| Source: 1.1.bhjRru88ej.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.1.bhjRru88ej.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 1.0.bhjRru88ej.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.0.bhjRru88ej.exe.400000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 1.0.bhjRru88ej.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.0.bhjRru88ej.exe.400000.1.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 1.2.bhjRru88ej.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.2.bhjRru88ej.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0.2.bhjRru88ej.exe.25d0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0.2.bhjRru88ej.exe.25d0000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 1.1.bhjRru88ej.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.1.bhjRru88ej.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 1.0.bhjRru88ej.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.0.bhjRru88ej.exe.400000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 1.0.bhjRru88ej.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.0.bhjRru88ej.exe.400000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0.2.bhjRru88ej.exe.25d0000.1.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0.2.bhjRru88ej.exe.25d0000.1.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 1.0.bhjRru88ej.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.0.bhjRru88ej.exe.400000.3.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 1.2.bhjRru88ej.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.2.bhjRru88ej.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000009.00000002.625740978.0000000000BC0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000009.00000002.625740978.0000000000BC0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000001.00000002.413560341.00000000009D0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000001.00000002.413560341.00000000009D0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000004.00000000.384139517.00000000075EE000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000004.00000000.384139517.00000000075EE000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000004.00000000.397566356.00000000075EE000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000004.00000000.397566356.00000000075EE000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000000.00000002.353597466.00000000025D0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000000.00000002.353597466.00000000025D0000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000001.00000002.413505967.00000000005C0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000001.00000002.413505967.00000000005C0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000009.00000002.630654958.0000000002FB0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000009.00000002.630654958.0000000002FB0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000001.00000002.413413880.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000001.00000002.413413880.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000001.00000000.350595433.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000001.00000000.350595433.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000001.00000001.352601050.0000000000400000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000001.00000001.352601050.0000000000400000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000001.00000000.351883848.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000001.00000000.351883848.0000000000400000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000009.00000002.630203304.0000000002EB0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000009.00000002.630203304.0000000002EB0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_004185F0 NtCreateFile, |
1_2_004185F0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_004186A0 NtReadFile, |
1_2_004186A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00418720 NtClose, |
1_2_00418720 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_004187D0 NtAllocateVirtualMemory, |
1_2_004187D0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_004185EE NtCreateFile, |
1_2_004185EE |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_0041871C NtClose, |
1_2_0041871C |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A698F0 NtReadVirtualMemory,LdrInitializeThunk, |
1_2_00A698F0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69860 NtQuerySystemInformation,LdrInitializeThunk, |
1_2_00A69860 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69840 NtDelayExecution,LdrInitializeThunk, |
1_2_00A69840 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A699A0 NtCreateSection,LdrInitializeThunk, |
1_2_00A699A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69910 NtAdjustPrivilegesToken,LdrInitializeThunk, |
1_2_00A69910 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69A20 NtResumeThread,LdrInitializeThunk, |
1_2_00A69A20 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69A00 NtProtectVirtualMemory,LdrInitializeThunk, |
1_2_00A69A00 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69A50 NtCreateFile,LdrInitializeThunk, |
1_2_00A69A50 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A695D0 NtClose,LdrInitializeThunk, |
1_2_00A695D0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69540 NtReadFile,LdrInitializeThunk, |
1_2_00A69540 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A696E0 NtFreeVirtualMemory,LdrInitializeThunk, |
1_2_00A696E0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69660 NtAllocateVirtualMemory,LdrInitializeThunk, |
1_2_00A69660 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A697A0 NtUnmapViewOfSection,LdrInitializeThunk, |
1_2_00A697A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69780 NtMapViewOfSection,LdrInitializeThunk, |
1_2_00A69780 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69FE0 NtCreateMutant,LdrInitializeThunk, |
1_2_00A69FE0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69710 NtQueryInformationToken,LdrInitializeThunk, |
1_2_00A69710 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A698A0 NtWriteVirtualMemory, |
1_2_00A698A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69820 NtEnumerateKey, |
1_2_00A69820 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A6B040 NtSuspendThread, |
1_2_00A6B040 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A699D0 NtCreateProcessEx, |
1_2_00A699D0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69950 NtQueueApcThread, |
1_2_00A69950 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69A80 NtOpenDirectoryObject, |
1_2_00A69A80 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69A10 NtQuerySection, |
1_2_00A69A10 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A6A3B0 NtGetContextThread, |
1_2_00A6A3B0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69B00 NtSetValueKey, |
1_2_00A69B00 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A695F0 NtQueryInformationFile, |
1_2_00A695F0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69520 NtWaitForSingleObject, |
1_2_00A69520 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A6AD30 NtSetContextThread, |
1_2_00A6AD30 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69560 NtWriteFile, |
1_2_00A69560 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A696D0 NtCreateKey, |
1_2_00A696D0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69610 NtEnumerateValueKey, |
1_2_00A69610 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69670 NtQueryInformationProcess, |
1_2_00A69670 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69650 NtQueryValueKey, |
1_2_00A69650 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69730 NtQueryVirtualMemory, |
1_2_00A69730 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A6A710 NtOpenProcessToken, |
1_2_00A6A710 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69760 NtOpenProcess, |
1_2_00A69760 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A69770 NtSetInformationFile, |
1_2_00A69770 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A6A770 NtOpenThread, |
1_2_00A6A770 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_1_004185F0 NtCreateFile, |
1_1_004185F0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_1_004186A0 NtReadFile, |
1_1_004186A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_1_00418720 NtClose, |
1_1_00418720 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_1_004187D0 NtAllocateVirtualMemory, |
1_1_004187D0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_1_004185EE NtCreateFile, |
1_1_004185EE |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9860 NtQuerySystemInformation,LdrInitializeThunk, |
9_2_04EC9860 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9840 NtDelayExecution,LdrInitializeThunk, |
9_2_04EC9840 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC95D0 NtClose,LdrInitializeThunk, |
9_2_04EC95D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC99A0 NtCreateSection,LdrInitializeThunk, |
9_2_04EC99A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9540 NtReadFile,LdrInitializeThunk, |
9_2_04EC9540 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9910 NtAdjustPrivilegesToken,LdrInitializeThunk, |
9_2_04EC9910 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC96E0 NtFreeVirtualMemory,LdrInitializeThunk, |
9_2_04EC96E0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC96D0 NtCreateKey,LdrInitializeThunk, |
9_2_04EC96D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9660 NtAllocateVirtualMemory,LdrInitializeThunk, |
9_2_04EC9660 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9650 NtQueryValueKey,LdrInitializeThunk, |
9_2_04EC9650 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9A50 NtCreateFile,LdrInitializeThunk, |
9_2_04EC9A50 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9FE0 NtCreateMutant,LdrInitializeThunk, |
9_2_04EC9FE0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9780 NtMapViewOfSection,LdrInitializeThunk, |
9_2_04EC9780 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9710 NtQueryInformationToken,LdrInitializeThunk, |
9_2_04EC9710 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC98F0 NtReadVirtualMemory, |
9_2_04EC98F0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC98A0 NtWriteVirtualMemory, |
9_2_04EC98A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04ECB040 NtSuspendThread, |
9_2_04ECB040 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9820 NtEnumerateKey, |
9_2_04EC9820 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC95F0 NtQueryInformationFile, |
9_2_04EC95F0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC99D0 NtCreateProcessEx, |
9_2_04EC99D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9560 NtWriteFile, |
9_2_04EC9560 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9950 NtQueueApcThread, |
9_2_04EC9950 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9520 NtWaitForSingleObject, |
9_2_04EC9520 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04ECAD30 NtSetContextThread, |
9_2_04ECAD30 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9A80 NtOpenDirectoryObject, |
9_2_04EC9A80 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9670 NtQueryInformationProcess, |
9_2_04EC9670 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9A20 NtResumeThread, |
9_2_04EC9A20 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9A00 NtProtectVirtualMemory, |
9_2_04EC9A00 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9610 NtEnumerateValueKey, |
9_2_04EC9610 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9A10 NtQuerySection, |
9_2_04EC9A10 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC97A0 NtUnmapViewOfSection, |
9_2_04EC97A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04ECA3B0 NtGetContextThread, |
9_2_04ECA3B0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9760 NtOpenProcess, |
9_2_04EC9760 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9770 NtSetInformationFile, |
9_2_04EC9770 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04ECA770 NtOpenThread, |
9_2_04ECA770 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9730 NtQueryVirtualMemory, |
9_2_04EC9730 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC9B00 NtSetValueKey, |
9_2_04EC9B00 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04ECA710 NtOpenProcessToken, |
9_2_04ECA710 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_02FC86A0 NtReadFile, |
9_2_02FC86A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_02FC87D0 NtAllocateVirtualMemory, |
9_2_02FC87D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_02FC8720 NtClose, |
9_2_02FC8720 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_02FC85F0 NtCreateFile, |
9_2_02FC85F0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_02FC871C NtClose, |
9_2_02FC871C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_02FC85EE NtCreateFile, |
9_2_02FC85EE |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 0_2_0019EC20 mov eax, dword ptr fs:[00000030h] |
0_2_0019EC20 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 0_2_0019E8DE mov eax, dword ptr fs:[00000030h] |
0_2_0019E8DE |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 0_2_0019EAF2 mov eax, dword ptr fs:[00000030h] |
0_2_0019EAF2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 0_2_0019EBA3 mov eax, dword ptr fs:[00000030h] |
0_2_0019EBA3 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 0_2_0019EBE2 mov eax, dword ptr fs:[00000030h] |
0_2_0019EBE2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A520A0 mov eax, dword ptr fs:[00000030h] |
1_2_00A520A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A520A0 mov eax, dword ptr fs:[00000030h] |
1_2_00A520A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A520A0 mov eax, dword ptr fs:[00000030h] |
1_2_00A520A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A520A0 mov eax, dword ptr fs:[00000030h] |
1_2_00A520A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A520A0 mov eax, dword ptr fs:[00000030h] |
1_2_00A520A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A520A0 mov eax, dword ptr fs:[00000030h] |
1_2_00A520A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A690AF mov eax, dword ptr fs:[00000030h] |
1_2_00A690AF |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5F0BF mov ecx, dword ptr fs:[00000030h] |
1_2_00A5F0BF |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5F0BF mov eax, dword ptr fs:[00000030h] |
1_2_00A5F0BF |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5F0BF mov eax, dword ptr fs:[00000030h] |
1_2_00A5F0BF |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A29080 mov eax, dword ptr fs:[00000030h] |
1_2_00A29080 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA3884 mov eax, dword ptr fs:[00000030h] |
1_2_00AA3884 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA3884 mov eax, dword ptr fs:[00000030h] |
1_2_00AA3884 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A258EC mov eax, dword ptr fs:[00000030h] |
1_2_00A258EC |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ABB8D0 mov eax, dword ptr fs:[00000030h] |
1_2_00ABB8D0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ABB8D0 mov ecx, dword ptr fs:[00000030h] |
1_2_00ABB8D0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ABB8D0 mov eax, dword ptr fs:[00000030h] |
1_2_00ABB8D0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ABB8D0 mov eax, dword ptr fs:[00000030h] |
1_2_00ABB8D0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ABB8D0 mov eax, dword ptr fs:[00000030h] |
1_2_00ABB8D0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ABB8D0 mov eax, dword ptr fs:[00000030h] |
1_2_00ABB8D0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5002D mov eax, dword ptr fs:[00000030h] |
1_2_00A5002D |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5002D mov eax, dword ptr fs:[00000030h] |
1_2_00A5002D |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5002D mov eax, dword ptr fs:[00000030h] |
1_2_00A5002D |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5002D mov eax, dword ptr fs:[00000030h] |
1_2_00A5002D |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5002D mov eax, dword ptr fs:[00000030h] |
1_2_00A5002D |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A3B02A mov eax, dword ptr fs:[00000030h] |
1_2_00A3B02A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A3B02A mov eax, dword ptr fs:[00000030h] |
1_2_00A3B02A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A3B02A mov eax, dword ptr fs:[00000030h] |
1_2_00A3B02A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A3B02A mov eax, dword ptr fs:[00000030h] |
1_2_00A3B02A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF4015 mov eax, dword ptr fs:[00000030h] |
1_2_00AF4015 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF4015 mov eax, dword ptr fs:[00000030h] |
1_2_00AF4015 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA7016 mov eax, dword ptr fs:[00000030h] |
1_2_00AA7016 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA7016 mov eax, dword ptr fs:[00000030h] |
1_2_00AA7016 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA7016 mov eax, dword ptr fs:[00000030h] |
1_2_00AA7016 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF1074 mov eax, dword ptr fs:[00000030h] |
1_2_00AF1074 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE2073 mov eax, dword ptr fs:[00000030h] |
1_2_00AE2073 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A40050 mov eax, dword ptr fs:[00000030h] |
1_2_00A40050 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A40050 mov eax, dword ptr fs:[00000030h] |
1_2_00A40050 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A561A0 mov eax, dword ptr fs:[00000030h] |
1_2_00A561A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A561A0 mov eax, dword ptr fs:[00000030h] |
1_2_00A561A0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA69A6 mov eax, dword ptr fs:[00000030h] |
1_2_00AA69A6 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA51BE mov eax, dword ptr fs:[00000030h] |
1_2_00AA51BE |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA51BE mov eax, dword ptr fs:[00000030h] |
1_2_00AA51BE |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA51BE mov eax, dword ptr fs:[00000030h] |
1_2_00AA51BE |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA51BE mov eax, dword ptr fs:[00000030h] |
1_2_00AA51BE |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5A185 mov eax, dword ptr fs:[00000030h] |
1_2_00A5A185 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4C182 mov eax, dword ptr fs:[00000030h] |
1_2_00A4C182 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A52990 mov eax, dword ptr fs:[00000030h] |
1_2_00A52990 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2B1E1 mov eax, dword ptr fs:[00000030h] |
1_2_00A2B1E1 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2B1E1 mov eax, dword ptr fs:[00000030h] |
1_2_00A2B1E1 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2B1E1 mov eax, dword ptr fs:[00000030h] |
1_2_00A2B1E1 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AB41E8 mov eax, dword ptr fs:[00000030h] |
1_2_00AB41E8 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A44120 mov eax, dword ptr fs:[00000030h] |
1_2_00A44120 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A44120 mov eax, dword ptr fs:[00000030h] |
1_2_00A44120 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A44120 mov eax, dword ptr fs:[00000030h] |
1_2_00A44120 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A44120 mov eax, dword ptr fs:[00000030h] |
1_2_00A44120 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A44120 mov ecx, dword ptr fs:[00000030h] |
1_2_00A44120 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5513A mov eax, dword ptr fs:[00000030h] |
1_2_00A5513A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5513A mov eax, dword ptr fs:[00000030h] |
1_2_00A5513A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A29100 mov eax, dword ptr fs:[00000030h] |
1_2_00A29100 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A29100 mov eax, dword ptr fs:[00000030h] |
1_2_00A29100 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A29100 mov eax, dword ptr fs:[00000030h] |
1_2_00A29100 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2C962 mov eax, dword ptr fs:[00000030h] |
1_2_00A2C962 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2B171 mov eax, dword ptr fs:[00000030h] |
1_2_00A2B171 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2B171 mov eax, dword ptr fs:[00000030h] |
1_2_00A2B171 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4B944 mov eax, dword ptr fs:[00000030h] |
1_2_00A4B944 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4B944 mov eax, dword ptr fs:[00000030h] |
1_2_00A4B944 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A252A5 mov eax, dword ptr fs:[00000030h] |
1_2_00A252A5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A252A5 mov eax, dword ptr fs:[00000030h] |
1_2_00A252A5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A252A5 mov eax, dword ptr fs:[00000030h] |
1_2_00A252A5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A252A5 mov eax, dword ptr fs:[00000030h] |
1_2_00A252A5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A252A5 mov eax, dword ptr fs:[00000030h] |
1_2_00A252A5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A3AAB0 mov eax, dword ptr fs:[00000030h] |
1_2_00A3AAB0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A3AAB0 mov eax, dword ptr fs:[00000030h] |
1_2_00A3AAB0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5FAB0 mov eax, dword ptr fs:[00000030h] |
1_2_00A5FAB0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5D294 mov eax, dword ptr fs:[00000030h] |
1_2_00A5D294 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5D294 mov eax, dword ptr fs:[00000030h] |
1_2_00A5D294 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A52AE4 mov eax, dword ptr fs:[00000030h] |
1_2_00A52AE4 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A52ACB mov eax, dword ptr fs:[00000030h] |
1_2_00A52ACB |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A64A2C mov eax, dword ptr fs:[00000030h] |
1_2_00A64A2C |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A64A2C mov eax, dword ptr fs:[00000030h] |
1_2_00A64A2C |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A38A0A mov eax, dword ptr fs:[00000030h] |
1_2_00A38A0A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A25210 mov eax, dword ptr fs:[00000030h] |
1_2_00A25210 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A25210 mov ecx, dword ptr fs:[00000030h] |
1_2_00A25210 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A25210 mov eax, dword ptr fs:[00000030h] |
1_2_00A25210 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A25210 mov eax, dword ptr fs:[00000030h] |
1_2_00A25210 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2AA16 mov eax, dword ptr fs:[00000030h] |
1_2_00A2AA16 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2AA16 mov eax, dword ptr fs:[00000030h] |
1_2_00A2AA16 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A43A1C mov eax, dword ptr fs:[00000030h] |
1_2_00A43A1C |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ADB260 mov eax, dword ptr fs:[00000030h] |
1_2_00ADB260 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ADB260 mov eax, dword ptr fs:[00000030h] |
1_2_00ADB260 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF8A62 mov eax, dword ptr fs:[00000030h] |
1_2_00AF8A62 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A6927A mov eax, dword ptr fs:[00000030h] |
1_2_00A6927A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A29240 mov eax, dword ptr fs:[00000030h] |
1_2_00A29240 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A29240 mov eax, dword ptr fs:[00000030h] |
1_2_00A29240 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A29240 mov eax, dword ptr fs:[00000030h] |
1_2_00A29240 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A29240 mov eax, dword ptr fs:[00000030h] |
1_2_00A29240 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AB4257 mov eax, dword ptr fs:[00000030h] |
1_2_00AB4257 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A54BAD mov eax, dword ptr fs:[00000030h] |
1_2_00A54BAD |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A54BAD mov eax, dword ptr fs:[00000030h] |
1_2_00A54BAD |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A54BAD mov eax, dword ptr fs:[00000030h] |
1_2_00A54BAD |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF5BA5 mov eax, dword ptr fs:[00000030h] |
1_2_00AF5BA5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE138A mov eax, dword ptr fs:[00000030h] |
1_2_00AE138A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A31B8F mov eax, dword ptr fs:[00000030h] |
1_2_00A31B8F |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A31B8F mov eax, dword ptr fs:[00000030h] |
1_2_00A31B8F |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ADD380 mov ecx, dword ptr fs:[00000030h] |
1_2_00ADD380 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A52397 mov eax, dword ptr fs:[00000030h] |
1_2_00A52397 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5B390 mov eax, dword ptr fs:[00000030h] |
1_2_00A5B390 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A503E2 mov eax, dword ptr fs:[00000030h] |
1_2_00A503E2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A503E2 mov eax, dword ptr fs:[00000030h] |
1_2_00A503E2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A503E2 mov eax, dword ptr fs:[00000030h] |
1_2_00A503E2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A503E2 mov eax, dword ptr fs:[00000030h] |
1_2_00A503E2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A503E2 mov eax, dword ptr fs:[00000030h] |
1_2_00A503E2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A503E2 mov eax, dword ptr fs:[00000030h] |
1_2_00A503E2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4DBE9 mov eax, dword ptr fs:[00000030h] |
1_2_00A4DBE9 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA53CA mov eax, dword ptr fs:[00000030h] |
1_2_00AA53CA |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA53CA mov eax, dword ptr fs:[00000030h] |
1_2_00AA53CA |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE131B mov eax, dword ptr fs:[00000030h] |
1_2_00AE131B |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2DB60 mov ecx, dword ptr fs:[00000030h] |
1_2_00A2DB60 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A53B7A mov eax, dword ptr fs:[00000030h] |
1_2_00A53B7A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A53B7A mov eax, dword ptr fs:[00000030h] |
1_2_00A53B7A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2DB40 mov eax, dword ptr fs:[00000030h] |
1_2_00A2DB40 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF8B58 mov eax, dword ptr fs:[00000030h] |
1_2_00AF8B58 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2F358 mov eax, dword ptr fs:[00000030h] |
1_2_00A2F358 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A3849B mov eax, dword ptr fs:[00000030h] |
1_2_00A3849B |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE14FB mov eax, dword ptr fs:[00000030h] |
1_2_00AE14FB |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6CF0 mov eax, dword ptr fs:[00000030h] |
1_2_00AA6CF0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6CF0 mov eax, dword ptr fs:[00000030h] |
1_2_00AA6CF0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6CF0 mov eax, dword ptr fs:[00000030h] |
1_2_00AA6CF0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF8CD6 mov eax, dword ptr fs:[00000030h] |
1_2_00AF8CD6 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5BC2C mov eax, dword ptr fs:[00000030h] |
1_2_00A5BC2C |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6C0A mov eax, dword ptr fs:[00000030h] |
1_2_00AA6C0A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6C0A mov eax, dword ptr fs:[00000030h] |
1_2_00AA6C0A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6C0A mov eax, dword ptr fs:[00000030h] |
1_2_00AA6C0A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6C0A mov eax, dword ptr fs:[00000030h] |
1_2_00AA6C0A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF740D mov eax, dword ptr fs:[00000030h] |
1_2_00AF740D |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF740D mov eax, dword ptr fs:[00000030h] |
1_2_00AF740D |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF740D mov eax, dword ptr fs:[00000030h] |
1_2_00AF740D |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1C06 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1C06 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4746D mov eax, dword ptr fs:[00000030h] |
1_2_00A4746D |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5A44B mov eax, dword ptr fs:[00000030h] |
1_2_00A5A44B |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ABC450 mov eax, dword ptr fs:[00000030h] |
1_2_00ABC450 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ABC450 mov eax, dword ptr fs:[00000030h] |
1_2_00ABC450 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF05AC mov eax, dword ptr fs:[00000030h] |
1_2_00AF05AC |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF05AC mov eax, dword ptr fs:[00000030h] |
1_2_00AF05AC |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A535A1 mov eax, dword ptr fs:[00000030h] |
1_2_00A535A1 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A51DB5 mov eax, dword ptr fs:[00000030h] |
1_2_00A51DB5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A51DB5 mov eax, dword ptr fs:[00000030h] |
1_2_00A51DB5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A51DB5 mov eax, dword ptr fs:[00000030h] |
1_2_00A51DB5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A52581 mov eax, dword ptr fs:[00000030h] |
1_2_00A52581 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A52581 mov eax, dword ptr fs:[00000030h] |
1_2_00A52581 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A52581 mov eax, dword ptr fs:[00000030h] |
1_2_00A52581 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A52581 mov eax, dword ptr fs:[00000030h] |
1_2_00A52581 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A22D8A mov eax, dword ptr fs:[00000030h] |
1_2_00A22D8A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A22D8A mov eax, dword ptr fs:[00000030h] |
1_2_00A22D8A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A22D8A mov eax, dword ptr fs:[00000030h] |
1_2_00A22D8A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A22D8A mov eax, dword ptr fs:[00000030h] |
1_2_00A22D8A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A22D8A mov eax, dword ptr fs:[00000030h] |
1_2_00A22D8A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5FD9B mov eax, dword ptr fs:[00000030h] |
1_2_00A5FD9B |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5FD9B mov eax, dword ptr fs:[00000030h] |
1_2_00A5FD9B |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A3D5E0 mov eax, dword ptr fs:[00000030h] |
1_2_00A3D5E0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A3D5E0 mov eax, dword ptr fs:[00000030h] |
1_2_00A3D5E0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AEFDE2 mov eax, dword ptr fs:[00000030h] |
1_2_00AEFDE2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AEFDE2 mov eax, dword ptr fs:[00000030h] |
1_2_00AEFDE2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AEFDE2 mov eax, dword ptr fs:[00000030h] |
1_2_00AEFDE2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AEFDE2 mov eax, dword ptr fs:[00000030h] |
1_2_00AEFDE2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AD8DF1 mov eax, dword ptr fs:[00000030h] |
1_2_00AD8DF1 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6DC9 mov eax, dword ptr fs:[00000030h] |
1_2_00AA6DC9 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6DC9 mov eax, dword ptr fs:[00000030h] |
1_2_00AA6DC9 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6DC9 mov eax, dword ptr fs:[00000030h] |
1_2_00AA6DC9 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6DC9 mov ecx, dword ptr fs:[00000030h] |
1_2_00AA6DC9 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6DC9 mov eax, dword ptr fs:[00000030h] |
1_2_00AA6DC9 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA6DC9 mov eax, dword ptr fs:[00000030h] |
1_2_00AA6DC9 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2AD30 mov eax, dword ptr fs:[00000030h] |
1_2_00A2AD30 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A33D34 mov eax, dword ptr fs:[00000030h] |
1_2_00A33D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF8D34 mov eax, dword ptr fs:[00000030h] |
1_2_00AF8D34 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AAA537 mov eax, dword ptr fs:[00000030h] |
1_2_00AAA537 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A54D3B mov eax, dword ptr fs:[00000030h] |
1_2_00A54D3B |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A54D3B mov eax, dword ptr fs:[00000030h] |
1_2_00A54D3B |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A54D3B mov eax, dword ptr fs:[00000030h] |
1_2_00A54D3B |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4C577 mov eax, dword ptr fs:[00000030h] |
1_2_00A4C577 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4C577 mov eax, dword ptr fs:[00000030h] |
1_2_00A4C577 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A63D43 mov eax, dword ptr fs:[00000030h] |
1_2_00A63D43 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA3540 mov eax, dword ptr fs:[00000030h] |
1_2_00AA3540 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A47D50 mov eax, dword ptr fs:[00000030h] |
1_2_00A47D50 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF0EA5 mov eax, dword ptr fs:[00000030h] |
1_2_00AF0EA5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF0EA5 mov eax, dword ptr fs:[00000030h] |
1_2_00AF0EA5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF0EA5 mov eax, dword ptr fs:[00000030h] |
1_2_00AF0EA5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA46A7 mov eax, dword ptr fs:[00000030h] |
1_2_00AA46A7 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ABFE87 mov eax, dword ptr fs:[00000030h] |
1_2_00ABFE87 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A376E2 mov eax, dword ptr fs:[00000030h] |
1_2_00A376E2 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A516E0 mov ecx, dword ptr fs:[00000030h] |
1_2_00A516E0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A68EC7 mov eax, dword ptr fs:[00000030h] |
1_2_00A68EC7 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A536CC mov eax, dword ptr fs:[00000030h] |
1_2_00A536CC |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ADFEC0 mov eax, dword ptr fs:[00000030h] |
1_2_00ADFEC0 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF8ED6 mov eax, dword ptr fs:[00000030h] |
1_2_00AF8ED6 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2E620 mov eax, dword ptr fs:[00000030h] |
1_2_00A2E620 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ADFE3F mov eax, dword ptr fs:[00000030h] |
1_2_00ADFE3F |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2C600 mov eax, dword ptr fs:[00000030h] |
1_2_00A2C600 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2C600 mov eax, dword ptr fs:[00000030h] |
1_2_00A2C600 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A2C600 mov eax, dword ptr fs:[00000030h] |
1_2_00A2C600 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A58E00 mov eax, dword ptr fs:[00000030h] |
1_2_00A58E00 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AE1608 mov eax, dword ptr fs:[00000030h] |
1_2_00AE1608 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5A61C mov eax, dword ptr fs:[00000030h] |
1_2_00A5A61C |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5A61C mov eax, dword ptr fs:[00000030h] |
1_2_00A5A61C |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A3766D mov eax, dword ptr fs:[00000030h] |
1_2_00A3766D |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4AE73 mov eax, dword ptr fs:[00000030h] |
1_2_00A4AE73 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4AE73 mov eax, dword ptr fs:[00000030h] |
1_2_00A4AE73 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4AE73 mov eax, dword ptr fs:[00000030h] |
1_2_00A4AE73 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4AE73 mov eax, dword ptr fs:[00000030h] |
1_2_00A4AE73 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4AE73 mov eax, dword ptr fs:[00000030h] |
1_2_00A4AE73 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A37E41 mov eax, dword ptr fs:[00000030h] |
1_2_00A37E41 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A37E41 mov eax, dword ptr fs:[00000030h] |
1_2_00A37E41 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A37E41 mov eax, dword ptr fs:[00000030h] |
1_2_00A37E41 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A37E41 mov eax, dword ptr fs:[00000030h] |
1_2_00A37E41 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A37E41 mov eax, dword ptr fs:[00000030h] |
1_2_00A37E41 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A37E41 mov eax, dword ptr fs:[00000030h] |
1_2_00A37E41 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A38794 mov eax, dword ptr fs:[00000030h] |
1_2_00A38794 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA7794 mov eax, dword ptr fs:[00000030h] |
1_2_00AA7794 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA7794 mov eax, dword ptr fs:[00000030h] |
1_2_00AA7794 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AA7794 mov eax, dword ptr fs:[00000030h] |
1_2_00AA7794 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A637F5 mov eax, dword ptr fs:[00000030h] |
1_2_00A637F5 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A24F2E mov eax, dword ptr fs:[00000030h] |
1_2_00A24F2E |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A24F2E mov eax, dword ptr fs:[00000030h] |
1_2_00A24F2E |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5E730 mov eax, dword ptr fs:[00000030h] |
1_2_00A5E730 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF070D mov eax, dword ptr fs:[00000030h] |
1_2_00AF070D |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF070D mov eax, dword ptr fs:[00000030h] |
1_2_00AF070D |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5A70E mov eax, dword ptr fs:[00000030h] |
1_2_00A5A70E |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A5A70E mov eax, dword ptr fs:[00000030h] |
1_2_00A5A70E |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A4F716 mov eax, dword ptr fs:[00000030h] |
1_2_00A4F716 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ABFF10 mov eax, dword ptr fs:[00000030h] |
1_2_00ABFF10 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00ABFF10 mov eax, dword ptr fs:[00000030h] |
1_2_00ABFF10 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A3FF60 mov eax, dword ptr fs:[00000030h] |
1_2_00A3FF60 |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00AF8F6A mov eax, dword ptr fs:[00000030h] |
1_2_00AF8F6A |
| Source: C:\Users\user\Desktop\bhjRru88ej.exe |
Code function: 1_2_00A3EF40 mov eax, dword ptr fs:[00000030h] |
1_2_00A3EF40 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06CF0 mov eax, dword ptr fs:[00000030h] |
9_2_04F06CF0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06CF0 mov eax, dword ptr fs:[00000030h] |
9_2_04F06CF0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06CF0 mov eax, dword ptr fs:[00000030h] |
9_2_04F06CF0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E858EC mov eax, dword ptr fs:[00000030h] |
9_2_04E858EC |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F414FB mov eax, dword ptr fs:[00000030h] |
9_2_04F414FB |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F1B8D0 mov eax, dword ptr fs:[00000030h] |
9_2_04F1B8D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F1B8D0 mov ecx, dword ptr fs:[00000030h] |
9_2_04F1B8D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F1B8D0 mov eax, dword ptr fs:[00000030h] |
9_2_04F1B8D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F1B8D0 mov eax, dword ptr fs:[00000030h] |
9_2_04F1B8D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F1B8D0 mov eax, dword ptr fs:[00000030h] |
9_2_04F1B8D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F1B8D0 mov eax, dword ptr fs:[00000030h] |
9_2_04F1B8D0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F58CD6 mov eax, dword ptr fs:[00000030h] |
9_2_04F58CD6 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC90AF mov eax, dword ptr fs:[00000030h] |
9_2_04EC90AF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB20A0 mov eax, dword ptr fs:[00000030h] |
9_2_04EB20A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB20A0 mov eax, dword ptr fs:[00000030h] |
9_2_04EB20A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB20A0 mov eax, dword ptr fs:[00000030h] |
9_2_04EB20A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB20A0 mov eax, dword ptr fs:[00000030h] |
9_2_04EB20A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB20A0 mov eax, dword ptr fs:[00000030h] |
9_2_04EB20A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB20A0 mov eax, dword ptr fs:[00000030h] |
9_2_04EB20A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBF0BF mov ecx, dword ptr fs:[00000030h] |
9_2_04EBF0BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBF0BF mov eax, dword ptr fs:[00000030h] |
9_2_04EBF0BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBF0BF mov eax, dword ptr fs:[00000030h] |
9_2_04EBF0BF |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E89080 mov eax, dword ptr fs:[00000030h] |
9_2_04E89080 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E9849B mov eax, dword ptr fs:[00000030h] |
9_2_04E9849B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F03884 mov eax, dword ptr fs:[00000030h] |
9_2_04F03884 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F03884 mov eax, dword ptr fs:[00000030h] |
9_2_04F03884 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F51074 mov eax, dword ptr fs:[00000030h] |
9_2_04F51074 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F42073 mov eax, dword ptr fs:[00000030h] |
9_2_04F42073 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EA746D mov eax, dword ptr fs:[00000030h] |
9_2_04EA746D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBA44B mov eax, dword ptr fs:[00000030h] |
9_2_04EBA44B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F1C450 mov eax, dword ptr fs:[00000030h] |
9_2_04F1C450 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F1C450 mov eax, dword ptr fs:[00000030h] |
9_2_04F1C450 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EA0050 mov eax, dword ptr fs:[00000030h] |
9_2_04EA0050 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EA0050 mov eax, dword ptr fs:[00000030h] |
9_2_04EA0050 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E9B02A mov eax, dword ptr fs:[00000030h] |
9_2_04E9B02A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E9B02A mov eax, dword ptr fs:[00000030h] |
9_2_04E9B02A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E9B02A mov eax, dword ptr fs:[00000030h] |
9_2_04E9B02A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E9B02A mov eax, dword ptr fs:[00000030h] |
9_2_04E9B02A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB002D mov eax, dword ptr fs:[00000030h] |
9_2_04EB002D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB002D mov eax, dword ptr fs:[00000030h] |
9_2_04EB002D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB002D mov eax, dword ptr fs:[00000030h] |
9_2_04EB002D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB002D mov eax, dword ptr fs:[00000030h] |
9_2_04EB002D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB002D mov eax, dword ptr fs:[00000030h] |
9_2_04EB002D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBBC2C mov eax, dword ptr fs:[00000030h] |
9_2_04EBBC2C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F54015 mov eax, dword ptr fs:[00000030h] |
9_2_04F54015 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F54015 mov eax, dword ptr fs:[00000030h] |
9_2_04F54015 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F07016 mov eax, dword ptr fs:[00000030h] |
9_2_04F07016 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F07016 mov eax, dword ptr fs:[00000030h] |
9_2_04F07016 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F07016 mov eax, dword ptr fs:[00000030h] |
9_2_04F07016 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41C06 mov eax, dword ptr fs:[00000030h] |
9_2_04F41C06 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F5740D mov eax, dword ptr fs:[00000030h] |
9_2_04F5740D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F5740D mov eax, dword ptr fs:[00000030h] |
9_2_04F5740D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F5740D mov eax, dword ptr fs:[00000030h] |
9_2_04F5740D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06C0A mov eax, dword ptr fs:[00000030h] |
9_2_04F06C0A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06C0A mov eax, dword ptr fs:[00000030h] |
9_2_04F06C0A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06C0A mov eax, dword ptr fs:[00000030h] |
9_2_04F06C0A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06C0A mov eax, dword ptr fs:[00000030h] |
9_2_04F06C0A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F38DF1 mov eax, dword ptr fs:[00000030h] |
9_2_04F38DF1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8B1E1 mov eax, dword ptr fs:[00000030h] |
9_2_04E8B1E1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8B1E1 mov eax, dword ptr fs:[00000030h] |
9_2_04E8B1E1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8B1E1 mov eax, dword ptr fs:[00000030h] |
9_2_04E8B1E1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E9D5E0 mov eax, dword ptr fs:[00000030h] |
9_2_04E9D5E0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E9D5E0 mov eax, dword ptr fs:[00000030h] |
9_2_04E9D5E0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F4FDE2 mov eax, dword ptr fs:[00000030h] |
9_2_04F4FDE2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F4FDE2 mov eax, dword ptr fs:[00000030h] |
9_2_04F4FDE2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F4FDE2 mov eax, dword ptr fs:[00000030h] |
9_2_04F4FDE2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F4FDE2 mov eax, dword ptr fs:[00000030h] |
9_2_04F4FDE2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F141E8 mov eax, dword ptr fs:[00000030h] |
9_2_04F141E8 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06DC9 mov eax, dword ptr fs:[00000030h] |
9_2_04F06DC9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06DC9 mov eax, dword ptr fs:[00000030h] |
9_2_04F06DC9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06DC9 mov eax, dword ptr fs:[00000030h] |
9_2_04F06DC9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06DC9 mov ecx, dword ptr fs:[00000030h] |
9_2_04F06DC9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06DC9 mov eax, dword ptr fs:[00000030h] |
9_2_04F06DC9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F06DC9 mov eax, dword ptr fs:[00000030h] |
9_2_04F06DC9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB35A1 mov eax, dword ptr fs:[00000030h] |
9_2_04EB35A1 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB61A0 mov eax, dword ptr fs:[00000030h] |
9_2_04EB61A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB61A0 mov eax, dword ptr fs:[00000030h] |
9_2_04EB61A0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F051BE mov eax, dword ptr fs:[00000030h] |
9_2_04F051BE |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F051BE mov eax, dword ptr fs:[00000030h] |
9_2_04F051BE |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F051BE mov eax, dword ptr fs:[00000030h] |
9_2_04F051BE |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F051BE mov eax, dword ptr fs:[00000030h] |
9_2_04F051BE |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F069A6 mov eax, dword ptr fs:[00000030h] |
9_2_04F069A6 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F505AC mov eax, dword ptr fs:[00000030h] |
9_2_04F505AC |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F505AC mov eax, dword ptr fs:[00000030h] |
9_2_04F505AC |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB1DB5 mov eax, dword ptr fs:[00000030h] |
9_2_04EB1DB5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB1DB5 mov eax, dword ptr fs:[00000030h] |
9_2_04EB1DB5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB1DB5 mov eax, dword ptr fs:[00000030h] |
9_2_04EB1DB5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E82D8A mov eax, dword ptr fs:[00000030h] |
9_2_04E82D8A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E82D8A mov eax, dword ptr fs:[00000030h] |
9_2_04E82D8A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E82D8A mov eax, dword ptr fs:[00000030h] |
9_2_04E82D8A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E82D8A mov eax, dword ptr fs:[00000030h] |
9_2_04E82D8A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E82D8A mov eax, dword ptr fs:[00000030h] |
9_2_04E82D8A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EAC182 mov eax, dword ptr fs:[00000030h] |
9_2_04EAC182 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB2581 mov eax, dword ptr fs:[00000030h] |
9_2_04EB2581 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB2581 mov eax, dword ptr fs:[00000030h] |
9_2_04EB2581 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB2581 mov eax, dword ptr fs:[00000030h] |
9_2_04EB2581 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB2581 mov eax, dword ptr fs:[00000030h] |
9_2_04EB2581 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBA185 mov eax, dword ptr fs:[00000030h] |
9_2_04EBA185 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBFD9B mov eax, dword ptr fs:[00000030h] |
9_2_04EBFD9B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBFD9B mov eax, dword ptr fs:[00000030h] |
9_2_04EBFD9B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB2990 mov eax, dword ptr fs:[00000030h] |
9_2_04EB2990 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8C962 mov eax, dword ptr fs:[00000030h] |
9_2_04E8C962 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8B171 mov eax, dword ptr fs:[00000030h] |
9_2_04E8B171 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8B171 mov eax, dword ptr fs:[00000030h] |
9_2_04E8B171 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EAC577 mov eax, dword ptr fs:[00000030h] |
9_2_04EAC577 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EAC577 mov eax, dword ptr fs:[00000030h] |
9_2_04EAC577 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EAB944 mov eax, dword ptr fs:[00000030h] |
9_2_04EAB944 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EAB944 mov eax, dword ptr fs:[00000030h] |
9_2_04EAB944 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC3D43 mov eax, dword ptr fs:[00000030h] |
9_2_04EC3D43 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F03540 mov eax, dword ptr fs:[00000030h] |
9_2_04F03540 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EA7D50 mov eax, dword ptr fs:[00000030h] |
9_2_04EA7D50 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F58D34 mov eax, dword ptr fs:[00000030h] |
9_2_04F58D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F0A537 mov eax, dword ptr fs:[00000030h] |
9_2_04F0A537 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EA4120 mov eax, dword ptr fs:[00000030h] |
9_2_04EA4120 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EA4120 mov eax, dword ptr fs:[00000030h] |
9_2_04EA4120 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EA4120 mov eax, dword ptr fs:[00000030h] |
9_2_04EA4120 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EA4120 mov eax, dword ptr fs:[00000030h] |
9_2_04EA4120 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EA4120 mov ecx, dword ptr fs:[00000030h] |
9_2_04EA4120 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F4E539 mov eax, dword ptr fs:[00000030h] |
9_2_04F4E539 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB4D3B mov eax, dword ptr fs:[00000030h] |
9_2_04EB4D3B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB4D3B mov eax, dword ptr fs:[00000030h] |
9_2_04EB4D3B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB4D3B mov eax, dword ptr fs:[00000030h] |
9_2_04EB4D3B |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB513A mov eax, dword ptr fs:[00000030h] |
9_2_04EB513A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB513A mov eax, dword ptr fs:[00000030h] |
9_2_04EB513A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8AD30 mov eax, dword ptr fs:[00000030h] |
9_2_04E8AD30 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E93D34 mov eax, dword ptr fs:[00000030h] |
9_2_04E93D34 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E89100 mov eax, dword ptr fs:[00000030h] |
9_2_04E89100 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E89100 mov eax, dword ptr fs:[00000030h] |
9_2_04E89100 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E89100 mov eax, dword ptr fs:[00000030h] |
9_2_04E89100 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB16E0 mov ecx, dword ptr fs:[00000030h] |
9_2_04EB16E0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E976E2 mov eax, dword ptr fs:[00000030h] |
9_2_04E976E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB2AE4 mov eax, dword ptr fs:[00000030h] |
9_2_04EB2AE4 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB2ACB mov eax, dword ptr fs:[00000030h] |
9_2_04EB2ACB |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F58ED6 mov eax, dword ptr fs:[00000030h] |
9_2_04F58ED6 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB36CC mov eax, dword ptr fs:[00000030h] |
9_2_04EB36CC |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC8EC7 mov eax, dword ptr fs:[00000030h] |
9_2_04EC8EC7 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F3FEC0 mov eax, dword ptr fs:[00000030h] |
9_2_04F3FEC0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E852A5 mov eax, dword ptr fs:[00000030h] |
9_2_04E852A5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E852A5 mov eax, dword ptr fs:[00000030h] |
9_2_04E852A5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E852A5 mov eax, dword ptr fs:[00000030h] |
9_2_04E852A5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E852A5 mov eax, dword ptr fs:[00000030h] |
9_2_04E852A5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E852A5 mov eax, dword ptr fs:[00000030h] |
9_2_04E852A5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F50EA5 mov eax, dword ptr fs:[00000030h] |
9_2_04F50EA5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F50EA5 mov eax, dword ptr fs:[00000030h] |
9_2_04F50EA5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F50EA5 mov eax, dword ptr fs:[00000030h] |
9_2_04F50EA5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F046A7 mov eax, dword ptr fs:[00000030h] |
9_2_04F046A7 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E9AAB0 mov eax, dword ptr fs:[00000030h] |
9_2_04E9AAB0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E9AAB0 mov eax, dword ptr fs:[00000030h] |
9_2_04E9AAB0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBFAB0 mov eax, dword ptr fs:[00000030h] |
9_2_04EBFAB0 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F1FE87 mov eax, dword ptr fs:[00000030h] |
9_2_04F1FE87 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBD294 mov eax, dword ptr fs:[00000030h] |
9_2_04EBD294 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBD294 mov eax, dword ptr fs:[00000030h] |
9_2_04EBD294 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E9766D mov eax, dword ptr fs:[00000030h] |
9_2_04E9766D |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F3B260 mov eax, dword ptr fs:[00000030h] |
9_2_04F3B260 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F3B260 mov eax, dword ptr fs:[00000030h] |
9_2_04F3B260 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC927A mov eax, dword ptr fs:[00000030h] |
9_2_04EC927A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F58A62 mov eax, dword ptr fs:[00000030h] |
9_2_04F58A62 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EAAE73 mov eax, dword ptr fs:[00000030h] |
9_2_04EAAE73 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EAAE73 mov eax, dword ptr fs:[00000030h] |
9_2_04EAAE73 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EAAE73 mov eax, dword ptr fs:[00000030h] |
9_2_04EAAE73 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EAAE73 mov eax, dword ptr fs:[00000030h] |
9_2_04EAAE73 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EAAE73 mov eax, dword ptr fs:[00000030h] |
9_2_04EAAE73 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F4EA55 mov eax, dword ptr fs:[00000030h] |
9_2_04F4EA55 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F14257 mov eax, dword ptr fs:[00000030h] |
9_2_04F14257 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E89240 mov eax, dword ptr fs:[00000030h] |
9_2_04E89240 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E89240 mov eax, dword ptr fs:[00000030h] |
9_2_04E89240 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E89240 mov eax, dword ptr fs:[00000030h] |
9_2_04E89240 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E89240 mov eax, dword ptr fs:[00000030h] |
9_2_04E89240 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E97E41 mov eax, dword ptr fs:[00000030h] |
9_2_04E97E41 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E97E41 mov eax, dword ptr fs:[00000030h] |
9_2_04E97E41 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E97E41 mov eax, dword ptr fs:[00000030h] |
9_2_04E97E41 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E97E41 mov eax, dword ptr fs:[00000030h] |
9_2_04E97E41 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E97E41 mov eax, dword ptr fs:[00000030h] |
9_2_04E97E41 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E97E41 mov eax, dword ptr fs:[00000030h] |
9_2_04E97E41 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F4AE44 mov eax, dword ptr fs:[00000030h] |
9_2_04F4AE44 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F4AE44 mov eax, dword ptr fs:[00000030h] |
9_2_04F4AE44 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC4A2C mov eax, dword ptr fs:[00000030h] |
9_2_04EC4A2C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC4A2C mov eax, dword ptr fs:[00000030h] |
9_2_04EC4A2C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8E620 mov eax, dword ptr fs:[00000030h] |
9_2_04E8E620 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F3FE3F mov eax, dword ptr fs:[00000030h] |
9_2_04F3FE3F |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E98A0A mov eax, dword ptr fs:[00000030h] |
9_2_04E98A0A |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8C600 mov eax, dword ptr fs:[00000030h] |
9_2_04E8C600 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8C600 mov eax, dword ptr fs:[00000030h] |
9_2_04E8C600 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8C600 mov eax, dword ptr fs:[00000030h] |
9_2_04E8C600 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB8E00 mov eax, dword ptr fs:[00000030h] |
9_2_04EB8E00 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EA3A1C mov eax, dword ptr fs:[00000030h] |
9_2_04EA3A1C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBA61C mov eax, dword ptr fs:[00000030h] |
9_2_04EBA61C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EBA61C mov eax, dword ptr fs:[00000030h] |
9_2_04EBA61C |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E85210 mov eax, dword ptr fs:[00000030h] |
9_2_04E85210 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E85210 mov ecx, dword ptr fs:[00000030h] |
9_2_04E85210 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E85210 mov eax, dword ptr fs:[00000030h] |
9_2_04E85210 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E85210 mov eax, dword ptr fs:[00000030h] |
9_2_04E85210 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F41608 mov eax, dword ptr fs:[00000030h] |
9_2_04F41608 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8AA16 mov eax, dword ptr fs:[00000030h] |
9_2_04E8AA16 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04E8AA16 mov eax, dword ptr fs:[00000030h] |
9_2_04E8AA16 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EADBE9 mov eax, dword ptr fs:[00000030h] |
9_2_04EADBE9 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB03E2 mov eax, dword ptr fs:[00000030h] |
9_2_04EB03E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB03E2 mov eax, dword ptr fs:[00000030h] |
9_2_04EB03E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB03E2 mov eax, dword ptr fs:[00000030h] |
9_2_04EB03E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB03E2 mov eax, dword ptr fs:[00000030h] |
9_2_04EB03E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB03E2 mov eax, dword ptr fs:[00000030h] |
9_2_04EB03E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB03E2 mov eax, dword ptr fs:[00000030h] |
9_2_04EB03E2 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EC37F5 mov eax, dword ptr fs:[00000030h] |
9_2_04EC37F5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F053CA mov eax, dword ptr fs:[00000030h] |
9_2_04F053CA |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F053CA mov eax, dword ptr fs:[00000030h] |
9_2_04F053CA |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB4BAD mov eax, dword ptr fs:[00000030h] |
9_2_04EB4BAD |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB4BAD mov eax, dword ptr fs:[00000030h] |
9_2_04EB4BAD |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04EB4BAD mov eax, dword ptr fs:[00000030h] |
9_2_04EB4BAD |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F55BA5 mov eax, dword ptr fs:[00000030h] |
9_2_04F55BA5 |
| Source: C:\Windows\SysWOW64\colorcpl.exe |
Code function: 9_2_04F07794 mov eax, dword ptr fs:[00000030h] |
9_2_04F07794 |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet