| Source: 3.0.new_order.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.0.new_order.exe.400000.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.0.new_order.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.0.new_order.exe.400000.6.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.0.new_order.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.0.new_order.exe.400000.6.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.2.new_order.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.2.new_order.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.0.new_order.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.0.new_order.exe.400000.4.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.2.new_order.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.2.new_order.exe.400000.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 3.0.new_order.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 3.0.new_order.exe.400000.5.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 1.2.new_order.exe.1acb0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.2.new_order.exe.1acb0000.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 1.2.new_order.exe.1acb0000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 1.2.new_order.exe.1acb0000.2.unpack, type: UNPACKEDPE |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000001.00000002.698671664.000000001ACB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000001.00000002.698671664.000000001ACB0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000009.00000002.946218609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000009.00000002.946218609.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000009.00000002.946443311.0000000000820000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000009.00000002.946443311.0000000000820000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000005.00000000.738390030.000000000E954000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000005.00000000.738390030.000000000E954000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000003.00000002.754910561.00000000004C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000003.00000002.754910561.00000000004C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000003.00000000.688696186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000003.00000000.688696186.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000005.00000000.723911761.000000000E954000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000005.00000000.723911761.000000000E954000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000009.00000002.946503989.0000000000850000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000009.00000002.946503989.0000000000850000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000003.00000000.687734511.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000003.00000000.687734511.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000003.00000002.754825305.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000003.00000002.754825305.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000003.00000002.755193140.00000000009F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000003.00000002.755193140.00000000009F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY |
Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_0041A350 NtCreateFile, |
3_2_0041A350 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_0041A400 NtReadFile, |
3_2_0041A400 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_0041A480 NtClose, |
3_2_0041A480 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_0041A530 NtAllocateVirtualMemory, |
3_2_0041A530 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_0041A3A2 NtCreateFile, |
3_2_0041A3A2 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_0041A47A NtClose, |
3_2_0041A47A |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_0041A52A NtAllocateVirtualMemory, |
3_2_0041A52A |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A998F0 NtReadVirtualMemory,LdrInitializeThunk, |
3_2_00A998F0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99860 NtQuerySystemInformation,LdrInitializeThunk, |
3_2_00A99860 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99840 NtDelayExecution,LdrInitializeThunk, |
3_2_00A99840 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A999A0 NtCreateSection,LdrInitializeThunk, |
3_2_00A999A0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99910 NtAdjustPrivilegesToken,LdrInitializeThunk, |
3_2_00A99910 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99A20 NtResumeThread,LdrInitializeThunk, |
3_2_00A99A20 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99A00 NtProtectVirtualMemory,LdrInitializeThunk, |
3_2_00A99A00 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99A50 NtCreateFile,LdrInitializeThunk, |
3_2_00A99A50 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A995D0 NtClose,LdrInitializeThunk, |
3_2_00A995D0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99540 NtReadFile,LdrInitializeThunk, |
3_2_00A99540 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A996E0 NtFreeVirtualMemory,LdrInitializeThunk, |
3_2_00A996E0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99660 NtAllocateVirtualMemory,LdrInitializeThunk, |
3_2_00A99660 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A997A0 NtUnmapViewOfSection,LdrInitializeThunk, |
3_2_00A997A0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99780 NtMapViewOfSection,LdrInitializeThunk, |
3_2_00A99780 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99710 NtQueryInformationToken,LdrInitializeThunk, |
3_2_00A99710 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A998A0 NtWriteVirtualMemory, |
3_2_00A998A0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99820 NtEnumerateKey, |
3_2_00A99820 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A9B040 NtSuspendThread, |
3_2_00A9B040 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A999D0 NtCreateProcessEx, |
3_2_00A999D0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99950 NtQueueApcThread, |
3_2_00A99950 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A99A80 NtOpenDirectoryObject, |
3_2_00A99A80 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949840 NtDelayExecution,LdrInitializeThunk, |
9_2_04949840 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949860 NtQuerySystemInformation,LdrInitializeThunk, |
9_2_04949860 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049499A0 NtCreateSection,LdrInitializeThunk, |
9_2_049499A0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049495D0 NtClose,LdrInitializeThunk, |
9_2_049495D0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949910 NtAdjustPrivilegesToken,LdrInitializeThunk, |
9_2_04949910 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949540 NtReadFile,LdrInitializeThunk, |
9_2_04949540 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049496D0 NtCreateKey,LdrInitializeThunk, |
9_2_049496D0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049496E0 NtFreeVirtualMemory,LdrInitializeThunk, |
9_2_049496E0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949650 NtQueryValueKey,LdrInitializeThunk, |
9_2_04949650 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949A50 NtCreateFile,LdrInitializeThunk, |
9_2_04949A50 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949660 NtAllocateVirtualMemory,LdrInitializeThunk, |
9_2_04949660 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949780 NtMapViewOfSection,LdrInitializeThunk, |
9_2_04949780 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949FE0 NtCreateMutant,LdrInitializeThunk, |
9_2_04949FE0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949710 NtQueryInformationToken,LdrInitializeThunk, |
9_2_04949710 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049498A0 NtWriteVirtualMemory, |
9_2_049498A0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049498F0 NtReadVirtualMemory, |
9_2_049498F0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949820 NtEnumerateKey, |
9_2_04949820 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0494B040 NtSuspendThread, |
9_2_0494B040 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049499D0 NtCreateProcessEx, |
9_2_049499D0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049495F0 NtQueryInformationFile, |
9_2_049495F0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0494AD30 NtSetContextThread, |
9_2_0494AD30 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949520 NtWaitForSingleObject, |
9_2_04949520 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949950 NtQueueApcThread, |
9_2_04949950 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949560 NtWriteFile, |
9_2_04949560 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949A80 NtOpenDirectoryObject, |
9_2_04949A80 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949610 NtEnumerateValueKey, |
9_2_04949610 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949A10 NtQuerySection, |
9_2_04949A10 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949A00 NtProtectVirtualMemory, |
9_2_04949A00 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949A20 NtResumeThread, |
9_2_04949A20 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949670 NtQueryInformationProcess, |
9_2_04949670 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0494A3B0 NtGetContextThread, |
9_2_0494A3B0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049497A0 NtUnmapViewOfSection, |
9_2_049497A0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0494A710 NtOpenProcessToken, |
9_2_0494A710 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949B00 NtSetValueKey, |
9_2_04949B00 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949730 NtQueryVirtualMemory, |
9_2_04949730 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949770 NtSetInformationFile, |
9_2_04949770 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0494A770 NtOpenThread, |
9_2_0494A770 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04949760 NtOpenProcess, |
9_2_04949760 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0041A350 NtCreateFile, |
9_2_0041A350 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0041A400 NtReadFile, |
9_2_0041A400 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0041A480 NtClose, |
9_2_0041A480 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0041A530 NtAllocateVirtualMemory, |
9_2_0041A530 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0041A3A2 NtCreateFile, |
9_2_0041A3A2 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0041A47A NtClose, |
9_2_0041A47A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0041A52A NtAllocateVirtualMemory, |
9_2_0041A52A |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 1_2_02180402 mov eax, dword ptr fs:[00000030h] |
1_2_02180402 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 1_2_02180616 mov eax, dword ptr fs:[00000030h] |
1_2_02180616 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 1_2_02180706 mov eax, dword ptr fs:[00000030h] |
1_2_02180706 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 1_2_02180744 mov eax, dword ptr fs:[00000030h] |
1_2_02180744 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 1_2_021806C7 mov eax, dword ptr fs:[00000030h] |
1_2_021806C7 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A990AF mov eax, dword ptr fs:[00000030h] |
3_2_00A990AF |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A820A0 mov eax, dword ptr fs:[00000030h] |
3_2_00A820A0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A820A0 mov eax, dword ptr fs:[00000030h] |
3_2_00A820A0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A820A0 mov eax, dword ptr fs:[00000030h] |
3_2_00A820A0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A820A0 mov eax, dword ptr fs:[00000030h] |
3_2_00A820A0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A820A0 mov eax, dword ptr fs:[00000030h] |
3_2_00A820A0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A820A0 mov eax, dword ptr fs:[00000030h] |
3_2_00A820A0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8F0BF mov ecx, dword ptr fs:[00000030h] |
3_2_00A8F0BF |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8F0BF mov eax, dword ptr fs:[00000030h] |
3_2_00A8F0BF |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8F0BF mov eax, dword ptr fs:[00000030h] |
3_2_00A8F0BF |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A59080 mov eax, dword ptr fs:[00000030h] |
3_2_00A59080 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AD3884 mov eax, dword ptr fs:[00000030h] |
3_2_00AD3884 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AD3884 mov eax, dword ptr fs:[00000030h] |
3_2_00AD3884 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A558EC mov eax, dword ptr fs:[00000030h] |
3_2_00A558EC |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AEB8D0 mov eax, dword ptr fs:[00000030h] |
3_2_00AEB8D0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AEB8D0 mov ecx, dword ptr fs:[00000030h] |
3_2_00AEB8D0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AEB8D0 mov eax, dword ptr fs:[00000030h] |
3_2_00AEB8D0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AEB8D0 mov eax, dword ptr fs:[00000030h] |
3_2_00AEB8D0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AEB8D0 mov eax, dword ptr fs:[00000030h] |
3_2_00AEB8D0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AEB8D0 mov eax, dword ptr fs:[00000030h] |
3_2_00AEB8D0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8002D mov eax, dword ptr fs:[00000030h] |
3_2_00A8002D |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8002D mov eax, dword ptr fs:[00000030h] |
3_2_00A8002D |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8002D mov eax, dword ptr fs:[00000030h] |
3_2_00A8002D |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8002D mov eax, dword ptr fs:[00000030h] |
3_2_00A8002D |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8002D mov eax, dword ptr fs:[00000030h] |
3_2_00A8002D |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A6B02A mov eax, dword ptr fs:[00000030h] |
3_2_00A6B02A |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A6B02A mov eax, dword ptr fs:[00000030h] |
3_2_00A6B02A |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A6B02A mov eax, dword ptr fs:[00000030h] |
3_2_00A6B02A |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A6B02A mov eax, dword ptr fs:[00000030h] |
3_2_00A6B02A |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00B24015 mov eax, dword ptr fs:[00000030h] |
3_2_00B24015 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00B24015 mov eax, dword ptr fs:[00000030h] |
3_2_00B24015 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AD7016 mov eax, dword ptr fs:[00000030h] |
3_2_00AD7016 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AD7016 mov eax, dword ptr fs:[00000030h] |
3_2_00AD7016 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AD7016 mov eax, dword ptr fs:[00000030h] |
3_2_00AD7016 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00B12073 mov eax, dword ptr fs:[00000030h] |
3_2_00B12073 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00B21074 mov eax, dword ptr fs:[00000030h] |
3_2_00B21074 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A70050 mov eax, dword ptr fs:[00000030h] |
3_2_00A70050 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A70050 mov eax, dword ptr fs:[00000030h] |
3_2_00A70050 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A861A0 mov eax, dword ptr fs:[00000030h] |
3_2_00A861A0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A861A0 mov eax, dword ptr fs:[00000030h] |
3_2_00A861A0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AD69A6 mov eax, dword ptr fs:[00000030h] |
3_2_00AD69A6 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AD51BE mov eax, dword ptr fs:[00000030h] |
3_2_00AD51BE |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AD51BE mov eax, dword ptr fs:[00000030h] |
3_2_00AD51BE |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AD51BE mov eax, dword ptr fs:[00000030h] |
3_2_00AD51BE |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AD51BE mov eax, dword ptr fs:[00000030h] |
3_2_00AD51BE |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A7C182 mov eax, dword ptr fs:[00000030h] |
3_2_00A7C182 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8A185 mov eax, dword ptr fs:[00000030h] |
3_2_00A8A185 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A82990 mov eax, dword ptr fs:[00000030h] |
3_2_00A82990 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A5B1E1 mov eax, dword ptr fs:[00000030h] |
3_2_00A5B1E1 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A5B1E1 mov eax, dword ptr fs:[00000030h] |
3_2_00A5B1E1 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A5B1E1 mov eax, dword ptr fs:[00000030h] |
3_2_00A5B1E1 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00AE41E8 mov eax, dword ptr fs:[00000030h] |
3_2_00AE41E8 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A74120 mov eax, dword ptr fs:[00000030h] |
3_2_00A74120 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A74120 mov eax, dword ptr fs:[00000030h] |
3_2_00A74120 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A74120 mov eax, dword ptr fs:[00000030h] |
3_2_00A74120 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A74120 mov eax, dword ptr fs:[00000030h] |
3_2_00A74120 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A74120 mov ecx, dword ptr fs:[00000030h] |
3_2_00A74120 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8513A mov eax, dword ptr fs:[00000030h] |
3_2_00A8513A |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8513A mov eax, dword ptr fs:[00000030h] |
3_2_00A8513A |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A59100 mov eax, dword ptr fs:[00000030h] |
3_2_00A59100 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A59100 mov eax, dword ptr fs:[00000030h] |
3_2_00A59100 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A59100 mov eax, dword ptr fs:[00000030h] |
3_2_00A59100 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A5C962 mov eax, dword ptr fs:[00000030h] |
3_2_00A5C962 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A5B171 mov eax, dword ptr fs:[00000030h] |
3_2_00A5B171 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A5B171 mov eax, dword ptr fs:[00000030h] |
3_2_00A5B171 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A7B944 mov eax, dword ptr fs:[00000030h] |
3_2_00A7B944 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A7B944 mov eax, dword ptr fs:[00000030h] |
3_2_00A7B944 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A552A5 mov eax, dword ptr fs:[00000030h] |
3_2_00A552A5 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A552A5 mov eax, dword ptr fs:[00000030h] |
3_2_00A552A5 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A552A5 mov eax, dword ptr fs:[00000030h] |
3_2_00A552A5 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A552A5 mov eax, dword ptr fs:[00000030h] |
3_2_00A552A5 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A552A5 mov eax, dword ptr fs:[00000030h] |
3_2_00A552A5 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A6AAB0 mov eax, dword ptr fs:[00000030h] |
3_2_00A6AAB0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A6AAB0 mov eax, dword ptr fs:[00000030h] |
3_2_00A6AAB0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8FAB0 mov eax, dword ptr fs:[00000030h] |
3_2_00A8FAB0 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8D294 mov eax, dword ptr fs:[00000030h] |
3_2_00A8D294 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A8D294 mov eax, dword ptr fs:[00000030h] |
3_2_00A8D294 |
| Source: C:\Users\user\Desktop\new_order.exe |
Code function: 3_2_00A82AE4 mov eax, dword ptr fs:[00000030h] |
3_2_00A82AE4 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0491849B mov eax, dword ptr fs:[00000030h] |
9_2_0491849B |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04909080 mov eax, dword ptr fs:[00000030h] |
9_2_04909080 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04983884 mov eax, dword ptr fs:[00000030h] |
9_2_04983884 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04983884 mov eax, dword ptr fs:[00000030h] |
9_2_04983884 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493F0BF mov ecx, dword ptr fs:[00000030h] |
9_2_0493F0BF |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493F0BF mov eax, dword ptr fs:[00000030h] |
9_2_0493F0BF |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493F0BF mov eax, dword ptr fs:[00000030h] |
9_2_0493F0BF |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049490AF mov eax, dword ptr fs:[00000030h] |
9_2_049490AF |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0499B8D0 mov eax, dword ptr fs:[00000030h] |
9_2_0499B8D0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0499B8D0 mov ecx, dword ptr fs:[00000030h] |
9_2_0499B8D0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0499B8D0 mov eax, dword ptr fs:[00000030h] |
9_2_0499B8D0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0499B8D0 mov eax, dword ptr fs:[00000030h] |
9_2_0499B8D0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0499B8D0 mov eax, dword ptr fs:[00000030h] |
9_2_0499B8D0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0499B8D0 mov eax, dword ptr fs:[00000030h] |
9_2_0499B8D0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D8CD6 mov eax, dword ptr fs:[00000030h] |
9_2_049D8CD6 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C14FB mov eax, dword ptr fs:[00000030h] |
9_2_049C14FB |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04986CF0 mov eax, dword ptr fs:[00000030h] |
9_2_04986CF0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04986CF0 mov eax, dword ptr fs:[00000030h] |
9_2_04986CF0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04986CF0 mov eax, dword ptr fs:[00000030h] |
9_2_04986CF0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D4015 mov eax, dword ptr fs:[00000030h] |
9_2_049D4015 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D4015 mov eax, dword ptr fs:[00000030h] |
9_2_049D4015 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04987016 mov eax, dword ptr fs:[00000030h] |
9_2_04987016 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04987016 mov eax, dword ptr fs:[00000030h] |
9_2_04987016 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04987016 mov eax, dword ptr fs:[00000030h] |
9_2_04987016 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D740D mov eax, dword ptr fs:[00000030h] |
9_2_049D740D |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D740D mov eax, dword ptr fs:[00000030h] |
9_2_049D740D |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D740D mov eax, dword ptr fs:[00000030h] |
9_2_049D740D |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04986C0A mov eax, dword ptr fs:[00000030h] |
9_2_04986C0A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04986C0A mov eax, dword ptr fs:[00000030h] |
9_2_04986C0A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04986C0A mov eax, dword ptr fs:[00000030h] |
9_2_04986C0A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04986C0A mov eax, dword ptr fs:[00000030h] |
9_2_04986C0A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C1C06 mov eax, dword ptr fs:[00000030h] |
9_2_049C1C06 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0491B02A mov eax, dword ptr fs:[00000030h] |
9_2_0491B02A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0491B02A mov eax, dword ptr fs:[00000030h] |
9_2_0491B02A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0491B02A mov eax, dword ptr fs:[00000030h] |
9_2_0491B02A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0491B02A mov eax, dword ptr fs:[00000030h] |
9_2_0491B02A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493002D mov eax, dword ptr fs:[00000030h] |
9_2_0493002D |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493002D mov eax, dword ptr fs:[00000030h] |
9_2_0493002D |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493002D mov eax, dword ptr fs:[00000030h] |
9_2_0493002D |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493002D mov eax, dword ptr fs:[00000030h] |
9_2_0493002D |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493002D mov eax, dword ptr fs:[00000030h] |
9_2_0493002D |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493BC2C mov eax, dword ptr fs:[00000030h] |
9_2_0493BC2C |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04920050 mov eax, dword ptr fs:[00000030h] |
9_2_04920050 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04920050 mov eax, dword ptr fs:[00000030h] |
9_2_04920050 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0499C450 mov eax, dword ptr fs:[00000030h] |
9_2_0499C450 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0499C450 mov eax, dword ptr fs:[00000030h] |
9_2_0499C450 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493A44B mov eax, dword ptr fs:[00000030h] |
9_2_0493A44B |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D1074 mov eax, dword ptr fs:[00000030h] |
9_2_049D1074 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C2073 mov eax, dword ptr fs:[00000030h] |
9_2_049C2073 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0492746D mov eax, dword ptr fs:[00000030h] |
9_2_0492746D |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04932990 mov eax, dword ptr fs:[00000030h] |
9_2_04932990 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493FD9B mov eax, dword ptr fs:[00000030h] |
9_2_0493FD9B |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493FD9B mov eax, dword ptr fs:[00000030h] |
9_2_0493FD9B |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0492C182 mov eax, dword ptr fs:[00000030h] |
9_2_0492C182 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04932581 mov eax, dword ptr fs:[00000030h] |
9_2_04932581 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04932581 mov eax, dword ptr fs:[00000030h] |
9_2_04932581 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04932581 mov eax, dword ptr fs:[00000030h] |
9_2_04932581 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04932581 mov eax, dword ptr fs:[00000030h] |
9_2_04932581 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493A185 mov eax, dword ptr fs:[00000030h] |
9_2_0493A185 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04902D8A mov eax, dword ptr fs:[00000030h] |
9_2_04902D8A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04902D8A mov eax, dword ptr fs:[00000030h] |
9_2_04902D8A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04902D8A mov eax, dword ptr fs:[00000030h] |
9_2_04902D8A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04902D8A mov eax, dword ptr fs:[00000030h] |
9_2_04902D8A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04902D8A mov eax, dword ptr fs:[00000030h] |
9_2_04902D8A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04931DB5 mov eax, dword ptr fs:[00000030h] |
9_2_04931DB5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04931DB5 mov eax, dword ptr fs:[00000030h] |
9_2_04931DB5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04931DB5 mov eax, dword ptr fs:[00000030h] |
9_2_04931DB5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049851BE mov eax, dword ptr fs:[00000030h] |
9_2_049851BE |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049851BE mov eax, dword ptr fs:[00000030h] |
9_2_049851BE |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049851BE mov eax, dword ptr fs:[00000030h] |
9_2_049851BE |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049851BE mov eax, dword ptr fs:[00000030h] |
9_2_049851BE |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049335A1 mov eax, dword ptr fs:[00000030h] |
9_2_049335A1 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049361A0 mov eax, dword ptr fs:[00000030h] |
9_2_049361A0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049361A0 mov eax, dword ptr fs:[00000030h] |
9_2_049361A0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049869A6 mov eax, dword ptr fs:[00000030h] |
9_2_049869A6 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049B8DF1 mov eax, dword ptr fs:[00000030h] |
9_2_049B8DF1 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490B1E1 mov eax, dword ptr fs:[00000030h] |
9_2_0490B1E1 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490B1E1 mov eax, dword ptr fs:[00000030h] |
9_2_0490B1E1 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490B1E1 mov eax, dword ptr fs:[00000030h] |
9_2_0490B1E1 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049941E8 mov eax, dword ptr fs:[00000030h] |
9_2_049941E8 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0491D5E0 mov eax, dword ptr fs:[00000030h] |
9_2_0491D5E0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0491D5E0 mov eax, dword ptr fs:[00000030h] |
9_2_0491D5E0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04909100 mov eax, dword ptr fs:[00000030h] |
9_2_04909100 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04909100 mov eax, dword ptr fs:[00000030h] |
9_2_04909100 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04909100 mov eax, dword ptr fs:[00000030h] |
9_2_04909100 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490AD30 mov eax, dword ptr fs:[00000030h] |
9_2_0490AD30 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04913D34 mov eax, dword ptr fs:[00000030h] |
9_2_04913D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04934D3B mov eax, dword ptr fs:[00000030h] |
9_2_04934D3B |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04934D3B mov eax, dword ptr fs:[00000030h] |
9_2_04934D3B |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04934D3B mov eax, dword ptr fs:[00000030h] |
9_2_04934D3B |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D8D34 mov eax, dword ptr fs:[00000030h] |
9_2_049D8D34 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493513A mov eax, dword ptr fs:[00000030h] |
9_2_0493513A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493513A mov eax, dword ptr fs:[00000030h] |
9_2_0493513A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0498A537 mov eax, dword ptr fs:[00000030h] |
9_2_0498A537 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04924120 mov eax, dword ptr fs:[00000030h] |
9_2_04924120 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04924120 mov eax, dword ptr fs:[00000030h] |
9_2_04924120 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04924120 mov eax, dword ptr fs:[00000030h] |
9_2_04924120 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04924120 mov eax, dword ptr fs:[00000030h] |
9_2_04924120 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04924120 mov ecx, dword ptr fs:[00000030h] |
9_2_04924120 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04927D50 mov eax, dword ptr fs:[00000030h] |
9_2_04927D50 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0492B944 mov eax, dword ptr fs:[00000030h] |
9_2_0492B944 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0492B944 mov eax, dword ptr fs:[00000030h] |
9_2_0492B944 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04943D43 mov eax, dword ptr fs:[00000030h] |
9_2_04943D43 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04983540 mov eax, dword ptr fs:[00000030h] |
9_2_04983540 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490B171 mov eax, dword ptr fs:[00000030h] |
9_2_0490B171 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490B171 mov eax, dword ptr fs:[00000030h] |
9_2_0490B171 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0492C577 mov eax, dword ptr fs:[00000030h] |
9_2_0492C577 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0492C577 mov eax, dword ptr fs:[00000030h] |
9_2_0492C577 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490C962 mov eax, dword ptr fs:[00000030h] |
9_2_0490C962 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493D294 mov eax, dword ptr fs:[00000030h] |
9_2_0493D294 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493D294 mov eax, dword ptr fs:[00000030h] |
9_2_0493D294 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0499FE87 mov eax, dword ptr fs:[00000030h] |
9_2_0499FE87 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0491AAB0 mov eax, dword ptr fs:[00000030h] |
9_2_0491AAB0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0491AAB0 mov eax, dword ptr fs:[00000030h] |
9_2_0491AAB0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493FAB0 mov eax, dword ptr fs:[00000030h] |
9_2_0493FAB0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049052A5 mov eax, dword ptr fs:[00000030h] |
9_2_049052A5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049052A5 mov eax, dword ptr fs:[00000030h] |
9_2_049052A5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049052A5 mov eax, dword ptr fs:[00000030h] |
9_2_049052A5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049052A5 mov eax, dword ptr fs:[00000030h] |
9_2_049052A5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049052A5 mov eax, dword ptr fs:[00000030h] |
9_2_049052A5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D0EA5 mov eax, dword ptr fs:[00000030h] |
9_2_049D0EA5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D0EA5 mov eax, dword ptr fs:[00000030h] |
9_2_049D0EA5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D0EA5 mov eax, dword ptr fs:[00000030h] |
9_2_049D0EA5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049846A7 mov eax, dword ptr fs:[00000030h] |
9_2_049846A7 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D8ED6 mov eax, dword ptr fs:[00000030h] |
9_2_049D8ED6 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04948EC7 mov eax, dword ptr fs:[00000030h] |
9_2_04948EC7 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04932ACB mov eax, dword ptr fs:[00000030h] |
9_2_04932ACB |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049BFEC0 mov eax, dword ptr fs:[00000030h] |
9_2_049BFEC0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049336CC mov eax, dword ptr fs:[00000030h] |
9_2_049336CC |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049316E0 mov ecx, dword ptr fs:[00000030h] |
9_2_049316E0 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049176E2 mov eax, dword ptr fs:[00000030h] |
9_2_049176E2 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04932AE4 mov eax, dword ptr fs:[00000030h] |
9_2_04932AE4 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490AA16 mov eax, dword ptr fs:[00000030h] |
9_2_0490AA16 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490AA16 mov eax, dword ptr fs:[00000030h] |
9_2_0490AA16 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04923A1C mov eax, dword ptr fs:[00000030h] |
9_2_04923A1C |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493A61C mov eax, dword ptr fs:[00000030h] |
9_2_0493A61C |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493A61C mov eax, dword ptr fs:[00000030h] |
9_2_0493A61C |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490C600 mov eax, dword ptr fs:[00000030h] |
9_2_0490C600 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490C600 mov eax, dword ptr fs:[00000030h] |
9_2_0490C600 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490C600 mov eax, dword ptr fs:[00000030h] |
9_2_0490C600 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04938E00 mov eax, dword ptr fs:[00000030h] |
9_2_04938E00 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04918A0A mov eax, dword ptr fs:[00000030h] |
9_2_04918A0A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049BFE3F mov eax, dword ptr fs:[00000030h] |
9_2_049BFE3F |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490E620 mov eax, dword ptr fs:[00000030h] |
9_2_0490E620 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04994257 mov eax, dword ptr fs:[00000030h] |
9_2_04994257 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04909240 mov eax, dword ptr fs:[00000030h] |
9_2_04909240 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04909240 mov eax, dword ptr fs:[00000030h] |
9_2_04909240 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04909240 mov eax, dword ptr fs:[00000030h] |
9_2_04909240 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04909240 mov eax, dword ptr fs:[00000030h] |
9_2_04909240 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04917E41 mov eax, dword ptr fs:[00000030h] |
9_2_04917E41 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04917E41 mov eax, dword ptr fs:[00000030h] |
9_2_04917E41 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04917E41 mov eax, dword ptr fs:[00000030h] |
9_2_04917E41 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04917E41 mov eax, dword ptr fs:[00000030h] |
9_2_04917E41 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04917E41 mov eax, dword ptr fs:[00000030h] |
9_2_04917E41 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04917E41 mov eax, dword ptr fs:[00000030h] |
9_2_04917E41 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0492AE73 mov eax, dword ptr fs:[00000030h] |
9_2_0492AE73 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0492AE73 mov eax, dword ptr fs:[00000030h] |
9_2_0492AE73 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0492AE73 mov eax, dword ptr fs:[00000030h] |
9_2_0492AE73 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0492AE73 mov eax, dword ptr fs:[00000030h] |
9_2_0492AE73 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0492AE73 mov eax, dword ptr fs:[00000030h] |
9_2_0492AE73 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0494927A mov eax, dword ptr fs:[00000030h] |
9_2_0494927A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049BB260 mov eax, dword ptr fs:[00000030h] |
9_2_049BB260 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049BB260 mov eax, dword ptr fs:[00000030h] |
9_2_049BB260 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0491766D mov eax, dword ptr fs:[00000030h] |
9_2_0491766D |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D8A62 mov eax, dword ptr fs:[00000030h] |
9_2_049D8A62 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493B390 mov eax, dword ptr fs:[00000030h] |
9_2_0493B390 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04932397 mov eax, dword ptr fs:[00000030h] |
9_2_04932397 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04918794 mov eax, dword ptr fs:[00000030h] |
9_2_04918794 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04987794 mov eax, dword ptr fs:[00000030h] |
9_2_04987794 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04987794 mov eax, dword ptr fs:[00000030h] |
9_2_04987794 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04987794 mov eax, dword ptr fs:[00000030h] |
9_2_04987794 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C138A mov eax, dword ptr fs:[00000030h] |
9_2_049C138A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049BD380 mov ecx, dword ptr fs:[00000030h] |
9_2_049BD380 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04911B8F mov eax, dword ptr fs:[00000030h] |
9_2_04911B8F |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04911B8F mov eax, dword ptr fs:[00000030h] |
9_2_04911B8F |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D5BA5 mov eax, dword ptr fs:[00000030h] |
9_2_049D5BA5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04934BAD mov eax, dword ptr fs:[00000030h] |
9_2_04934BAD |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04934BAD mov eax, dword ptr fs:[00000030h] |
9_2_04934BAD |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04934BAD mov eax, dword ptr fs:[00000030h] |
9_2_04934BAD |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049853CA mov eax, dword ptr fs:[00000030h] |
9_2_049853CA |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049853CA mov eax, dword ptr fs:[00000030h] |
9_2_049853CA |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049437F5 mov eax, dword ptr fs:[00000030h] |
9_2_049437F5 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049303E2 mov eax, dword ptr fs:[00000030h] |
9_2_049303E2 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049303E2 mov eax, dword ptr fs:[00000030h] |
9_2_049303E2 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049303E2 mov eax, dword ptr fs:[00000030h] |
9_2_049303E2 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049303E2 mov eax, dword ptr fs:[00000030h] |
9_2_049303E2 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049303E2 mov eax, dword ptr fs:[00000030h] |
9_2_049303E2 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049303E2 mov eax, dword ptr fs:[00000030h] |
9_2_049303E2 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0492F716 mov eax, dword ptr fs:[00000030h] |
9_2_0492F716 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049C131B mov eax, dword ptr fs:[00000030h] |
9_2_049C131B |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0499FF10 mov eax, dword ptr fs:[00000030h] |
9_2_0499FF10 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0499FF10 mov eax, dword ptr fs:[00000030h] |
9_2_0499FF10 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D070D mov eax, dword ptr fs:[00000030h] |
9_2_049D070D |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D070D mov eax, dword ptr fs:[00000030h] |
9_2_049D070D |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493A70E mov eax, dword ptr fs:[00000030h] |
9_2_0493A70E |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493A70E mov eax, dword ptr fs:[00000030h] |
9_2_0493A70E |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0493E730 mov eax, dword ptr fs:[00000030h] |
9_2_0493E730 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04904F2E mov eax, dword ptr fs:[00000030h] |
9_2_04904F2E |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04904F2E mov eax, dword ptr fs:[00000030h] |
9_2_04904F2E |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D8B58 mov eax, dword ptr fs:[00000030h] |
9_2_049D8B58 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490F358 mov eax, dword ptr fs:[00000030h] |
9_2_0490F358 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490DB40 mov eax, dword ptr fs:[00000030h] |
9_2_0490DB40 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0491EF40 mov eax, dword ptr fs:[00000030h] |
9_2_0491EF40 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04933B7A mov eax, dword ptr fs:[00000030h] |
9_2_04933B7A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_04933B7A mov eax, dword ptr fs:[00000030h] |
9_2_04933B7A |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0490DB60 mov ecx, dword ptr fs:[00000030h] |
9_2_0490DB60 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_0491FF60 mov eax, dword ptr fs:[00000030h] |
9_2_0491FF60 |
| Source: C:\Windows\SysWOW64\explorer.exe |
Code function: 9_2_049D8F6A mov eax, dword ptr fs:[00000030h] |
9_2_049D8F6A |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet