| Source: 15.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 15.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 5.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 5.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 15.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 15.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 5.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 5.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 15.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 15.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 5.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 5.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 15.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 15.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 5.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 5.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 5.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 5.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 5.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 5.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 5.2.DpiScaling.exe.72480000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 5.2.DpiScaling.exe.72480000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 5.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 5.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 15.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 15.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 15.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 15.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 15.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 15.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.2.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.2.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 15.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 15.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 15.2.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 15.2.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 5.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 5.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 15.2.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 15.2.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.2.logagent.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.2.logagent.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 5.2.DpiScaling.exe.72480000.4.unpack, type: UNPACKEDPE |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 5.2.DpiScaling.exe.72480000.4.unpack, type: UNPACKEDPE |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 0000000F.00000000.810820140.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 0000000F.00000000.810820140.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000010.00000002.980408969.0000000002C60000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000010.00000002.980408969.0000000002C60000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000005.00000002.826394913.0000000004B90000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000005.00000002.826394913.0000000004B90000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000006.00000000.772008503.000000000E9DF000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000006.00000000.772008503.000000000E9DF000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000005.00000000.714097353.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000005.00000000.714097353.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000010.00000002.979059154.0000000000800000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000010.00000002.979059154.0000000000800000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000006.00000000.749509351.000000000E9DF000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000006.00000000.749509351.000000000E9DF000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000014.00000000.836253520.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000014.00000000.836253520.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 0000000F.00000002.860879140.0000000000E90000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 0000000F.00000002.860879140.0000000000E90000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 0000000F.00000000.810315428.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 0000000F.00000000.810315428.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 0000000F.00000002.864516356.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 0000000F.00000002.864516356.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 0000000F.00000000.811363392.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 0000000F.00000000.811363392.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000005.00000000.714755943.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000005.00000000.714755943.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 0000000F.00000002.860188435.0000000000E60000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 0000000F.00000002.860188435.0000000000E60000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000014.00000002.844946988.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000014.00000002.844946988.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000005.00000000.714442633.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000005.00000000.714442633.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000010.00000002.980367511.0000000002C30000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000010.00000002.980367511.0000000002C30000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 0000000F.00000000.811926457.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 0000000F.00000000.811926457.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000005.00000000.713760138.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000005.00000000.713760138.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000005.00000002.826540547.0000000004BF0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000005.00000002.826540547.0000000004BF0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000005.00000002.830080872.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000005.00000002.830080872.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000014.00000000.835723366.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000014.00000000.835723366.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000016.00000002.863247728.0000000003280000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000016.00000002.863247728.0000000003280000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000014.00000000.836796283.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000014.00000000.836796283.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000014.00000000.837305764.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000014.00000000.837305764.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 15.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 15.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 5.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 5.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 15.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 15.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 5.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 5.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 15.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 15.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 5.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 5.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 15.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 15.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 5.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 5.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 5.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 5.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 5.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 5.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 5.2.DpiScaling.exe.72480000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 5.2.DpiScaling.exe.72480000.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 5.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 5.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 15.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 15.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 15.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 15.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 15.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 15.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.2.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.2.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 15.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 15.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 15.2.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 15.2.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 5.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 5.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 15.2.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 15.2.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.2.logagent.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.2.logagent.exe.72480000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 5.2.DpiScaling.exe.72480000.4.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 5.2.DpiScaling.exe.72480000.4.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000F.00000000.810820140.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000F.00000000.810820140.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000010.00000002.980408969.0000000002C60000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000010.00000002.980408969.0000000002C60000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000005.00000002.826394913.0000000004B90000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000005.00000002.826394913.0000000004B90000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000006.00000000.772008503.000000000E9DF000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000006.00000000.772008503.000000000E9DF000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000005.00000000.714097353.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000005.00000000.714097353.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000010.00000002.979059154.0000000000800000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000010.00000002.979059154.0000000000800000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000006.00000000.749509351.000000000E9DF000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000006.00000000.749509351.000000000E9DF000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000014.00000000.836253520.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000014.00000000.836253520.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000F.00000002.860879140.0000000000E90000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000F.00000002.860879140.0000000000E90000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000F.00000000.810315428.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000F.00000000.810315428.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000F.00000002.864516356.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000F.00000002.864516356.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000F.00000000.811363392.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000F.00000000.811363392.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000005.00000000.714755943.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000005.00000000.714755943.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000F.00000002.860188435.0000000000E60000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000F.00000002.860188435.0000000000E60000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000014.00000002.844946988.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000014.00000002.844946988.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000005.00000000.714442633.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000005.00000000.714442633.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000010.00000002.980367511.0000000002C30000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000010.00000002.980367511.0000000002C30000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 0000000F.00000000.811926457.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 0000000F.00000000.811926457.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000005.00000000.713760138.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000005.00000000.713760138.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000005.00000002.826540547.0000000004BF0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000005.00000002.826540547.0000000004BF0000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000005.00000002.830080872.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000005.00000002.830080872.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000014.00000000.835723366.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000014.00000000.835723366.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000016.00000002.863247728.0000000003280000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000016.00000002.863247728.0000000003280000.00000040.00020000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000014.00000000.836796283.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000014.00000000.836796283.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000014.00000000.837305764.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000014.00000000.837305764.0000000072480000.00000040.00000001.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: C:\Users\user\Contacts\cynnekhsjA.url, type: DROPPED |
Matched rule: Methodology_Shortcut_HotKey author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
| Source: C:\Users\user\Contacts\cynnekhsjA.url, type: DROPPED |
Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6CF0 mov eax, dword ptr fs:[00000030h] |
5_2_04FD6CF0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6CF0 mov eax, dword ptr fs:[00000030h] |
5_2_04FD6CF0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6CF0 mov eax, dword ptr fs:[00000030h] |
5_2_04FD6CF0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05028D34 mov eax, dword ptr fs:[00000030h] |
5_2_05028D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0501E539 mov eax, dword ptr fs:[00000030h] |
5_2_0501E539 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05003D40 mov eax, dword ptr fs:[00000030h] |
5_2_05003D40 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F6849B mov eax, dword ptr fs:[00000030h] |
5_2_04F6849B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7746D mov eax, dword ptr fs:[00000030h] |
5_2_04F7746D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FEC450 mov eax, dword ptr fs:[00000030h] |
5_2_04FEC450 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FEC450 mov eax, dword ptr fs:[00000030h] |
5_2_04FEC450 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_050205AC mov eax, dword ptr fs:[00000030h] |
5_2_050205AC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_050205AC mov eax, dword ptr fs:[00000030h] |
5_2_050205AC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8A44B mov eax, dword ptr fs:[00000030h] |
5_2_04F8A44B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8BC2C mov eax, dword ptr fs:[00000030h] |
5_2_04F8BC2C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0501FDE2 mov eax, dword ptr fs:[00000030h] |
5_2_0501FDE2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0501FDE2 mov eax, dword ptr fs:[00000030h] |
5_2_0501FDE2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0501FDE2 mov eax, dword ptr fs:[00000030h] |
5_2_0501FDE2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0501FDE2 mov eax, dword ptr fs:[00000030h] |
5_2_0501FDE2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05008DF1 mov eax, dword ptr fs:[00000030h] |
5_2_05008DF1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6C0A mov eax, dword ptr fs:[00000030h] |
5_2_04FD6C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6C0A mov eax, dword ptr fs:[00000030h] |
5_2_04FD6C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6C0A mov eax, dword ptr fs:[00000030h] |
5_2_04FD6C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6C0A mov eax, dword ptr fs:[00000030h] |
5_2_04FD6C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011C06 mov eax, dword ptr fs:[00000030h] |
5_2_05011C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0502740D mov eax, dword ptr fs:[00000030h] |
5_2_0502740D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0502740D mov eax, dword ptr fs:[00000030h] |
5_2_0502740D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0502740D mov eax, dword ptr fs:[00000030h] |
5_2_0502740D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F6D5E0 mov eax, dword ptr fs:[00000030h] |
5_2_04F6D5E0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F6D5E0 mov eax, dword ptr fs:[00000030h] |
5_2_04F6D5E0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6DC9 mov eax, dword ptr fs:[00000030h] |
5_2_04FD6DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6DC9 mov eax, dword ptr fs:[00000030h] |
5_2_04FD6DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6DC9 mov eax, dword ptr fs:[00000030h] |
5_2_04FD6DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6DC9 mov ecx, dword ptr fs:[00000030h] |
5_2_04FD6DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6DC9 mov eax, dword ptr fs:[00000030h] |
5_2_04FD6DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD6DC9 mov eax, dword ptr fs:[00000030h] |
5_2_04FD6DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F81DB5 mov eax, dword ptr fs:[00000030h] |
5_2_04F81DB5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F81DB5 mov eax, dword ptr fs:[00000030h] |
5_2_04F81DB5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F81DB5 mov eax, dword ptr fs:[00000030h] |
5_2_04F81DB5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F835A1 mov eax, dword ptr fs:[00000030h] |
5_2_04F835A1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8FD9B mov eax, dword ptr fs:[00000030h] |
5_2_04F8FD9B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8FD9B mov eax, dword ptr fs:[00000030h] |
5_2_04F8FD9B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F82581 mov eax, dword ptr fs:[00000030h] |
5_2_04F82581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F82581 mov eax, dword ptr fs:[00000030h] |
5_2_04F82581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F82581 mov eax, dword ptr fs:[00000030h] |
5_2_04F82581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F82581 mov eax, dword ptr fs:[00000030h] |
5_2_04F82581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F52D8A mov eax, dword ptr fs:[00000030h] |
5_2_04F52D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F52D8A mov eax, dword ptr fs:[00000030h] |
5_2_04F52D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F52D8A mov eax, dword ptr fs:[00000030h] |
5_2_04F52D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F52D8A mov eax, dword ptr fs:[00000030h] |
5_2_04F52D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F52D8A mov eax, dword ptr fs:[00000030h] |
5_2_04F52D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7C577 mov eax, dword ptr fs:[00000030h] |
5_2_04F7C577 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7C577 mov eax, dword ptr fs:[00000030h] |
5_2_04F7C577 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F77D50 mov eax, dword ptr fs:[00000030h] |
5_2_04F77D50 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F93D43 mov eax, dword ptr fs:[00000030h] |
5_2_04F93D43 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD3540 mov eax, dword ptr fs:[00000030h] |
5_2_04FD3540 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F63D34 mov eax, dword ptr fs:[00000030h] |
5_2_04F63D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F84D3B mov eax, dword ptr fs:[00000030h] |
5_2_04F84D3B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F84D3B mov eax, dword ptr fs:[00000030h] |
5_2_04F84D3B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F84D3B mov eax, dword ptr fs:[00000030h] |
5_2_04F84D3B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5AD30 mov eax, dword ptr fs:[00000030h] |
5_2_04F5AD30 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FDA537 mov eax, dword ptr fs:[00000030h] |
5_2_04FDA537 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05028CD6 mov eax, dword ptr fs:[00000030h] |
5_2_05028CD6 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_050114FB mov eax, dword ptr fs:[00000030h] |
5_2_050114FB |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0502070D mov eax, dword ptr fs:[00000030h] |
5_2_0502070D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0502070D mov eax, dword ptr fs:[00000030h] |
5_2_0502070D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F676E2 mov eax, dword ptr fs:[00000030h] |
5_2_04F676E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F816E0 mov ecx, dword ptr fs:[00000030h] |
5_2_04F816E0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F836CC mov eax, dword ptr fs:[00000030h] |
5_2_04F836CC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F98EC7 mov eax, dword ptr fs:[00000030h] |
5_2_04F98EC7 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD46A7 mov eax, dword ptr fs:[00000030h] |
5_2_04FD46A7 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05028F6A mov eax, dword ptr fs:[00000030h] |
5_2_05028F6A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FEFE87 mov eax, dword ptr fs:[00000030h] |
5_2_04FEFE87 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7AE73 mov eax, dword ptr fs:[00000030h] |
5_2_04F7AE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7AE73 mov eax, dword ptr fs:[00000030h] |
5_2_04F7AE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7AE73 mov eax, dword ptr fs:[00000030h] |
5_2_04F7AE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7AE73 mov eax, dword ptr fs:[00000030h] |
5_2_04F7AE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7AE73 mov eax, dword ptr fs:[00000030h] |
5_2_04F7AE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F6766D mov eax, dword ptr fs:[00000030h] |
5_2_04F6766D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F67E41 mov eax, dword ptr fs:[00000030h] |
5_2_04F67E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F67E41 mov eax, dword ptr fs:[00000030h] |
5_2_04F67E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F67E41 mov eax, dword ptr fs:[00000030h] |
5_2_04F67E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F67E41 mov eax, dword ptr fs:[00000030h] |
5_2_04F67E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F67E41 mov eax, dword ptr fs:[00000030h] |
5_2_04F67E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F67E41 mov eax, dword ptr fs:[00000030h] |
5_2_04F67E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5E620 mov eax, dword ptr fs:[00000030h] |
5_2_04F5E620 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8A61C mov eax, dword ptr fs:[00000030h] |
5_2_04F8A61C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8A61C mov eax, dword ptr fs:[00000030h] |
5_2_04F8A61C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5C600 mov eax, dword ptr fs:[00000030h] |
5_2_04F5C600 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5C600 mov eax, dword ptr fs:[00000030h] |
5_2_04F5C600 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5C600 mov eax, dword ptr fs:[00000030h] |
5_2_04F5C600 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F88E00 mov eax, dword ptr fs:[00000030h] |
5_2_04F88E00 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05011608 mov eax, dword ptr fs:[00000030h] |
5_2_05011608 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F937F5 mov eax, dword ptr fs:[00000030h] |
5_2_04F937F5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0500FE3F mov eax, dword ptr fs:[00000030h] |
5_2_0500FE3F |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0501AE44 mov eax, dword ptr fs:[00000030h] |
5_2_0501AE44 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0501AE44 mov eax, dword ptr fs:[00000030h] |
5_2_0501AE44 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F68794 mov eax, dword ptr fs:[00000030h] |
5_2_04F68794 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD7794 mov eax, dword ptr fs:[00000030h] |
5_2_04FD7794 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD7794 mov eax, dword ptr fs:[00000030h] |
5_2_04FD7794 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD7794 mov eax, dword ptr fs:[00000030h] |
5_2_04FD7794 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F6FF60 mov eax, dword ptr fs:[00000030h] |
5_2_04F6FF60 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05020EA5 mov eax, dword ptr fs:[00000030h] |
5_2_05020EA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05020EA5 mov eax, dword ptr fs:[00000030h] |
5_2_05020EA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05020EA5 mov eax, dword ptr fs:[00000030h] |
5_2_05020EA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F6EF40 mov eax, dword ptr fs:[00000030h] |
5_2_04F6EF40 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0500FEC0 mov eax, dword ptr fs:[00000030h] |
5_2_0500FEC0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8E730 mov eax, dword ptr fs:[00000030h] |
5_2_04F8E730 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05028ED6 mov eax, dword ptr fs:[00000030h] |
5_2_05028ED6 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F54F2E mov eax, dword ptr fs:[00000030h] |
5_2_04F54F2E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F54F2E mov eax, dword ptr fs:[00000030h] |
5_2_04F54F2E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7F716 mov eax, dword ptr fs:[00000030h] |
5_2_04F7F716 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FEFF10 mov eax, dword ptr fs:[00000030h] |
5_2_04FEFF10 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FEFF10 mov eax, dword ptr fs:[00000030h] |
5_2_04FEFF10 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8A70E mov eax, dword ptr fs:[00000030h] |
5_2_04F8A70E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8A70E mov eax, dword ptr fs:[00000030h] |
5_2_04F8A70E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F540E1 mov eax, dword ptr fs:[00000030h] |
5_2_04F540E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F540E1 mov eax, dword ptr fs:[00000030h] |
5_2_04F540E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F540E1 mov eax, dword ptr fs:[00000030h] |
5_2_04F540E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F558EC mov eax, dword ptr fs:[00000030h] |
5_2_04F558EC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FEB8D0 mov eax, dword ptr fs:[00000030h] |
5_2_04FEB8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FEB8D0 mov ecx, dword ptr fs:[00000030h] |
5_2_04FEB8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FEB8D0 mov eax, dword ptr fs:[00000030h] |
5_2_04FEB8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FEB8D0 mov eax, dword ptr fs:[00000030h] |
5_2_04FEB8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FEB8D0 mov eax, dword ptr fs:[00000030h] |
5_2_04FEB8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FEB8D0 mov eax, dword ptr fs:[00000030h] |
5_2_04FEB8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8F0BF mov ecx, dword ptr fs:[00000030h] |
5_2_04F8F0BF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8F0BF mov eax, dword ptr fs:[00000030h] |
5_2_04F8F0BF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8F0BF mov eax, dword ptr fs:[00000030h] |
5_2_04F8F0BF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F990AF mov eax, dword ptr fs:[00000030h] |
5_2_04F990AF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F820A0 mov eax, dword ptr fs:[00000030h] |
5_2_04F820A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F820A0 mov eax, dword ptr fs:[00000030h] |
5_2_04F820A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F820A0 mov eax, dword ptr fs:[00000030h] |
5_2_04F820A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F820A0 mov eax, dword ptr fs:[00000030h] |
5_2_04F820A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F820A0 mov eax, dword ptr fs:[00000030h] |
5_2_04F820A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F820A0 mov eax, dword ptr fs:[00000030h] |
5_2_04F820A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F59080 mov eax, dword ptr fs:[00000030h] |
5_2_04F59080 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD3884 mov eax, dword ptr fs:[00000030h] |
5_2_04FD3884 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD3884 mov eax, dword ptr fs:[00000030h] |
5_2_04FD3884 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_050149A4 mov eax, dword ptr fs:[00000030h] |
5_2_050149A4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_050149A4 mov eax, dword ptr fs:[00000030h] |
5_2_050149A4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_050149A4 mov eax, dword ptr fs:[00000030h] |
5_2_050149A4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_050149A4 mov eax, dword ptr fs:[00000030h] |
5_2_050149A4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F70050 mov eax, dword ptr fs:[00000030h] |
5_2_04F70050 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F70050 mov eax, dword ptr fs:[00000030h] |
5_2_04F70050 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A830 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A830 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A830 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A830 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A830 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A830 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A830 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A830 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8002D mov eax, dword ptr fs:[00000030h] |
5_2_04F8002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8002D mov eax, dword ptr fs:[00000030h] |
5_2_04F8002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8002D mov eax, dword ptr fs:[00000030h] |
5_2_04F8002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8002D mov eax, dword ptr fs:[00000030h] |
5_2_04F8002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8002D mov eax, dword ptr fs:[00000030h] |
5_2_04F8002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F6B02A mov eax, dword ptr fs:[00000030h] |
5_2_04F6B02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F6B02A mov eax, dword ptr fs:[00000030h] |
5_2_04F6B02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F6B02A mov eax, dword ptr fs:[00000030h] |
5_2_04F6B02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F6B02A mov eax, dword ptr fs:[00000030h] |
5_2_04F6B02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD7016 mov eax, dword ptr fs:[00000030h] |
5_2_04FD7016 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD7016 mov eax, dword ptr fs:[00000030h] |
5_2_04FD7016 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD7016 mov eax, dword ptr fs:[00000030h] |
5_2_04FD7016 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5B1E1 mov eax, dword ptr fs:[00000030h] |
5_2_04F5B1E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5B1E1 mov eax, dword ptr fs:[00000030h] |
5_2_04F5B1E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5B1E1 mov eax, dword ptr fs:[00000030h] |
5_2_04F5B1E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FE41E8 mov eax, dword ptr fs:[00000030h] |
5_2_04FE41E8 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05024015 mov eax, dword ptr fs:[00000030h] |
5_2_05024015 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05024015 mov eax, dword ptr fs:[00000030h] |
5_2_05024015 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD51BE mov eax, dword ptr fs:[00000030h] |
5_2_04FD51BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD51BE mov eax, dword ptr fs:[00000030h] |
5_2_04FD51BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD51BE mov eax, dword ptr fs:[00000030h] |
5_2_04FD51BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD51BE mov eax, dword ptr fs:[00000030h] |
5_2_04FD51BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F861A0 mov eax, dword ptr fs:[00000030h] |
5_2_04F861A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F861A0 mov eax, dword ptr fs:[00000030h] |
5_2_04F861A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD69A6 mov eax, dword ptr fs:[00000030h] |
5_2_04FD69A6 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F82990 mov eax, dword ptr fs:[00000030h] |
5_2_04F82990 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05012073 mov eax, dword ptr fs:[00000030h] |
5_2_05012073 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7C182 mov eax, dword ptr fs:[00000030h] |
5_2_04F7C182 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05021074 mov eax, dword ptr fs:[00000030h] |
5_2_05021074 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8A185 mov eax, dword ptr fs:[00000030h] |
5_2_04F8A185 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5B171 mov eax, dword ptr fs:[00000030h] |
5_2_04F5B171 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5B171 mov eax, dword ptr fs:[00000030h] |
5_2_04F5B171 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5C962 mov eax, dword ptr fs:[00000030h] |
5_2_04F5C962 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7B944 mov eax, dword ptr fs:[00000030h] |
5_2_04F7B944 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7B944 mov eax, dword ptr fs:[00000030h] |
5_2_04F7B944 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8513A mov eax, dword ptr fs:[00000030h] |
5_2_04F8513A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8513A mov eax, dword ptr fs:[00000030h] |
5_2_04F8513A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F74120 mov eax, dword ptr fs:[00000030h] |
5_2_04F74120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F74120 mov eax, dword ptr fs:[00000030h] |
5_2_04F74120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F74120 mov eax, dword ptr fs:[00000030h] |
5_2_04F74120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F74120 mov eax, dword ptr fs:[00000030h] |
5_2_04F74120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F74120 mov ecx, dword ptr fs:[00000030h] |
5_2_04F74120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F59100 mov eax, dword ptr fs:[00000030h] |
5_2_04F59100 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F59100 mov eax, dword ptr fs:[00000030h] |
5_2_04F59100 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F59100 mov eax, dword ptr fs:[00000030h] |
5_2_04F59100 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0501131B mov eax, dword ptr fs:[00000030h] |
5_2_0501131B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F82AE4 mov eax, dword ptr fs:[00000030h] |
5_2_04F82AE4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F82ACB mov eax, dword ptr fs:[00000030h] |
5_2_04F82ACB |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F6AAB0 mov eax, dword ptr fs:[00000030h] |
5_2_04F6AAB0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F6AAB0 mov eax, dword ptr fs:[00000030h] |
5_2_04F6AAB0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8FAB0 mov eax, dword ptr fs:[00000030h] |
5_2_04F8FAB0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F552A5 mov eax, dword ptr fs:[00000030h] |
5_2_04F552A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F552A5 mov eax, dword ptr fs:[00000030h] |
5_2_04F552A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F552A5 mov eax, dword ptr fs:[00000030h] |
5_2_04F552A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F552A5 mov eax, dword ptr fs:[00000030h] |
5_2_04F552A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F552A5 mov eax, dword ptr fs:[00000030h] |
5_2_04F552A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05028B58 mov eax, dword ptr fs:[00000030h] |
5_2_05028B58 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8D294 mov eax, dword ptr fs:[00000030h] |
5_2_04F8D294 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8D294 mov eax, dword ptr fs:[00000030h] |
5_2_04F8D294 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0500D380 mov ecx, dword ptr fs:[00000030h] |
5_2_0500D380 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F9927A mov eax, dword ptr fs:[00000030h] |
5_2_04F9927A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0501138A mov eax, dword ptr fs:[00000030h] |
5_2_0501138A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05025BA5 mov eax, dword ptr fs:[00000030h] |
5_2_05025BA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FE4257 mov eax, dword ptr fs:[00000030h] |
5_2_04FE4257 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F59240 mov eax, dword ptr fs:[00000030h] |
5_2_04F59240 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F59240 mov eax, dword ptr fs:[00000030h] |
5_2_04F59240 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F59240 mov eax, dword ptr fs:[00000030h] |
5_2_04F59240 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F59240 mov eax, dword ptr fs:[00000030h] |
5_2_04F59240 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F94A2C mov eax, dword ptr fs:[00000030h] |
5_2_04F94A2C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F94A2C mov eax, dword ptr fs:[00000030h] |
5_2_04F94A2C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A229 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A229 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A229 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A229 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A229 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A229 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A229 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A229 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A229 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A229 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A229 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A229 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A229 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A229 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A229 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A229 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7A229 mov eax, dword ptr fs:[00000030h] |
5_2_04F7A229 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5AA16 mov eax, dword ptr fs:[00000030h] |
5_2_04F5AA16 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5AA16 mov eax, dword ptr fs:[00000030h] |
5_2_04F5AA16 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F55210 mov eax, dword ptr fs:[00000030h] |
5_2_04F55210 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F55210 mov ecx, dword ptr fs:[00000030h] |
5_2_04F55210 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F55210 mov eax, dword ptr fs:[00000030h] |
5_2_04F55210 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F55210 mov eax, dword ptr fs:[00000030h] |
5_2_04F55210 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F73A1C mov eax, dword ptr fs:[00000030h] |
5_2_04F73A1C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F68A0A mov eax, dword ptr fs:[00000030h] |
5_2_04F68A0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0501AA16 mov eax, dword ptr fs:[00000030h] |
5_2_0501AA16 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0501AA16 mov eax, dword ptr fs:[00000030h] |
5_2_0501AA16 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F803E2 mov eax, dword ptr fs:[00000030h] |
5_2_04F803E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F803E2 mov eax, dword ptr fs:[00000030h] |
5_2_04F803E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F803E2 mov eax, dword ptr fs:[00000030h] |
5_2_04F803E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F803E2 mov eax, dword ptr fs:[00000030h] |
5_2_04F803E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F803E2 mov eax, dword ptr fs:[00000030h] |
5_2_04F803E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F803E2 mov eax, dword ptr fs:[00000030h] |
5_2_04F803E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F7DBE9 mov eax, dword ptr fs:[00000030h] |
5_2_04F7DBE9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD53CA mov eax, dword ptr fs:[00000030h] |
5_2_04FD53CA |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04FD53CA mov eax, dword ptr fs:[00000030h] |
5_2_04FD53CA |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0501EA55 mov eax, dword ptr fs:[00000030h] |
5_2_0501EA55 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F84BAD mov eax, dword ptr fs:[00000030h] |
5_2_04F84BAD |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F84BAD mov eax, dword ptr fs:[00000030h] |
5_2_04F84BAD |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F84BAD mov eax, dword ptr fs:[00000030h] |
5_2_04F84BAD |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0500B260 mov eax, dword ptr fs:[00000030h] |
5_2_0500B260 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_0500B260 mov eax, dword ptr fs:[00000030h] |
5_2_0500B260 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_05028A62 mov eax, dword ptr fs:[00000030h] |
5_2_05028A62 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F8B390 mov eax, dword ptr fs:[00000030h] |
5_2_04F8B390 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F82397 mov eax, dword ptr fs:[00000030h] |
5_2_04F82397 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F61B8F mov eax, dword ptr fs:[00000030h] |
5_2_04F61B8F |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F61B8F mov eax, dword ptr fs:[00000030h] |
5_2_04F61B8F |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F83B7A mov eax, dword ptr fs:[00000030h] |
5_2_04F83B7A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F83B7A mov eax, dword ptr fs:[00000030h] |
5_2_04F83B7A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5DB60 mov ecx, dword ptr fs:[00000030h] |
5_2_04F5DB60 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5F358 mov eax, dword ptr fs:[00000030h] |
5_2_04F5F358 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 5_2_04F5DB40 mov eax, dword ptr fs:[00000030h] |
5_2_04F5DB40 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26CF0 mov eax, dword ptr fs:[00000030h] |
15_2_04E26CF0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26CF0 mov eax, dword ptr fs:[00000030h] |
15_2_04E26CF0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26CF0 mov eax, dword ptr fs:[00000030h] |
15_2_04E26CF0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E614FB mov eax, dword ptr fs:[00000030h] |
15_2_04E614FB |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E78CD6 mov eax, dword ptr fs:[00000030h] |
15_2_04E78CD6 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB849B mov eax, dword ptr fs:[00000030h] |
15_2_04DB849B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDA44B mov eax, dword ptr fs:[00000030h] |
15_2_04DDA44B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDAC7B mov eax, dword ptr fs:[00000030h] |
15_2_04DDAC7B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDAC7B mov eax, dword ptr fs:[00000030h] |
15_2_04DDAC7B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDAC7B mov eax, dword ptr fs:[00000030h] |
15_2_04DDAC7B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDAC7B mov eax, dword ptr fs:[00000030h] |
15_2_04DDAC7B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDAC7B mov eax, dword ptr fs:[00000030h] |
15_2_04DDAC7B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDAC7B mov eax, dword ptr fs:[00000030h] |
15_2_04DDAC7B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDAC7B mov eax, dword ptr fs:[00000030h] |
15_2_04DDAC7B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDAC7B mov eax, dword ptr fs:[00000030h] |
15_2_04DDAC7B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDAC7B mov eax, dword ptr fs:[00000030h] |
15_2_04DDAC7B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDAC7B mov eax, dword ptr fs:[00000030h] |
15_2_04DDAC7B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDAC7B mov eax, dword ptr fs:[00000030h] |
15_2_04DDAC7B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DC746D mov eax, dword ptr fs:[00000030h] |
15_2_04DC746D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E3C450 mov eax, dword ptr fs:[00000030h] |
15_2_04E3C450 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E3C450 mov eax, dword ptr fs:[00000030h] |
15_2_04E3C450 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61C06 mov eax, dword ptr fs:[00000030h] |
15_2_04E61C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26C0A mov eax, dword ptr fs:[00000030h] |
15_2_04E26C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26C0A mov eax, dword ptr fs:[00000030h] |
15_2_04E26C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26C0A mov eax, dword ptr fs:[00000030h] |
15_2_04E26C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26C0A mov eax, dword ptr fs:[00000030h] |
15_2_04E26C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E7740D mov eax, dword ptr fs:[00000030h] |
15_2_04E7740D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E7740D mov eax, dword ptr fs:[00000030h] |
15_2_04E7740D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E7740D mov eax, dword ptr fs:[00000030h] |
15_2_04E7740D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDBC2C mov eax, dword ptr fs:[00000030h] |
15_2_04DDBC2C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E6FDE2 mov eax, dword ptr fs:[00000030h] |
15_2_04E6FDE2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E6FDE2 mov eax, dword ptr fs:[00000030h] |
15_2_04E6FDE2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E6FDE2 mov eax, dword ptr fs:[00000030h] |
15_2_04E6FDE2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E6FDE2 mov eax, dword ptr fs:[00000030h] |
15_2_04E6FDE2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E58DF1 mov eax, dword ptr fs:[00000030h] |
15_2_04E58DF1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26DC9 mov eax, dword ptr fs:[00000030h] |
15_2_04E26DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26DC9 mov eax, dword ptr fs:[00000030h] |
15_2_04E26DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26DC9 mov eax, dword ptr fs:[00000030h] |
15_2_04E26DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26DC9 mov ecx, dword ptr fs:[00000030h] |
15_2_04E26DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26DC9 mov eax, dword ptr fs:[00000030h] |
15_2_04E26DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E26DC9 mov eax, dword ptr fs:[00000030h] |
15_2_04E26DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DBD5E0 mov eax, dword ptr fs:[00000030h] |
15_2_04DBD5E0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DBD5E0 mov eax, dword ptr fs:[00000030h] |
15_2_04DBD5E0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDFD9B mov eax, dword ptr fs:[00000030h] |
15_2_04DDFD9B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDFD9B mov eax, dword ptr fs:[00000030h] |
15_2_04DDFD9B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E705AC mov eax, dword ptr fs:[00000030h] |
15_2_04E705AC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E705AC mov eax, dword ptr fs:[00000030h] |
15_2_04E705AC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DA2D8A mov eax, dword ptr fs:[00000030h] |
15_2_04DA2D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DA2D8A mov eax, dword ptr fs:[00000030h] |
15_2_04DA2D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DA2D8A mov eax, dword ptr fs:[00000030h] |
15_2_04DA2D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DA2D8A mov eax, dword ptr fs:[00000030h] |
15_2_04DA2D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DA2D8A mov eax, dword ptr fs:[00000030h] |
15_2_04DA2D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD2581 mov eax, dword ptr fs:[00000030h] |
15_2_04DD2581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD2581 mov eax, dword ptr fs:[00000030h] |
15_2_04DD2581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD2581 mov eax, dword ptr fs:[00000030h] |
15_2_04DD2581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD2581 mov eax, dword ptr fs:[00000030h] |
15_2_04DD2581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD1DB5 mov eax, dword ptr fs:[00000030h] |
15_2_04DD1DB5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD1DB5 mov eax, dword ptr fs:[00000030h] |
15_2_04DD1DB5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD1DB5 mov eax, dword ptr fs:[00000030h] |
15_2_04DD1DB5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD35A1 mov eax, dword ptr fs:[00000030h] |
15_2_04DD35A1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DC7D50 mov eax, dword ptr fs:[00000030h] |
15_2_04DC7D50 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DE3D43 mov eax, dword ptr fs:[00000030h] |
15_2_04DE3D43 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E23540 mov eax, dword ptr fs:[00000030h] |
15_2_04E23540 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E53D40 mov eax, dword ptr fs:[00000030h] |
15_2_04E53D40 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCC577 mov eax, dword ptr fs:[00000030h] |
15_2_04DCC577 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCC577 mov eax, dword ptr fs:[00000030h] |
15_2_04DCC577 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E78D34 mov eax, dword ptr fs:[00000030h] |
15_2_04E78D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E2A537 mov eax, dword ptr fs:[00000030h] |
15_2_04E2A537 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E6E539 mov eax, dword ptr fs:[00000030h] |
15_2_04E6E539 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD4D3B mov eax, dword ptr fs:[00000030h] |
15_2_04DD4D3B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD4D3B mov eax, dword ptr fs:[00000030h] |
15_2_04DD4D3B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD4D3B mov eax, dword ptr fs:[00000030h] |
15_2_04DD4D3B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DAAD30 mov eax, dword ptr fs:[00000030h] |
15_2_04DAAD30 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB3D34 mov eax, dword ptr fs:[00000030h] |
15_2_04DB3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD36CC mov eax, dword ptr fs:[00000030h] |
15_2_04DD36CC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DE8EC7 mov eax, dword ptr fs:[00000030h] |
15_2_04DE8EC7 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E5FEC0 mov eax, dword ptr fs:[00000030h] |
15_2_04E5FEC0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E78ED6 mov eax, dword ptr fs:[00000030h] |
15_2_04E78ED6 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB76E2 mov eax, dword ptr fs:[00000030h] |
15_2_04DB76E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD16E0 mov ecx, dword ptr fs:[00000030h] |
15_2_04DD16E0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E70EA5 mov eax, dword ptr fs:[00000030h] |
15_2_04E70EA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E70EA5 mov eax, dword ptr fs:[00000030h] |
15_2_04E70EA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E70EA5 mov eax, dword ptr fs:[00000030h] |
15_2_04E70EA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E246A7 mov eax, dword ptr fs:[00000030h] |
15_2_04E246A7 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E3FE87 mov eax, dword ptr fs:[00000030h] |
15_2_04E3FE87 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB7E41 mov eax, dword ptr fs:[00000030h] |
15_2_04DB7E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB7E41 mov eax, dword ptr fs:[00000030h] |
15_2_04DB7E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB7E41 mov eax, dword ptr fs:[00000030h] |
15_2_04DB7E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB7E41 mov eax, dword ptr fs:[00000030h] |
15_2_04DB7E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB7E41 mov eax, dword ptr fs:[00000030h] |
15_2_04DB7E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB7E41 mov eax, dword ptr fs:[00000030h] |
15_2_04DB7E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E6AE44 mov eax, dword ptr fs:[00000030h] |
15_2_04E6AE44 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E6AE44 mov eax, dword ptr fs:[00000030h] |
15_2_04E6AE44 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCAE73 mov eax, dword ptr fs:[00000030h] |
15_2_04DCAE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCAE73 mov eax, dword ptr fs:[00000030h] |
15_2_04DCAE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCAE73 mov eax, dword ptr fs:[00000030h] |
15_2_04DCAE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCAE73 mov eax, dword ptr fs:[00000030h] |
15_2_04DCAE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCAE73 mov eax, dword ptr fs:[00000030h] |
15_2_04DCAE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB766D mov eax, dword ptr fs:[00000030h] |
15_2_04DB766D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDA61C mov eax, dword ptr fs:[00000030h] |
15_2_04DDA61C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDA61C mov eax, dword ptr fs:[00000030h] |
15_2_04DDA61C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E5FE3F mov eax, dword ptr fs:[00000030h] |
15_2_04E5FE3F |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DAC600 mov eax, dword ptr fs:[00000030h] |
15_2_04DAC600 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DAC600 mov eax, dword ptr fs:[00000030h] |
15_2_04DAC600 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DAC600 mov eax, dword ptr fs:[00000030h] |
15_2_04DAC600 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD8E00 mov eax, dword ptr fs:[00000030h] |
15_2_04DD8E00 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E61608 mov eax, dword ptr fs:[00000030h] |
15_2_04E61608 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DAE620 mov eax, dword ptr fs:[00000030h] |
15_2_04DAE620 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DE37F5 mov eax, dword ptr fs:[00000030h] |
15_2_04DE37F5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DB8794 mov eax, dword ptr fs:[00000030h] |
15_2_04DB8794 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E27794 mov eax, dword ptr fs:[00000030h] |
15_2_04E27794 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E27794 mov eax, dword ptr fs:[00000030h] |
15_2_04E27794 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E27794 mov eax, dword ptr fs:[00000030h] |
15_2_04E27794 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E78F6A mov eax, dword ptr fs:[00000030h] |
15_2_04E78F6A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DBEF40 mov eax, dword ptr fs:[00000030h] |
15_2_04DBEF40 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DBFF60 mov eax, dword ptr fs:[00000030h] |
15_2_04DBFF60 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCF716 mov eax, dword ptr fs:[00000030h] |
15_2_04DCF716 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDA70E mov eax, dword ptr fs:[00000030h] |
15_2_04DDA70E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDA70E mov eax, dword ptr fs:[00000030h] |
15_2_04DDA70E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCB73D mov eax, dword ptr fs:[00000030h] |
15_2_04DCB73D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCB73D mov eax, dword ptr fs:[00000030h] |
15_2_04DCB73D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E7070D mov eax, dword ptr fs:[00000030h] |
15_2_04E7070D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E7070D mov eax, dword ptr fs:[00000030h] |
15_2_04E7070D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDE730 mov eax, dword ptr fs:[00000030h] |
15_2_04DDE730 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E3FF10 mov eax, dword ptr fs:[00000030h] |
15_2_04E3FF10 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E3FF10 mov eax, dword ptr fs:[00000030h] |
15_2_04E3FF10 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DA4F2E mov eax, dword ptr fs:[00000030h] |
15_2_04DA4F2E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DA4F2E mov eax, dword ptr fs:[00000030h] |
15_2_04DA4F2E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E3B8D0 mov eax, dword ptr fs:[00000030h] |
15_2_04E3B8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E3B8D0 mov ecx, dword ptr fs:[00000030h] |
15_2_04E3B8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E3B8D0 mov eax, dword ptr fs:[00000030h] |
15_2_04E3B8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E3B8D0 mov eax, dword ptr fs:[00000030h] |
15_2_04E3B8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E3B8D0 mov eax, dword ptr fs:[00000030h] |
15_2_04E3B8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E3B8D0 mov eax, dword ptr fs:[00000030h] |
15_2_04E3B8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DA58EC mov eax, dword ptr fs:[00000030h] |
15_2_04DA58EC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCB8E4 mov eax, dword ptr fs:[00000030h] |
15_2_04DCB8E4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCB8E4 mov eax, dword ptr fs:[00000030h] |
15_2_04DCB8E4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DA40E1 mov eax, dword ptr fs:[00000030h] |
15_2_04DA40E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DA40E1 mov eax, dword ptr fs:[00000030h] |
15_2_04DA40E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DA40E1 mov eax, dword ptr fs:[00000030h] |
15_2_04DA40E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DA9080 mov eax, dword ptr fs:[00000030h] |
15_2_04DA9080 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDF0BF mov ecx, dword ptr fs:[00000030h] |
15_2_04DDF0BF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDF0BF mov eax, dword ptr fs:[00000030h] |
15_2_04DDF0BF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDF0BF mov eax, dword ptr fs:[00000030h] |
15_2_04DDF0BF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E23884 mov eax, dword ptr fs:[00000030h] |
15_2_04E23884 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E23884 mov eax, dword ptr fs:[00000030h] |
15_2_04E23884 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DE90AF mov eax, dword ptr fs:[00000030h] |
15_2_04DE90AF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD20A0 mov eax, dword ptr fs:[00000030h] |
15_2_04DD20A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD20A0 mov eax, dword ptr fs:[00000030h] |
15_2_04DD20A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD20A0 mov eax, dword ptr fs:[00000030h] |
15_2_04DD20A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD20A0 mov eax, dword ptr fs:[00000030h] |
15_2_04DD20A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD20A0 mov eax, dword ptr fs:[00000030h] |
15_2_04DD20A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD20A0 mov eax, dword ptr fs:[00000030h] |
15_2_04DD20A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DC0050 mov eax, dword ptr fs:[00000030h] |
15_2_04DC0050 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DC0050 mov eax, dword ptr fs:[00000030h] |
15_2_04DC0050 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E71074 mov eax, dword ptr fs:[00000030h] |
15_2_04E71074 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E62073 mov eax, dword ptr fs:[00000030h] |
15_2_04E62073 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCA830 mov eax, dword ptr fs:[00000030h] |
15_2_04DCA830 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCA830 mov eax, dword ptr fs:[00000030h] |
15_2_04DCA830 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCA830 mov eax, dword ptr fs:[00000030h] |
15_2_04DCA830 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DCA830 mov eax, dword ptr fs:[00000030h] |
15_2_04DCA830 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD002D mov eax, dword ptr fs:[00000030h] |
15_2_04DD002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD002D mov eax, dword ptr fs:[00000030h] |
15_2_04DD002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD002D mov eax, dword ptr fs:[00000030h] |
15_2_04DD002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD002D mov eax, dword ptr fs:[00000030h] |
15_2_04DD002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD002D mov eax, dword ptr fs:[00000030h] |
15_2_04DD002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DBB02A mov eax, dword ptr fs:[00000030h] |
15_2_04DBB02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DBB02A mov eax, dword ptr fs:[00000030h] |
15_2_04DBB02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DBB02A mov eax, dword ptr fs:[00000030h] |
15_2_04DBB02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DBB02A mov eax, dword ptr fs:[00000030h] |
15_2_04DBB02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E74015 mov eax, dword ptr fs:[00000030h] |
15_2_04E74015 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E74015 mov eax, dword ptr fs:[00000030h] |
15_2_04E74015 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E27016 mov eax, dword ptr fs:[00000030h] |
15_2_04E27016 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E27016 mov eax, dword ptr fs:[00000030h] |
15_2_04E27016 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E27016 mov eax, dword ptr fs:[00000030h] |
15_2_04E27016 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E341E8 mov eax, dword ptr fs:[00000030h] |
15_2_04E341E8 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DAB1E1 mov eax, dword ptr fs:[00000030h] |
15_2_04DAB1E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DAB1E1 mov eax, dword ptr fs:[00000030h] |
15_2_04DAB1E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DAB1E1 mov eax, dword ptr fs:[00000030h] |
15_2_04DAB1E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E649A4 mov eax, dword ptr fs:[00000030h] |
15_2_04E649A4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E649A4 mov eax, dword ptr fs:[00000030h] |
15_2_04E649A4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E649A4 mov eax, dword ptr fs:[00000030h] |
15_2_04E649A4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E649A4 mov eax, dword ptr fs:[00000030h] |
15_2_04E649A4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E269A6 mov eax, dword ptr fs:[00000030h] |
15_2_04E269A6 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DD2990 mov eax, dword ptr fs:[00000030h] |
15_2_04DD2990 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04DDA185 mov eax, dword ptr fs:[00000030h] |
15_2_04DDA185 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E251BE mov eax, dword ptr fs:[00000030h] |
15_2_04E251BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe |
Code function: 15_2_04E251BE mov eax, dword ptr fs:[00000030h] |
15_2_04E251BE |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet