B00 NtSetValueKey, |
26_2_030E9B00 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030EA710 NtOpenProcessToken, |
26_2_030EA710 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9730 NtQueryVirtualMemory, |
26_2_030E9730 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9760 NtOpenProcess, |
26_2_030E9760 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9770 NtSetInformationFile, |
26_2_030E9770 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030EA770 NtOpenThread, |
26_2_030EA770 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030EA3B0 NtGetContextThread, |
26_2_030EA3B0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9610 NtEnumerateValueKey, |
26_2_030E9610 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9A10 NtQuerySection, |
26_2_030E9A10 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9650 NtQueryValueKey, |
26_2_030E9650 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9670 NtQueryInformationProcess, |
26_2_030E9670 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9A80 NtOpenDirectoryObject, |
26_2_030E9A80 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E96D0 NtCreateKey, |
26_2_030E96D0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9520 NtWaitForSingleObject, |
26_2_030E9520 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030EAD30 NtSetContextThread, |
26_2_030EAD30 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9950 NtQueueApcThread, |
26_2_030E9950 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9560 NtWriteFile, |
26_2_030E9560 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E99D0 NtCreateProcessEx, |
26_2_030E99D0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E95F0 NtQueryInformationFile, |
26_2_030E95F0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E9820 NtEnumerateKey, |
26_2_030E9820 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030EB040 NtSuspendThread, |
26_2_030EB040 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E98A0 NtWriteVirtualMemory, |
26_2_030E98A0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_104281C0 NtCreateFile, |
26_2_104281C0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_10428270 NtReadFile, |
26_2_10428270 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_104282F0 NtClose, |
26_2_104282F0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_104283A0 NtAllocateVirtualMemory, |
26_2_104283A0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_104281BA NtCreateFile, |
26_2_104281BA |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_1042826B NtReadFile, |
26_2_1042826B |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_104282EA NtClose, |
26_2_104282EA |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_1042839C NtAllocateVirtualMemory, |
26_2_1042839C |
| Source: 4.0.logagent.exe.10410000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 4.0.logagent.exe.10410000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 4.2.logagent.exe.10410000.5.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 4.2.logagent.exe.10410000.5.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 29.2.secinit.exe.10410000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 29.2.secinit.exe.10410000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 26.0.mshta.exe.10410000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 26.0.mshta.exe.10410000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 4.2.logagent.exe.10410000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 4.2.logagent.exe.10410000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 26.2.mshta.exe.10410000.5.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 26.2.mshta.exe.10410000.5.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 29.0.secinit.exe.10410000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 29.0.secinit.exe.10410000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 26.0.mshta.exe.10410000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 26.0.mshta.exe.10410000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 29.0.secinit.exe.10410000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 29.0.secinit.exe.10410000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 29.2.secinit.exe.10410000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 29.2.secinit.exe.10410000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 26.2.mshta.exe.10410000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 26.2.mshta.exe.10410000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 4.0.logagent.exe.10410000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 4.0.logagent.exe.10410000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000010.00000003.437045703.0000000002DE4000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
| Source: 0000001D.00000000.493724351.0000000010410000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000001D.00000000.493724351.0000000010410000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000001C.00000002.861918517.0000000000B80000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000001C.00000002.861918517.0000000000B80000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000001.00000003.362637084.0000000002DC4000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
| Source: 0000001A.00000002.495868043.0000000002910000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000001A.00000002.495868043.0000000002910000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000001A.00000002.496343429.0000000002C80000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000001A.00000002.496343429.0000000002C80000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000001C.00000002.863420934.0000000002DD0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000001C.00000002.863420934.0000000002DD0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000010.00000003.437534855.0000000002DA8000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
| Source: 0000001A.00000000.467594845.0000000010410000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000001A.00000000.467594845.0000000010410000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000001D.00000002.505021347.0000000010410000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000001D.00000002.505021347.0000000010410000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000004.00000002.513499123.0000000004600000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000004.00000002.513499123.0000000004600000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000001.00000003.362921408.0000000002D88000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
| Source: 0000001C.00000002.862165299.0000000000CB0000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000001C.00000002.862165299.0000000000CB0000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000001A.00000002.497909086.0000000010410000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000001A.00000002.497909086.0000000010410000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000023.00000002.512339844.0000000002940000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000023.00000002.512339844.0000000002940000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000004.00000000.380848795.0000000010410000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000004.00000000.380848795.0000000010410000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000004.00000002.512824544.0000000002B50000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000004.00000002.512824544.0000000002B50000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000013.00000003.465981030.0000000002DA8000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
| Source: 00000004.00000002.515478166.0000000010410000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000004.00000002.515478166.0000000010410000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000013.00000003.465812677.0000000002DE4000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
| Source: C:\Users\Public\Libraries\kjalhdF.url, type: DROPPED |
Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 1_3_02C8F0F0 push dword ptr fs:[00000030h] |
1_3_02C8F0F0 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 1_3_02C8F120 mov eax, dword ptr fs:[00000030h] |
1_3_02C8F120 |
| Source: C:\Users\user\Desktop\Form_TT_EUR57,890.exe |
Code function: 1_3_02C8E480 mov eax, dword ptr fs:[00000030h] |
1_3_02C8E480 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04969080 mov eax, dword ptr fs:[00000030h] |
4_2_04969080 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E3884 mov eax, dword ptr fs:[00000030h] |
4_2_049E3884 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E3884 mov eax, dword ptr fs:[00000030h] |
4_2_049E3884 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499F0BF mov ecx, dword ptr fs:[00000030h] |
4_2_0499F0BF |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499F0BF mov eax, dword ptr fs:[00000030h] |
4_2_0499F0BF |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499F0BF mov eax, dword ptr fs:[00000030h] |
4_2_0499F0BF |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A90AF mov eax, dword ptr fs:[00000030h] |
4_2_049A90AF |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049FB8D0 mov eax, dword ptr fs:[00000030h] |
4_2_049FB8D0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049FB8D0 mov ecx, dword ptr fs:[00000030h] |
4_2_049FB8D0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049FB8D0 mov eax, dword ptr fs:[00000030h] |
4_2_049FB8D0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049FB8D0 mov eax, dword ptr fs:[00000030h] |
4_2_049FB8D0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049FB8D0 mov eax, dword ptr fs:[00000030h] |
4_2_049FB8D0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049FB8D0 mov eax, dword ptr fs:[00000030h] |
4_2_049FB8D0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A214FB mov eax, dword ptr fs:[00000030h] |
4_2_04A214FB |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A38CD6 mov eax, dword ptr fs:[00000030h] |
4_2_04A38CD6 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E7016 mov eax, dword ptr fs:[00000030h] |
4_2_049E7016 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E7016 mov eax, dword ptr fs:[00000030h] |
4_2_049E7016 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E7016 mov eax, dword ptr fs:[00000030h] |
4_2_049E7016 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E6C0A mov eax, dword ptr fs:[00000030h] |
4_2_049E6C0A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E6C0A mov eax, dword ptr fs:[00000030h] |
4_2_049E6C0A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E6C0A mov eax, dword ptr fs:[00000030h] |
4_2_049E6C0A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E6C0A mov eax, dword ptr fs:[00000030h] |
4_2_049E6C0A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A21C06 mov eax, dword ptr fs:[00000030h] |
4_2_04A21C06 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A3740D mov eax, dword ptr fs:[00000030h] |
4_2_04A3740D |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A3740D mov eax, dword ptr fs:[00000030h] |
4_2_04A3740D |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A3740D mov eax, dword ptr fs:[00000030h] |
4_2_04A3740D |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499BC2C mov eax, dword ptr fs:[00000030h] |
4_2_0499BC2C |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A34015 mov eax, dword ptr fs:[00000030h] |
4_2_04A34015 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A34015 mov eax, dword ptr fs:[00000030h] |
4_2_04A34015 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0497B02A mov eax, dword ptr fs:[00000030h] |
4_2_0497B02A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0497B02A mov eax, dword ptr fs:[00000030h] |
4_2_0497B02A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0497B02A mov eax, dword ptr fs:[00000030h] |
4_2_0497B02A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0497B02A mov eax, dword ptr fs:[00000030h] |
4_2_0497B02A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04980050 mov eax, dword ptr fs:[00000030h] |
4_2_04980050 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04980050 mov eax, dword ptr fs:[00000030h] |
4_2_04980050 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049FC450 mov eax, dword ptr fs:[00000030h] |
4_2_049FC450 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049FC450 mov eax, dword ptr fs:[00000030h] |
4_2_049FC450 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A22073 mov eax, dword ptr fs:[00000030h] |
4_2_04A22073 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A31074 mov eax, dword ptr fs:[00000030h] |
4_2_04A31074 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0498746D mov eax, dword ptr fs:[00000030h] |
4_2_0498746D |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499FD9B mov eax, dword ptr fs:[00000030h] |
4_2_0499FD9B |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499FD9B mov eax, dword ptr fs:[00000030h] |
4_2_0499FD9B |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0498C182 mov eax, dword ptr fs:[00000030h] |
4_2_0498C182 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499A185 mov eax, dword ptr fs:[00000030h] |
4_2_0499A185 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04962D8A mov eax, dword ptr fs:[00000030h] |
4_2_04962D8A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04962D8A mov eax, dword ptr fs:[00000030h] |
4_2_04962D8A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04962D8A mov eax, dword ptr fs:[00000030h] |
4_2_04962D8A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04962D8A mov eax, dword ptr fs:[00000030h] |
4_2_04962D8A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04962D8A mov eax, dword ptr fs:[00000030h] |
4_2_04962D8A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049935A1 mov eax, dword ptr fs:[00000030h] |
4_2_049935A1 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A18DF1 mov eax, dword ptr fs:[00000030h] |
4_2_04A18DF1 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496B1E1 mov eax, dword ptr fs:[00000030h] |
4_2_0496B1E1 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496B1E1 mov eax, dword ptr fs:[00000030h] |
4_2_0496B1E1 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496B1E1 mov eax, dword ptr fs:[00000030h] |
4_2_0496B1E1 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04969100 mov eax, dword ptr fs:[00000030h] |
4_2_04969100 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04969100 mov eax, dword ptr fs:[00000030h] |
4_2_04969100 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04969100 mov eax, dword ptr fs:[00000030h] |
4_2_04969100 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A38D34 mov eax, dword ptr fs:[00000030h] |
4_2_04A38D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04994D3B mov eax, dword ptr fs:[00000030h] |
4_2_04994D3B |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04994D3B mov eax, dword ptr fs:[00000030h] |
4_2_04994D3B |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04994D3B mov eax, dword ptr fs:[00000030h] |
4_2_04994D3B |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499513A mov eax, dword ptr fs:[00000030h] |
4_2_0499513A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499513A mov eax, dword ptr fs:[00000030h] |
4_2_0499513A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04973D34 mov eax, dword ptr fs:[00000030h] |
4_2_04973D34 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496AD30 mov eax, dword ptr fs:[00000030h] |
4_2_0496AD30 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04984120 mov eax, dword ptr fs:[00000030h] |
4_2_04984120 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04984120 mov eax, dword ptr fs:[00000030h] |
4_2_04984120 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04984120 mov eax, dword ptr fs:[00000030h] |
4_2_04984120 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04984120 mov eax, dword ptr fs:[00000030h] |
4_2_04984120 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04984120 mov ecx, dword ptr fs:[00000030h] |
4_2_04984120 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04987D50 mov eax, dword ptr fs:[00000030h] |
4_2_04987D50 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A3D43 mov eax, dword ptr fs:[00000030h] |
4_2_049A3D43 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0498B944 mov eax, dword ptr fs:[00000030h] |
4_2_0498B944 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0498B944 mov eax, dword ptr fs:[00000030h] |
4_2_0498B944 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E3540 mov eax, dword ptr fs:[00000030h] |
4_2_049E3540 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496B171 mov eax, dword ptr fs:[00000030h] |
4_2_0496B171 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496B171 mov eax, dword ptr fs:[00000030h] |
4_2_0496B171 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0498C577 mov eax, dword ptr fs:[00000030h] |
4_2_0498C577 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0498C577 mov eax, dword ptr fs:[00000030h] |
4_2_0498C577 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A30EA5 mov eax, dword ptr fs:[00000030h] |
4_2_04A30EA5 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A30EA5 mov eax, dword ptr fs:[00000030h] |
4_2_04A30EA5 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A30EA5 mov eax, dword ptr fs:[00000030h] |
4_2_04A30EA5 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499D294 mov eax, dword ptr fs:[00000030h] |
4_2_0499D294 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499D294 mov eax, dword ptr fs:[00000030h] |
4_2_0499D294 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049FFE87 mov eax, dword ptr fs:[00000030h] |
4_2_049FFE87 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499FAB0 mov eax, dword ptr fs:[00000030h] |
4_2_0499FAB0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049652A5 mov eax, dword ptr fs:[00000030h] |
4_2_049652A5 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049652A5 mov eax, dword ptr fs:[00000030h] |
4_2_049652A5 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049652A5 mov eax, dword ptr fs:[00000030h] |
4_2_049652A5 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049652A5 mov eax, dword ptr fs:[00000030h] |
4_2_049652A5 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049652A5 mov eax, dword ptr fs:[00000030h] |
4_2_049652A5 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E46A7 mov eax, dword ptr fs:[00000030h] |
4_2_049E46A7 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049936CC mov eax, dword ptr fs:[00000030h] |
4_2_049936CC |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A8EC7 mov eax, dword ptr fs:[00000030h] |
4_2_049A8EC7 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A1FEC0 mov eax, dword ptr fs:[00000030h] |
4_2_04A1FEC0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A38ED6 mov eax, dword ptr fs:[00000030h] |
4_2_04A38ED6 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049776E2 mov eax, dword ptr fs:[00000030h] |
4_2_049776E2 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049916E0 mov ecx, dword ptr fs:[00000030h] |
4_2_049916E0 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496C600 mov eax, dword ptr fs:[00000030h] |
4_2_0496C600 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496C600 mov eax, dword ptr fs:[00000030h] |
4_2_0496C600 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496C600 mov eax, dword ptr fs:[00000030h] |
4_2_0496C600 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A1FE3F mov eax, dword ptr fs:[00000030h] |
4_2_04A1FE3F |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496E620 mov eax, dword ptr fs:[00000030h] |
4_2_0496E620 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A1B260 mov eax, dword ptr fs:[00000030h] |
4_2_04A1B260 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A1B260 mov eax, dword ptr fs:[00000030h] |
4_2_04A1B260 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A38A62 mov eax, dword ptr fs:[00000030h] |
4_2_04A38A62 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04969240 mov eax, dword ptr fs:[00000030h] |
4_2_04969240 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04969240 mov eax, dword ptr fs:[00000030h] |
4_2_04969240 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04969240 mov eax, dword ptr fs:[00000030h] |
4_2_04969240 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04969240 mov eax, dword ptr fs:[00000030h] |
4_2_04969240 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04977E41 mov eax, dword ptr fs:[00000030h] |
4_2_04977E41 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04977E41 mov eax, dword ptr fs:[00000030h] |
4_2_04977E41 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04977E41 mov eax, dword ptr fs:[00000030h] |
4_2_04977E41 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04977E41 mov eax, dword ptr fs:[00000030h] |
4_2_04977E41 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04977E41 mov eax, dword ptr fs:[00000030h] |
4_2_04977E41 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04977E41 mov eax, dword ptr fs:[00000030h] |
4_2_04977E41 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049A927A mov eax, dword ptr fs:[00000030h] |
4_2_049A927A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0498AE73 mov eax, dword ptr fs:[00000030h] |
4_2_0498AE73 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0498AE73 mov eax, dword ptr fs:[00000030h] |
4_2_0498AE73 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0498AE73 mov eax, dword ptr fs:[00000030h] |
4_2_0498AE73 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0498AE73 mov eax, dword ptr fs:[00000030h] |
4_2_0498AE73 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0498AE73 mov eax, dword ptr fs:[00000030h] |
4_2_0498AE73 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0497766D mov eax, dword ptr fs:[00000030h] |
4_2_0497766D |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A35BA5 mov eax, dword ptr fs:[00000030h] |
4_2_04A35BA5 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E7794 mov eax, dword ptr fs:[00000030h] |
4_2_049E7794 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E7794 mov eax, dword ptr fs:[00000030h] |
4_2_049E7794 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049E7794 mov eax, dword ptr fs:[00000030h] |
4_2_049E7794 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04971B8F mov eax, dword ptr fs:[00000030h] |
4_2_04971B8F |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04971B8F mov eax, dword ptr fs:[00000030h] |
4_2_04971B8F |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A1D380 mov ecx, dword ptr fs:[00000030h] |
4_2_04A1D380 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A2138A mov eax, dword ptr fs:[00000030h] |
4_2_04A2138A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049FFF10 mov eax, dword ptr fs:[00000030h] |
4_2_049FFF10 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_049FFF10 mov eax, dword ptr fs:[00000030h] |
4_2_049FFF10 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0499E730 mov eax, dword ptr fs:[00000030h] |
4_2_0499E730 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A3070D mov eax, dword ptr fs:[00000030h] |
4_2_04A3070D |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A3070D mov eax, dword ptr fs:[00000030h] |
4_2_04A3070D |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04964F2E mov eax, dword ptr fs:[00000030h] |
4_2_04964F2E |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04964F2E mov eax, dword ptr fs:[00000030h] |
4_2_04964F2E |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A2131B mov eax, dword ptr fs:[00000030h] |
4_2_04A2131B |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A38F6A mov eax, dword ptr fs:[00000030h] |
4_2_04A38F6A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496F358 mov eax, dword ptr fs:[00000030h] |
4_2_0496F358 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496DB40 mov eax, dword ptr fs:[00000030h] |
4_2_0496DB40 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0497EF40 mov eax, dword ptr fs:[00000030h] |
4_2_0497EF40 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04993B7A mov eax, dword ptr fs:[00000030h] |
4_2_04993B7A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04993B7A mov eax, dword ptr fs:[00000030h] |
4_2_04993B7A |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0496DB60 mov ecx, dword ptr fs:[00000030h] |
4_2_0496DB60 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_0497FF60 mov eax, dword ptr fs:[00000030h] |
4_2_0497FF60 |
| Source: C:\Windows\SysWOW64\logagent.exe |
Code function: 4_2_04A38B58 mov eax, dword ptr fs:[00000030h] |
4_2_04A38B58 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 16_3_02CAF0F0 push dword ptr fs:[00000030h] |
16_3_02CAF0F0 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 16_3_02CAF120 mov eax, dword ptr fs:[00000030h] |
16_3_02CAF120 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 16_3_02CAE480 mov eax, dword ptr fs:[00000030h] |
16_3_02CAE480 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 19_3_02CAF0F0 push dword ptr fs:[00000030h] |
19_3_02CAF0F0 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 19_3_02CAF120 mov eax, dword ptr fs:[00000030h] |
19_3_02CAF120 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 19_3_02CAE480 mov eax, dword ptr fs:[00000030h] |
19_3_02CAE480 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 19_3_02D782E0 mov eax, dword ptr fs:[00000030h] |
19_3_02D782E0 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 19_3_02D78F80 mov eax, dword ptr fs:[00000030h] |
19_3_02D78F80 |
| Source: C:\Users\Public\Libraries\Fdhlajk\Fdhlajk.exe |
Code function: 19_3_02D78F50 push dword ptr fs:[00000030h] |
19_3_02D78F50 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0313FF10 mov eax, dword ptr fs:[00000030h] |
26_2_0313FF10 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0313FF10 mov eax, dword ptr fs:[00000030h] |
26_2_0313FF10 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DA70E mov eax, dword ptr fs:[00000030h] |
26_2_030DA70E |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DA70E mov eax, dword ptr fs:[00000030h] |
26_2_030DA70E |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0316131B mov eax, dword ptr fs:[00000030h] |
26_2_0316131B |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0317070D mov eax, dword ptr fs:[00000030h] |
26_2_0317070D |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0317070D mov eax, dword ptr fs:[00000030h] |
26_2_0317070D |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030CF716 mov eax, dword ptr fs:[00000030h] |
26_2_030CF716 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A4F2E mov eax, dword ptr fs:[00000030h] |
26_2_030A4F2E |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A4F2E mov eax, dword ptr fs:[00000030h] |
26_2_030A4F2E |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DE730 mov eax, dword ptr fs:[00000030h] |
26_2_030DE730 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030ADB40 mov eax, dword ptr fs:[00000030h] |
26_2_030ADB40 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030BEF40 mov eax, dword ptr fs:[00000030h] |
26_2_030BEF40 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03178B58 mov eax, dword ptr fs:[00000030h] |
26_2_03178B58 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AF358 mov eax, dword ptr fs:[00000030h] |
26_2_030AF358 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030ADB60 mov ecx, dword ptr fs:[00000030h] |
26_2_030ADB60 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030BFF60 mov eax, dword ptr fs:[00000030h] |
26_2_030BFF60 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D3B7A mov eax, dword ptr fs:[00000030h] |
26_2_030D3B7A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D3B7A mov eax, dword ptr fs:[00000030h] |
26_2_030D3B7A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03178F6A mov eax, dword ptr fs:[00000030h] |
26_2_03178F6A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B1B8F mov eax, dword ptr fs:[00000030h] |
26_2_030B1B8F |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B1B8F mov eax, dword ptr fs:[00000030h] |
26_2_030B1B8F |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03127794 mov eax, dword ptr fs:[00000030h] |
26_2_03127794 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03127794 mov eax, dword ptr fs:[00000030h] |
26_2_03127794 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03127794 mov eax, dword ptr fs:[00000030h] |
26_2_03127794 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0315D380 mov ecx, dword ptr fs:[00000030h] |
26_2_0315D380 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D2397 mov eax, dword ptr fs:[00000030h] |
26_2_030D2397 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0316138A mov eax, dword ptr fs:[00000030h] |
26_2_0316138A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DB390 mov eax, dword ptr fs:[00000030h] |
26_2_030DB390 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B8794 mov eax, dword ptr fs:[00000030h] |
26_2_030B8794 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D4BAD mov eax, dword ptr fs:[00000030h] |
26_2_030D4BAD |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D4BAD mov eax, dword ptr fs:[00000030h] |
26_2_030D4BAD |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D4BAD mov eax, dword ptr fs:[00000030h] |
26_2_030D4BAD |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03175BA5 mov eax, dword ptr fs:[00000030h] |
26_2_03175BA5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_031253CA mov eax, dword ptr fs:[00000030h] |
26_2_031253CA |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_031253CA mov eax, dword ptr fs:[00000030h] |
26_2_031253CA |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030CDBE9 mov eax, dword ptr fs:[00000030h] |
26_2_030CDBE9 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D03E2 mov eax, dword ptr fs:[00000030h] |
26_2_030D03E2 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D03E2 mov eax, dword ptr fs:[00000030h] |
26_2_030D03E2 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D03E2 mov eax, dword ptr fs:[00000030h] |
26_2_030D03E2 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D03E2 mov eax, dword ptr fs:[00000030h] |
26_2_030D03E2 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D03E2 mov eax, dword ptr fs:[00000030h] |
26_2_030D03E2 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D03E2 mov eax, dword ptr fs:[00000030h] |
26_2_030D03E2 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E37F5 mov eax, dword ptr fs:[00000030h] |
26_2_030E37F5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B8A0A mov eax, dword ptr fs:[00000030h] |
26_2_030B8A0A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AC600 mov eax, dword ptr fs:[00000030h] |
26_2_030AC600 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AC600 mov eax, dword ptr fs:[00000030h] |
26_2_030AC600 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AC600 mov eax, dword ptr fs:[00000030h] |
26_2_030AC600 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D8E00 mov eax, dword ptr fs:[00000030h] |
26_2_030D8E00 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030C3A1C mov eax, dword ptr fs:[00000030h] |
26_2_030C3A1C |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DA61C mov eax, dword ptr fs:[00000030h] |
26_2_030DA61C |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DA61C mov eax, dword ptr fs:[00000030h] |
26_2_030DA61C |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A5210 mov eax, dword ptr fs:[00000030h] |
26_2_030A5210 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A5210 mov ecx, dword ptr fs:[00000030h] |
26_2_030A5210 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A5210 mov eax, dword ptr fs:[00000030h] |
26_2_030A5210 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A5210 mov eax, dword ptr fs:[00000030h] |
26_2_030A5210 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AAA16 mov eax, dword ptr fs:[00000030h] |
26_2_030AAA16 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AAA16 mov eax, dword ptr fs:[00000030h] |
26_2_030AAA16 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161608 mov eax, dword ptr fs:[00000030h] |
26_2_03161608 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E4A2C mov eax, dword ptr fs:[00000030h] |
26_2_030E4A2C |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E4A2C mov eax, dword ptr fs:[00000030h] |
26_2_030E4A2C |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0315FE3F mov eax, dword ptr fs:[00000030h] |
26_2_0315FE3F |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AE620 mov eax, dword ptr fs:[00000030h] |
26_2_030AE620 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0316EA55 mov eax, dword ptr fs:[00000030h] |
26_2_0316EA55 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03134257 mov eax, dword ptr fs:[00000030h] |
26_2_03134257 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A9240 mov eax, dword ptr fs:[00000030h] |
26_2_030A9240 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A9240 mov eax, dword ptr fs:[00000030h] |
26_2_030A9240 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A9240 mov eax, dword ptr fs:[00000030h] |
26_2_030A9240 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A9240 mov eax, dword ptr fs:[00000030h] |
26_2_030A9240 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B7E41 mov eax, dword ptr fs:[00000030h] |
26_2_030B7E41 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B7E41 mov eax, dword ptr fs:[00000030h] |
26_2_030B7E41 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B7E41 mov eax, dword ptr fs:[00000030h] |
26_2_030B7E41 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B7E41 mov eax, dword ptr fs:[00000030h] |
26_2_030B7E41 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B7E41 mov eax, dword ptr fs:[00000030h] |
26_2_030B7E41 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B7E41 mov eax, dword ptr fs:[00000030h] |
26_2_030B7E41 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0316AE44 mov eax, dword ptr fs:[00000030h] |
26_2_0316AE44 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0316AE44 mov eax, dword ptr fs:[00000030h] |
26_2_0316AE44 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B766D mov eax, dword ptr fs:[00000030h] |
26_2_030B766D |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E927A mov eax, dword ptr fs:[00000030h] |
26_2_030E927A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0315B260 mov eax, dword ptr fs:[00000030h] |
26_2_0315B260 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0315B260 mov eax, dword ptr fs:[00000030h] |
26_2_0315B260 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03178A62 mov eax, dword ptr fs:[00000030h] |
26_2_03178A62 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030CAE73 mov eax, dword ptr fs:[00000030h] |
26_2_030CAE73 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030CAE73 mov eax, dword ptr fs:[00000030h] |
26_2_030CAE73 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030CAE73 mov eax, dword ptr fs:[00000030h] |
26_2_030CAE73 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030CAE73 mov eax, dword ptr fs:[00000030h] |
26_2_030CAE73 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030CAE73 mov eax, dword ptr fs:[00000030h] |
26_2_030CAE73 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0313FE87 mov eax, dword ptr fs:[00000030h] |
26_2_0313FE87 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DD294 mov eax, dword ptr fs:[00000030h] |
26_2_030DD294 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DD294 mov eax, dword ptr fs:[00000030h] |
26_2_030DD294 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A52A5 mov eax, dword ptr fs:[00000030h] |
26_2_030A52A5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A52A5 mov eax, dword ptr fs:[00000030h] |
26_2_030A52A5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A52A5 mov eax, dword ptr fs:[00000030h] |
26_2_030A52A5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A52A5 mov eax, dword ptr fs:[00000030h] |
26_2_030A52A5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A52A5 mov eax, dword ptr fs:[00000030h] |
26_2_030A52A5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03170EA5 mov eax, dword ptr fs:[00000030h] |
26_2_03170EA5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03170EA5 mov eax, dword ptr fs:[00000030h] |
26_2_03170EA5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03170EA5 mov eax, dword ptr fs:[00000030h] |
26_2_03170EA5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_031246A7 mov eax, dword ptr fs:[00000030h] |
26_2_031246A7 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030BAAB0 mov eax, dword ptr fs:[00000030h] |
26_2_030BAAB0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030BAAB0 mov eax, dword ptr fs:[00000030h] |
26_2_030BAAB0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DFAB0 mov eax, dword ptr fs:[00000030h] |
26_2_030DFAB0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03178ED6 mov eax, dword ptr fs:[00000030h] |
26_2_03178ED6 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D36CC mov eax, dword ptr fs:[00000030h] |
26_2_030D36CC |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D2ACB mov eax, dword ptr fs:[00000030h] |
26_2_030D2ACB |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E8EC7 mov eax, dword ptr fs:[00000030h] |
26_2_030E8EC7 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0315FEC0 mov eax, dword ptr fs:[00000030h] |
26_2_0315FEC0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B76E2 mov eax, dword ptr fs:[00000030h] |
26_2_030B76E2 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D2AE4 mov eax, dword ptr fs:[00000030h] |
26_2_030D2AE4 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D16E0 mov ecx, dword ptr fs:[00000030h] |
26_2_030D16E0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A9100 mov eax, dword ptr fs:[00000030h] |
26_2_030A9100 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A9100 mov eax, dword ptr fs:[00000030h] |
26_2_030A9100 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A9100 mov eax, dword ptr fs:[00000030h] |
26_2_030A9100 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03178D34 mov eax, dword ptr fs:[00000030h] |
26_2_03178D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0312A537 mov eax, dword ptr fs:[00000030h] |
26_2_0312A537 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030C4120 mov eax, dword ptr fs:[00000030h] |
26_2_030C4120 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030C4120 mov eax, dword ptr fs:[00000030h] |
26_2_030C4120 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030C4120 mov eax, dword ptr fs:[00000030h] |
26_2_030C4120 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030C4120 mov eax, dword ptr fs:[00000030h] |
26_2_030C4120 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030C4120 mov ecx, dword ptr fs:[00000030h] |
26_2_030C4120 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0316E539 mov eax, dword ptr fs:[00000030h] |
26_2_0316E539 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D4D3B mov eax, dword ptr fs:[00000030h] |
26_2_030D4D3B |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D4D3B mov eax, dword ptr fs:[00000030h] |
26_2_030D4D3B |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D4D3B mov eax, dword ptr fs:[00000030h] |
26_2_030D4D3B |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D513A mov eax, dword ptr fs:[00000030h] |
26_2_030D513A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D513A mov eax, dword ptr fs:[00000030h] |
26_2_030D513A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AAD30 mov eax, dword ptr fs:[00000030h] |
26_2_030AAD30 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B3D34 mov eax, dword ptr fs:[00000030h] |
26_2_030B3D34 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030CB944 mov eax, dword ptr fs:[00000030h] |
26_2_030CB944 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030CB944 mov eax, dword ptr fs:[00000030h] |
26_2_030CB944 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E3D43 mov eax, dword ptr fs:[00000030h] |
26_2_030E3D43 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03123540 mov eax, dword ptr fs:[00000030h] |
26_2_03123540 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030C7D50 mov eax, dword ptr fs:[00000030h] |
26_2_030C7D50 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AC962 mov eax, dword ptr fs:[00000030h] |
26_2_030AC962 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AB171 mov eax, dword ptr fs:[00000030h] |
26_2_030AB171 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AB171 mov eax, dword ptr fs:[00000030h] |
26_2_030AB171 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030CC577 mov eax, dword ptr fs:[00000030h] |
26_2_030CC577 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030CC577 mov eax, dword ptr fs:[00000030h] |
26_2_030CC577 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A2D8A mov eax, dword ptr fs:[00000030h] |
26_2_030A2D8A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A2D8A mov eax, dword ptr fs:[00000030h] |
26_2_030A2D8A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A2D8A mov eax, dword ptr fs:[00000030h] |
26_2_030A2D8A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A2D8A mov eax, dword ptr fs:[00000030h] |
26_2_030A2D8A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A2D8A mov eax, dword ptr fs:[00000030h] |
26_2_030A2D8A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DA185 mov eax, dword ptr fs:[00000030h] |
26_2_030DA185 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D2581 mov eax, dword ptr fs:[00000030h] |
26_2_030D2581 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D2581 mov eax, dword ptr fs:[00000030h] |
26_2_030D2581 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D2581 mov eax, dword ptr fs:[00000030h] |
26_2_030D2581 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D2581 mov eax, dword ptr fs:[00000030h] |
26_2_030D2581 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030CC182 mov eax, dword ptr fs:[00000030h] |
26_2_030CC182 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DFD9B mov eax, dword ptr fs:[00000030h] |
26_2_030DFD9B |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DFD9B mov eax, dword ptr fs:[00000030h] |
26_2_030DFD9B |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D2990 mov eax, dword ptr fs:[00000030h] |
26_2_030D2990 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D35A1 mov eax, dword ptr fs:[00000030h] |
26_2_030D35A1 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_031251BE mov eax, dword ptr fs:[00000030h] |
26_2_031251BE |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_031251BE mov eax, dword ptr fs:[00000030h] |
26_2_031251BE |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_031251BE mov eax, dword ptr fs:[00000030h] |
26_2_031251BE |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_031251BE mov eax, dword ptr fs:[00000030h] |
26_2_031251BE |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D61A0 mov eax, dword ptr fs:[00000030h] |
26_2_030D61A0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D61A0 mov eax, dword ptr fs:[00000030h] |
26_2_030D61A0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_031269A6 mov eax, dword ptr fs:[00000030h] |
26_2_031269A6 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D1DB5 mov eax, dword ptr fs:[00000030h] |
26_2_030D1DB5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D1DB5 mov eax, dword ptr fs:[00000030h] |
26_2_030D1DB5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D1DB5 mov eax, dword ptr fs:[00000030h] |
26_2_030D1DB5 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_031705AC mov eax, dword ptr fs:[00000030h] |
26_2_031705AC |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_031705AC mov eax, dword ptr fs:[00000030h] |
26_2_031705AC |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126DC9 mov eax, dword ptr fs:[00000030h] |
26_2_03126DC9 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126DC9 mov eax, dword ptr fs:[00000030h] |
26_2_03126DC9 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126DC9 mov eax, dword ptr fs:[00000030h] |
26_2_03126DC9 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126DC9 mov ecx, dword ptr fs:[00000030h] |
26_2_03126DC9 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126DC9 mov eax, dword ptr fs:[00000030h] |
26_2_03126DC9 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126DC9 mov eax, dword ptr fs:[00000030h] |
26_2_03126DC9 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03158DF1 mov eax, dword ptr fs:[00000030h] |
26_2_03158DF1 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AB1E1 mov eax, dword ptr fs:[00000030h] |
26_2_030AB1E1 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AB1E1 mov eax, dword ptr fs:[00000030h] |
26_2_030AB1E1 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030AB1E1 mov eax, dword ptr fs:[00000030h] |
26_2_030AB1E1 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030BD5E0 mov eax, dword ptr fs:[00000030h] |
26_2_030BD5E0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030BD5E0 mov eax, dword ptr fs:[00000030h] |
26_2_030BD5E0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0316FDE2 mov eax, dword ptr fs:[00000030h] |
26_2_0316FDE2 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0316FDE2 mov eax, dword ptr fs:[00000030h] |
26_2_0316FDE2 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0316FDE2 mov eax, dword ptr fs:[00000030h] |
26_2_0316FDE2 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0316FDE2 mov eax, dword ptr fs:[00000030h] |
26_2_0316FDE2 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_031341E8 mov eax, dword ptr fs:[00000030h] |
26_2_031341E8 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03174015 mov eax, dword ptr fs:[00000030h] |
26_2_03174015 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03174015 mov eax, dword ptr fs:[00000030h] |
26_2_03174015 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03127016 mov eax, dword ptr fs:[00000030h] |
26_2_03127016 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03127016 mov eax, dword ptr fs:[00000030h] |
26_2_03127016 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03127016 mov eax, dword ptr fs:[00000030h] |
26_2_03127016 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03161C06 mov eax, dword ptr fs:[00000030h] |
26_2_03161C06 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126C0A mov eax, dword ptr fs:[00000030h] |
26_2_03126C0A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126C0A mov eax, dword ptr fs:[00000030h] |
26_2_03126C0A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126C0A mov eax, dword ptr fs:[00000030h] |
26_2_03126C0A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126C0A mov eax, dword ptr fs:[00000030h] |
26_2_03126C0A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0317740D mov eax, dword ptr fs:[00000030h] |
26_2_0317740D |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0317740D mov eax, dword ptr fs:[00000030h] |
26_2_0317740D |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0317740D mov eax, dword ptr fs:[00000030h] |
26_2_0317740D |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D002D mov eax, dword ptr fs:[00000030h] |
26_2_030D002D |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D002D mov eax, dword ptr fs:[00000030h] |
26_2_030D002D |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D002D mov eax, dword ptr fs:[00000030h] |
26_2_030D002D |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D002D mov eax, dword ptr fs:[00000030h] |
26_2_030D002D |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D002D mov eax, dword ptr fs:[00000030h] |
26_2_030D002D |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030BB02A mov eax, dword ptr fs:[00000030h] |
26_2_030BB02A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030BB02A mov eax, dword ptr fs:[00000030h] |
26_2_030BB02A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030BB02A mov eax, dword ptr fs:[00000030h] |
26_2_030BB02A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030BB02A mov eax, dword ptr fs:[00000030h] |
26_2_030BB02A |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DBC2C mov eax, dword ptr fs:[00000030h] |
26_2_030DBC2C |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0313C450 mov eax, dword ptr fs:[00000030h] |
26_2_0313C450 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0313C450 mov eax, dword ptr fs:[00000030h] |
26_2_0313C450 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DA44B mov eax, dword ptr fs:[00000030h] |
26_2_030DA44B |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030C0050 mov eax, dword ptr fs:[00000030h] |
26_2_030C0050 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030C0050 mov eax, dword ptr fs:[00000030h] |
26_2_030C0050 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030C746D mov eax, dword ptr fs:[00000030h] |
26_2_030C746D |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03171074 mov eax, dword ptr fs:[00000030h] |
26_2_03171074 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03162073 mov eax, dword ptr fs:[00000030h] |
26_2_03162073 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A9080 mov eax, dword ptr fs:[00000030h] |
26_2_030A9080 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030B849B mov eax, dword ptr fs:[00000030h] |
26_2_030B849B |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03123884 mov eax, dword ptr fs:[00000030h] |
26_2_03123884 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03123884 mov eax, dword ptr fs:[00000030h] |
26_2_03123884 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030E90AF mov eax, dword ptr fs:[00000030h] |
26_2_030E90AF |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D20A0 mov eax, dword ptr fs:[00000030h] |
26_2_030D20A0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D20A0 mov eax, dword ptr fs:[00000030h] |
26_2_030D20A0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D20A0 mov eax, dword ptr fs:[00000030h] |
26_2_030D20A0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D20A0 mov eax, dword ptr fs:[00000030h] |
26_2_030D20A0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D20A0 mov eax, dword ptr fs:[00000030h] |
26_2_030D20A0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030D20A0 mov eax, dword ptr fs:[00000030h] |
26_2_030D20A0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DF0BF mov ecx, dword ptr fs:[00000030h] |
26_2_030DF0BF |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DF0BF mov eax, dword ptr fs:[00000030h] |
26_2_030DF0BF |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030DF0BF mov eax, dword ptr fs:[00000030h] |
26_2_030DF0BF |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03178CD6 mov eax, dword ptr fs:[00000030h] |
26_2_03178CD6 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0313B8D0 mov eax, dword ptr fs:[00000030h] |
26_2_0313B8D0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0313B8D0 mov ecx, dword ptr fs:[00000030h] |
26_2_0313B8D0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0313B8D0 mov eax, dword ptr fs:[00000030h] |
26_2_0313B8D0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0313B8D0 mov eax, dword ptr fs:[00000030h] |
26_2_0313B8D0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0313B8D0 mov eax, dword ptr fs:[00000030h] |
26_2_0313B8D0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_0313B8D0 mov eax, dword ptr fs:[00000030h] |
26_2_0313B8D0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126CF0 mov eax, dword ptr fs:[00000030h] |
26_2_03126CF0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126CF0 mov eax, dword ptr fs:[00000030h] |
26_2_03126CF0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_03126CF0 mov eax, dword ptr fs:[00000030h] |
26_2_03126CF0 |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_030A58EC mov eax, dword ptr fs:[00000030h] |
26_2_030A58EC |
| Source: C:\Windows\SysWOW64\mshta.exe |
Code function: 26_2_031614FB mov eax, dword ptr fs:[00000030h] |
26_2_031614FB |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet