Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 6.2.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 6.2.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.6.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.6.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 6.2.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 6.2.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000006.00000000.298321821.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000006.00000000.298321821.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000A.00000002.560174409.0000000000770000.00000040.00020000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000A.00000002.560174409.0000000000770000.00000040.00020000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000006.00000002.372897742.0000000001730000.00000040.00020000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000006.00000002.372897742.0000000001730000.00000040.00020000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000006.00000000.298732907.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000006.00000000.298732907.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000007.00000000.338321770.00000000100B5000.00000040.00020000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000007.00000000.338321770.00000000100B5000.00000040.00020000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000006.00000002.372402095.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000006.00000002.372402095.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000A.00000002.563987618.00000000007C0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000A.00000002.563987618.00000000007C0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000007.00000000.354531059.00000000100B5000.00000040.00020000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000007.00000000.354531059.00000000100B5000.00000040.00020000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000006.00000002.373637862.0000000001A90000.00000040.00020000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000006.00000002.373637862.0000000001A90000.00000040.00020000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000A.00000002.558246949.0000000000120000.00000040.00020000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000A.00000002.558246949.0000000000120000.00000040.00020000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.301296785.0000000004309000.00000004.00000001.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000000.00000002.301296785.0000000004309000.00000004.00000001.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 6.2.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 6.2.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 6.0.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 6.2.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 6.2.Solicitud urgente de Quotaion_U1197,pdf.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000006.00000000.298321821.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000006.00000000.298321821.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000A.00000002.560174409.0000000000770000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000A.00000002.560174409.0000000000770000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000006.00000002.372897742.0000000001730000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000006.00000002.372897742.0000000001730000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000006.00000000.298732907.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000006.00000000.298732907.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000007.00000000.338321770.00000000100B5000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000007.00000000.338321770.00000000100B5000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000006.00000002.372402095.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000006.00000002.372402095.0000000000400000.00000040.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000A.00000002.563987618.00000000007C0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000A.00000002.563987618.00000000007C0000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000007.00000000.354531059.00000000100B5000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000007.00000000.354531059.00000000100B5000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000006.00000002.373637862.0000000001A90000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000006.00000002.373637862.0000000001A90000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000A.00000002.558246949.0000000000120000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000A.00000002.558246949.0000000000120000.00000040.00020000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.301296785.0000000004309000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000000.00000002.301296785.0000000004309000.00000004.00000001.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: C:\Users\user\Desktop\Solicitud urgente de Quotaion_U1197,pdf.exe | Code function: 6_2_0041A360 NtCreateFile, | 6_2_0041A360 |
Source: C:\Users\user\Desktop\Solicitud urgente de Quotaion_U1197,pdf.exe | Code function: 6_2_0041A410 NtReadFile, | 6_2_0041A410 |
Source: C:\Users\user\Desktop\Solicitud urgente de Quotaion_U1197,pdf.exe | Code function: 6_2_0041A490 NtClose, | 6_2_0041A490 |
Source: C:\Users\user\Desktop\Solicitud urgente de Quotaion_U1197,pdf.exe | Code function: 6_2_0041A540 NtAllocateVirtualMemory, | 6_2_0041A540 |
Source: C:\Users\user\Desktop\Solicitud urgente de Quotaion_U1197,pdf.exe | Code function: 6_2_0041A3B3 NtReadFile, | 6_2_0041A3B3 |
Source: C:\Users\user\Desktop\Solicitud urgente de Quotaion_U1197,pdf.exe | Code function: 6_2_0041A40B NtReadFile, | 6_2_0041A40B |
Source: C:\Users\user\Desktop\Solicitud urgente de Quotaion_U1197,pdf.exe | Code function: 6_2_0041A53A NtAllocateVirtualMemory, | 6_2_0041A53A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649540 NtReadFile,LdrInitializeThunk, | 10_2_04649540 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046495D0 NtClose,LdrInitializeThunk, | 10_2_046495D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649660 NtAllocateVirtualMemory,LdrInitializeThunk, | 10_2_04649660 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649650 NtQueryValueKey,LdrInitializeThunk, | 10_2_04649650 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046496E0 NtFreeVirtualMemory,LdrInitializeThunk, | 10_2_046496E0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046496D0 NtCreateKey,LdrInitializeThunk, | 10_2_046496D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649710 NtQueryInformationToken,LdrInitializeThunk, | 10_2_04649710 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649FE0 NtCreateMutant,LdrInitializeThunk, | 10_2_04649FE0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649780 NtMapViewOfSection,LdrInitializeThunk, | 10_2_04649780 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649860 NtQuerySystemInformation,LdrInitializeThunk, | 10_2_04649860 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649840 NtDelayExecution,LdrInitializeThunk, | 10_2_04649840 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649910 NtAdjustPrivilegesToken,LdrInitializeThunk, | 10_2_04649910 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046499A0 NtCreateSection,LdrInitializeThunk, | 10_2_046499A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649A50 NtCreateFile,LdrInitializeThunk, | 10_2_04649A50 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649560 NtWriteFile, | 10_2_04649560 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649520 NtWaitForSingleObject, | 10_2_04649520 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0464AD30 NtSetContextThread, | 10_2_0464AD30 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046495F0 NtQueryInformationFile, | 10_2_046495F0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649670 NtQueryInformationProcess, | 10_2_04649670 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649610 NtEnumerateValueKey, | 10_2_04649610 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649760 NtOpenProcess, | 10_2_04649760 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0464A770 NtOpenThread, | 10_2_0464A770 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649770 NtSetInformationFile, | 10_2_04649770 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649730 NtQueryVirtualMemory, | 10_2_04649730 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0464A710 NtOpenProcessToken, | 10_2_0464A710 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046497A0 NtUnmapViewOfSection, | 10_2_046497A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0464B040 NtSuspendThread, | 10_2_0464B040 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649820 NtEnumerateKey, | 10_2_04649820 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046498F0 NtReadVirtualMemory, | 10_2_046498F0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046498A0 NtWriteVirtualMemory, | 10_2_046498A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649950 NtQueueApcThread, | 10_2_04649950 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046499D0 NtCreateProcessEx, | 10_2_046499D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649A20 NtResumeThread, | 10_2_04649A20 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649A00 NtProtectVirtualMemory, | 10_2_04649A00 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649A10 NtQuerySection, | 10_2_04649A10 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649A80 NtOpenDirectoryObject, | 10_2_04649A80 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04649B00 NtSetValueKey, | 10_2_04649B00 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0464A3B0 NtGetContextThread, | 10_2_0464A3B0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0013A360 NtCreateFile, | 10_2_0013A360 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0013A410 NtReadFile, | 10_2_0013A410 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0013A490 NtClose, | 10_2_0013A490 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0013A540 NtAllocateVirtualMemory, | 10_2_0013A540 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0013A3B3 NtReadFile, | 10_2_0013A3B3 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0013A40B NtReadFile, | 10_2_0013A40B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0013A53A NtAllocateVirtualMemory, | 10_2_0013A53A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462746D mov eax, dword ptr fs:[00000030h] | 10_2_0462746D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463A44B mov eax, dword ptr fs:[00000030h] | 10_2_0463A44B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0469C450 mov eax, dword ptr fs:[00000030h] | 10_2_0469C450 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0469C450 mov eax, dword ptr fs:[00000030h] | 10_2_0469C450 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463BC2C mov eax, dword ptr fs:[00000030h] | 10_2_0463BC2C |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D740D mov eax, dword ptr fs:[00000030h] | 10_2_046D740D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D740D mov eax, dword ptr fs:[00000030h] | 10_2_046D740D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D740D mov eax, dword ptr fs:[00000030h] | 10_2_046D740D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686C0A mov eax, dword ptr fs:[00000030h] | 10_2_04686C0A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686C0A mov eax, dword ptr fs:[00000030h] | 10_2_04686C0A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686C0A mov eax, dword ptr fs:[00000030h] | 10_2_04686C0A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686C0A mov eax, dword ptr fs:[00000030h] | 10_2_04686C0A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1C06 mov eax, dword ptr fs:[00000030h] | 10_2_046C1C06 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C14FB mov eax, dword ptr fs:[00000030h] | 10_2_046C14FB |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686CF0 mov eax, dword ptr fs:[00000030h] | 10_2_04686CF0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686CF0 mov eax, dword ptr fs:[00000030h] | 10_2_04686CF0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686CF0 mov eax, dword ptr fs:[00000030h] | 10_2_04686CF0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D8CD6 mov eax, dword ptr fs:[00000030h] | 10_2_046D8CD6 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0461849B mov eax, dword ptr fs:[00000030h] | 10_2_0461849B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462C577 mov eax, dword ptr fs:[00000030h] | 10_2_0462C577 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462C577 mov eax, dword ptr fs:[00000030h] | 10_2_0462C577 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04643D43 mov eax, dword ptr fs:[00000030h] | 10_2_04643D43 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04683540 mov eax, dword ptr fs:[00000030h] | 10_2_04683540 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046B3D40 mov eax, dword ptr fs:[00000030h] | 10_2_046B3D40 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04627D50 mov eax, dword ptr fs:[00000030h] | 10_2_04627D50 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460AD30 mov eax, dword ptr fs:[00000030h] | 10_2_0460AD30 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04613D34 mov eax, dword ptr fs:[00000030h] | 10_2_04613D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046CE539 mov eax, dword ptr fs:[00000030h] | 10_2_046CE539 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04634D3B mov eax, dword ptr fs:[00000030h] | 10_2_04634D3B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04634D3B mov eax, dword ptr fs:[00000030h] | 10_2_04634D3B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04634D3B mov eax, dword ptr fs:[00000030h] | 10_2_04634D3B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D8D34 mov eax, dword ptr fs:[00000030h] | 10_2_046D8D34 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0468A537 mov eax, dword ptr fs:[00000030h] | 10_2_0468A537 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0461D5E0 mov eax, dword ptr fs:[00000030h] | 10_2_0461D5E0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0461D5E0 mov eax, dword ptr fs:[00000030h] | 10_2_0461D5E0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046CFDE2 mov eax, dword ptr fs:[00000030h] | 10_2_046CFDE2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046CFDE2 mov eax, dword ptr fs:[00000030h] | 10_2_046CFDE2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046CFDE2 mov eax, dword ptr fs:[00000030h] | 10_2_046CFDE2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046CFDE2 mov eax, dword ptr fs:[00000030h] | 10_2_046CFDE2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046B8DF1 mov eax, dword ptr fs:[00000030h] | 10_2_046B8DF1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686DC9 mov eax, dword ptr fs:[00000030h] | 10_2_04686DC9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686DC9 mov eax, dword ptr fs:[00000030h] | 10_2_04686DC9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686DC9 mov eax, dword ptr fs:[00000030h] | 10_2_04686DC9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686DC9 mov ecx, dword ptr fs:[00000030h] | 10_2_04686DC9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686DC9 mov eax, dword ptr fs:[00000030h] | 10_2_04686DC9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04686DC9 mov eax, dword ptr fs:[00000030h] | 10_2_04686DC9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D05AC mov eax, dword ptr fs:[00000030h] | 10_2_046D05AC |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D05AC mov eax, dword ptr fs:[00000030h] | 10_2_046D05AC |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046335A1 mov eax, dword ptr fs:[00000030h] | 10_2_046335A1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04631DB5 mov eax, dword ptr fs:[00000030h] | 10_2_04631DB5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04631DB5 mov eax, dword ptr fs:[00000030h] | 10_2_04631DB5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04631DB5 mov eax, dword ptr fs:[00000030h] | 10_2_04631DB5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04632581 mov eax, dword ptr fs:[00000030h] | 10_2_04632581 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04632581 mov eax, dword ptr fs:[00000030h] | 10_2_04632581 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04632581 mov eax, dword ptr fs:[00000030h] | 10_2_04632581 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04632581 mov eax, dword ptr fs:[00000030h] | 10_2_04632581 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04602D8A mov eax, dword ptr fs:[00000030h] | 10_2_04602D8A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04602D8A mov eax, dword ptr fs:[00000030h] | 10_2_04602D8A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04602D8A mov eax, dword ptr fs:[00000030h] | 10_2_04602D8A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04602D8A mov eax, dword ptr fs:[00000030h] | 10_2_04602D8A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04602D8A mov eax, dword ptr fs:[00000030h] | 10_2_04602D8A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463FD9B mov eax, dword ptr fs:[00000030h] | 10_2_0463FD9B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463FD9B mov eax, dword ptr fs:[00000030h] | 10_2_0463FD9B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0461766D mov eax, dword ptr fs:[00000030h] | 10_2_0461766D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462AE73 mov eax, dword ptr fs:[00000030h] | 10_2_0462AE73 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462AE73 mov eax, dword ptr fs:[00000030h] | 10_2_0462AE73 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462AE73 mov eax, dword ptr fs:[00000030h] | 10_2_0462AE73 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462AE73 mov eax, dword ptr fs:[00000030h] | 10_2_0462AE73 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462AE73 mov eax, dword ptr fs:[00000030h] | 10_2_0462AE73 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04617E41 mov eax, dword ptr fs:[00000030h] | 10_2_04617E41 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04617E41 mov eax, dword ptr fs:[00000030h] | 10_2_04617E41 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04617E41 mov eax, dword ptr fs:[00000030h] | 10_2_04617E41 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04617E41 mov eax, dword ptr fs:[00000030h] | 10_2_04617E41 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04617E41 mov eax, dword ptr fs:[00000030h] | 10_2_04617E41 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04617E41 mov eax, dword ptr fs:[00000030h] | 10_2_04617E41 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046CAE44 mov eax, dword ptr fs:[00000030h] | 10_2_046CAE44 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046CAE44 mov eax, dword ptr fs:[00000030h] | 10_2_046CAE44 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460E620 mov eax, dword ptr fs:[00000030h] | 10_2_0460E620 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046BFE3F mov eax, dword ptr fs:[00000030h] | 10_2_046BFE3F |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460C600 mov eax, dword ptr fs:[00000030h] | 10_2_0460C600 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460C600 mov eax, dword ptr fs:[00000030h] | 10_2_0460C600 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460C600 mov eax, dword ptr fs:[00000030h] | 10_2_0460C600 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04638E00 mov eax, dword ptr fs:[00000030h] | 10_2_04638E00 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C1608 mov eax, dword ptr fs:[00000030h] | 10_2_046C1608 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463A61C mov eax, dword ptr fs:[00000030h] | 10_2_0463A61C |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463A61C mov eax, dword ptr fs:[00000030h] | 10_2_0463A61C |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046316E0 mov ecx, dword ptr fs:[00000030h] | 10_2_046316E0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046176E2 mov eax, dword ptr fs:[00000030h] | 10_2_046176E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04648EC7 mov eax, dword ptr fs:[00000030h] | 10_2_04648EC7 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046BFEC0 mov eax, dword ptr fs:[00000030h] | 10_2_046BFEC0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046336CC mov eax, dword ptr fs:[00000030h] | 10_2_046336CC |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D8ED6 mov eax, dword ptr fs:[00000030h] | 10_2_046D8ED6 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D0EA5 mov eax, dword ptr fs:[00000030h] | 10_2_046D0EA5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D0EA5 mov eax, dword ptr fs:[00000030h] | 10_2_046D0EA5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D0EA5 mov eax, dword ptr fs:[00000030h] | 10_2_046D0EA5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046846A7 mov eax, dword ptr fs:[00000030h] | 10_2_046846A7 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0469FE87 mov eax, dword ptr fs:[00000030h] | 10_2_0469FE87 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0461FF60 mov eax, dword ptr fs:[00000030h] | 10_2_0461FF60 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D8F6A mov eax, dword ptr fs:[00000030h] | 10_2_046D8F6A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0461EF40 mov eax, dword ptr fs:[00000030h] | 10_2_0461EF40 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04604F2E mov eax, dword ptr fs:[00000030h] | 10_2_04604F2E |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04604F2E mov eax, dword ptr fs:[00000030h] | 10_2_04604F2E |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463E730 mov eax, dword ptr fs:[00000030h] | 10_2_0463E730 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D070D mov eax, dword ptr fs:[00000030h] | 10_2_046D070D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D070D mov eax, dword ptr fs:[00000030h] | 10_2_046D070D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463A70E mov eax, dword ptr fs:[00000030h] | 10_2_0463A70E |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463A70E mov eax, dword ptr fs:[00000030h] | 10_2_0463A70E |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462F716 mov eax, dword ptr fs:[00000030h] | 10_2_0462F716 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0469FF10 mov eax, dword ptr fs:[00000030h] | 10_2_0469FF10 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0469FF10 mov eax, dword ptr fs:[00000030h] | 10_2_0469FF10 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046437F5 mov eax, dword ptr fs:[00000030h] | 10_2_046437F5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04618794 mov eax, dword ptr fs:[00000030h] | 10_2_04618794 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04687794 mov eax, dword ptr fs:[00000030h] | 10_2_04687794 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04687794 mov eax, dword ptr fs:[00000030h] | 10_2_04687794 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04687794 mov eax, dword ptr fs:[00000030h] | 10_2_04687794 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D1074 mov eax, dword ptr fs:[00000030h] | 10_2_046D1074 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C2073 mov eax, dword ptr fs:[00000030h] | 10_2_046C2073 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04620050 mov eax, dword ptr fs:[00000030h] | 10_2_04620050 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04620050 mov eax, dword ptr fs:[00000030h] | 10_2_04620050 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0461B02A mov eax, dword ptr fs:[00000030h] | 10_2_0461B02A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0461B02A mov eax, dword ptr fs:[00000030h] | 10_2_0461B02A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0461B02A mov eax, dword ptr fs:[00000030h] | 10_2_0461B02A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0461B02A mov eax, dword ptr fs:[00000030h] | 10_2_0461B02A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463002D mov eax, dword ptr fs:[00000030h] | 10_2_0463002D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463002D mov eax, dword ptr fs:[00000030h] | 10_2_0463002D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463002D mov eax, dword ptr fs:[00000030h] | 10_2_0463002D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463002D mov eax, dword ptr fs:[00000030h] | 10_2_0463002D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463002D mov eax, dword ptr fs:[00000030h] | 10_2_0463002D |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D4015 mov eax, dword ptr fs:[00000030h] | 10_2_046D4015 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D4015 mov eax, dword ptr fs:[00000030h] | 10_2_046D4015 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04687016 mov eax, dword ptr fs:[00000030h] | 10_2_04687016 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04687016 mov eax, dword ptr fs:[00000030h] | 10_2_04687016 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04687016 mov eax, dword ptr fs:[00000030h] | 10_2_04687016 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046040E1 mov eax, dword ptr fs:[00000030h] | 10_2_046040E1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046040E1 mov eax, dword ptr fs:[00000030h] | 10_2_046040E1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046040E1 mov eax, dword ptr fs:[00000030h] | 10_2_046040E1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046058EC mov eax, dword ptr fs:[00000030h] | 10_2_046058EC |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0469B8D0 mov eax, dword ptr fs:[00000030h] | 10_2_0469B8D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0469B8D0 mov ecx, dword ptr fs:[00000030h] | 10_2_0469B8D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0469B8D0 mov eax, dword ptr fs:[00000030h] | 10_2_0469B8D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0469B8D0 mov eax, dword ptr fs:[00000030h] | 10_2_0469B8D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0469B8D0 mov eax, dword ptr fs:[00000030h] | 10_2_0469B8D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0469B8D0 mov eax, dword ptr fs:[00000030h] | 10_2_0469B8D0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046320A0 mov eax, dword ptr fs:[00000030h] | 10_2_046320A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046320A0 mov eax, dword ptr fs:[00000030h] | 10_2_046320A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046320A0 mov eax, dword ptr fs:[00000030h] | 10_2_046320A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046320A0 mov eax, dword ptr fs:[00000030h] | 10_2_046320A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046320A0 mov eax, dword ptr fs:[00000030h] | 10_2_046320A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046320A0 mov eax, dword ptr fs:[00000030h] | 10_2_046320A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046490AF mov eax, dword ptr fs:[00000030h] | 10_2_046490AF |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463F0BF mov ecx, dword ptr fs:[00000030h] | 10_2_0463F0BF |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463F0BF mov eax, dword ptr fs:[00000030h] | 10_2_0463F0BF |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463F0BF mov eax, dword ptr fs:[00000030h] | 10_2_0463F0BF |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04609080 mov eax, dword ptr fs:[00000030h] | 10_2_04609080 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04683884 mov eax, dword ptr fs:[00000030h] | 10_2_04683884 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04683884 mov eax, dword ptr fs:[00000030h] | 10_2_04683884 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460C962 mov eax, dword ptr fs:[00000030h] | 10_2_0460C962 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460B171 mov eax, dword ptr fs:[00000030h] | 10_2_0460B171 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460B171 mov eax, dword ptr fs:[00000030h] | 10_2_0460B171 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462B944 mov eax, dword ptr fs:[00000030h] | 10_2_0462B944 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462B944 mov eax, dword ptr fs:[00000030h] | 10_2_0462B944 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04624120 mov eax, dword ptr fs:[00000030h] | 10_2_04624120 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04624120 mov eax, dword ptr fs:[00000030h] | 10_2_04624120 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04624120 mov eax, dword ptr fs:[00000030h] | 10_2_04624120 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04624120 mov eax, dword ptr fs:[00000030h] | 10_2_04624120 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04624120 mov ecx, dword ptr fs:[00000030h] | 10_2_04624120 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463513A mov eax, dword ptr fs:[00000030h] | 10_2_0463513A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463513A mov eax, dword ptr fs:[00000030h] | 10_2_0463513A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04609100 mov eax, dword ptr fs:[00000030h] | 10_2_04609100 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04609100 mov eax, dword ptr fs:[00000030h] | 10_2_04609100 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04609100 mov eax, dword ptr fs:[00000030h] | 10_2_04609100 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046941E8 mov eax, dword ptr fs:[00000030h] | 10_2_046941E8 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460B1E1 mov eax, dword ptr fs:[00000030h] | 10_2_0460B1E1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460B1E1 mov eax, dword ptr fs:[00000030h] | 10_2_0460B1E1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460B1E1 mov eax, dword ptr fs:[00000030h] | 10_2_0460B1E1 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046361A0 mov eax, dword ptr fs:[00000030h] | 10_2_046361A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046361A0 mov eax, dword ptr fs:[00000030h] | 10_2_046361A0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C49A4 mov eax, dword ptr fs:[00000030h] | 10_2_046C49A4 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C49A4 mov eax, dword ptr fs:[00000030h] | 10_2_046C49A4 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C49A4 mov eax, dword ptr fs:[00000030h] | 10_2_046C49A4 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C49A4 mov eax, dword ptr fs:[00000030h] | 10_2_046C49A4 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046869A6 mov eax, dword ptr fs:[00000030h] | 10_2_046869A6 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046851BE mov eax, dword ptr fs:[00000030h] | 10_2_046851BE |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046851BE mov eax, dword ptr fs:[00000030h] | 10_2_046851BE |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046851BE mov eax, dword ptr fs:[00000030h] | 10_2_046851BE |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046851BE mov eax, dword ptr fs:[00000030h] | 10_2_046851BE |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462C182 mov eax, dword ptr fs:[00000030h] | 10_2_0462C182 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463A185 mov eax, dword ptr fs:[00000030h] | 10_2_0463A185 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04632990 mov eax, dword ptr fs:[00000030h] | 10_2_04632990 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046BB260 mov eax, dword ptr fs:[00000030h] | 10_2_046BB260 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046BB260 mov eax, dword ptr fs:[00000030h] | 10_2_046BB260 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D8A62 mov eax, dword ptr fs:[00000030h] | 10_2_046D8A62 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0464927A mov eax, dword ptr fs:[00000030h] | 10_2_0464927A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04609240 mov eax, dword ptr fs:[00000030h] | 10_2_04609240 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04609240 mov eax, dword ptr fs:[00000030h] | 10_2_04609240 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04609240 mov eax, dword ptr fs:[00000030h] | 10_2_04609240 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04609240 mov eax, dword ptr fs:[00000030h] | 10_2_04609240 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046CEA55 mov eax, dword ptr fs:[00000030h] | 10_2_046CEA55 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04694257 mov eax, dword ptr fs:[00000030h] | 10_2_04694257 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04644A2C mov eax, dword ptr fs:[00000030h] | 10_2_04644A2C |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04644A2C mov eax, dword ptr fs:[00000030h] | 10_2_04644A2C |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04618A0A mov eax, dword ptr fs:[00000030h] | 10_2_04618A0A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04605210 mov eax, dword ptr fs:[00000030h] | 10_2_04605210 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04605210 mov ecx, dword ptr fs:[00000030h] | 10_2_04605210 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04605210 mov eax, dword ptr fs:[00000030h] | 10_2_04605210 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04605210 mov eax, dword ptr fs:[00000030h] | 10_2_04605210 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460AA16 mov eax, dword ptr fs:[00000030h] | 10_2_0460AA16 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460AA16 mov eax, dword ptr fs:[00000030h] | 10_2_0460AA16 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046CAA16 mov eax, dword ptr fs:[00000030h] | 10_2_046CAA16 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046CAA16 mov eax, dword ptr fs:[00000030h] | 10_2_046CAA16 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04623A1C mov eax, dword ptr fs:[00000030h] | 10_2_04623A1C |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04632AE4 mov eax, dword ptr fs:[00000030h] | 10_2_04632AE4 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04632ACB mov eax, dword ptr fs:[00000030h] | 10_2_04632ACB |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046052A5 mov eax, dword ptr fs:[00000030h] | 10_2_046052A5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046052A5 mov eax, dword ptr fs:[00000030h] | 10_2_046052A5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046052A5 mov eax, dword ptr fs:[00000030h] | 10_2_046052A5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046052A5 mov eax, dword ptr fs:[00000030h] | 10_2_046052A5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046052A5 mov eax, dword ptr fs:[00000030h] | 10_2_046052A5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0461AAB0 mov eax, dword ptr fs:[00000030h] | 10_2_0461AAB0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0461AAB0 mov eax, dword ptr fs:[00000030h] | 10_2_0461AAB0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463FAB0 mov eax, dword ptr fs:[00000030h] | 10_2_0463FAB0 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463D294 mov eax, dword ptr fs:[00000030h] | 10_2_0463D294 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463D294 mov eax, dword ptr fs:[00000030h] | 10_2_0463D294 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460DB60 mov ecx, dword ptr fs:[00000030h] | 10_2_0460DB60 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04633B7A mov eax, dword ptr fs:[00000030h] | 10_2_04633B7A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04633B7A mov eax, dword ptr fs:[00000030h] | 10_2_04633B7A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460DB40 mov eax, dword ptr fs:[00000030h] | 10_2_0460DB40 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D8B58 mov eax, dword ptr fs:[00000030h] | 10_2_046D8B58 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0460F358 mov eax, dword ptr fs:[00000030h] | 10_2_0460F358 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C131B mov eax, dword ptr fs:[00000030h] | 10_2_046C131B |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046303E2 mov eax, dword ptr fs:[00000030h] | 10_2_046303E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046303E2 mov eax, dword ptr fs:[00000030h] | 10_2_046303E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046303E2 mov eax, dword ptr fs:[00000030h] | 10_2_046303E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046303E2 mov eax, dword ptr fs:[00000030h] | 10_2_046303E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046303E2 mov eax, dword ptr fs:[00000030h] | 10_2_046303E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046303E2 mov eax, dword ptr fs:[00000030h] | 10_2_046303E2 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0462DBE9 mov eax, dword ptr fs:[00000030h] | 10_2_0462DBE9 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046853CA mov eax, dword ptr fs:[00000030h] | 10_2_046853CA |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046853CA mov eax, dword ptr fs:[00000030h] | 10_2_046853CA |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046D5BA5 mov eax, dword ptr fs:[00000030h] | 10_2_046D5BA5 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04634BAD mov eax, dword ptr fs:[00000030h] | 10_2_04634BAD |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04634BAD mov eax, dword ptr fs:[00000030h] | 10_2_04634BAD |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04634BAD mov eax, dword ptr fs:[00000030h] | 10_2_04634BAD |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046C138A mov eax, dword ptr fs:[00000030h] | 10_2_046C138A |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_046BD380 mov ecx, dword ptr fs:[00000030h] | 10_2_046BD380 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04611B8F mov eax, dword ptr fs:[00000030h] | 10_2_04611B8F |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04611B8F mov eax, dword ptr fs:[00000030h] | 10_2_04611B8F |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_0463B390 mov eax, dword ptr fs:[00000030h] | 10_2_0463B390 |
Source: C:\Windows\SysWOW64\msdt.exe | Code function: 10_2_04632397 mov eax, dword ptr fs:[00000030h] | 10_2_04632397 |