| Source: 7.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 7.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 7.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 7.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 7.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 7.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 19.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 19.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 7.2.DpiScaling.exe.72480000.4.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 7.2.DpiScaling.exe.72480000.4.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 19.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 19.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 19.2.DpiScaling.exe.72480000.4.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 19.2.DpiScaling.exe.72480000.4.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.2.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.2.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 7.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 7.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 7.2.DpiScaling.exe.72480000.4.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 7.2.DpiScaling.exe.72480000.4.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 19.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 19.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 19.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 19.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 19.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 19.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 19.2.DpiScaling.exe.72480000.4.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 19.2.DpiScaling.exe.72480000.4.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.2.logagent.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.2.logagent.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 19.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 19.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 19.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 19.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 20.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 20.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 7.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 7.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 7.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 7.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 7.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 7.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 7.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 7.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 19.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 19.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000016.00000002.577407800.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000016.00000002.577407800.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000007.00000000.382181653.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000007.00000000.382181653.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000013.00000002.539784754.0000000000930000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000013.00000002.539784754.0000000000930000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000013.00000000.497404130.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000013.00000000.497404130.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000013.00000002.539833484.0000000004030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000013.00000002.539833484.0000000004030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000014.00000002.581563268.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000014.00000002.581563268.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000014.00000002.576773570.0000000003200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000014.00000002.576773570.0000000003200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000016.00000002.576603089.0000000000BB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000016.00000002.576603089.0000000000BB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000007.00000000.382731911.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000007.00000000.382731911.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000007.00000002.551622054.0000000004360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000007.00000002.551622054.0000000004360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000007.00000002.549878995.0000000000760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000007.00000002.549878995.0000000000760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000007.00000000.382462227.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000007.00000000.382462227.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000014.00000002.577204129.00000000033B0000.00000040.00000800.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000014.00000002.577204129.00000000033B0000.00000040.00000800.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000008.00000000.429270100.000000000FA29000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000008.00000000.429270100.000000000FA29000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000007.00000000.381928025.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000007.00000000.381928025.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000007.00000002.554263444.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000007.00000002.554263444.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000013.00000000.498207002.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000013.00000000.498207002.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000013.00000000.497789528.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000013.00000000.497789528.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000008.00000000.496447356.000000000FA29000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000008.00000000.496447356.000000000FA29000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000017.00000002.551797421.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000017.00000002.551797421.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000014.00000000.521833051.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000014.00000000.521833051.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000014.00000000.522233517.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000014.00000000.522233517.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000016.00000002.576996398.0000000000CA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000016.00000002.576996398.0000000000CA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000013.00000000.498613511.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000013.00000000.498613511.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000014.00000000.521162250.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000014.00000000.521162250.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000013.00000002.546473865.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000013.00000002.546473865.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 00000014.00000000.521484053.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
| Source: 00000014.00000000.521484053.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
| Source: 7.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 19.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 19.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.2.DpiScaling.exe.72480000.4.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.2.DpiScaling.exe.72480000.4.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 19.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 19.0.DpiScaling.exe.72480000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 19.2.DpiScaling.exe.72480000.4.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 19.2.DpiScaling.exe.72480000.4.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.2.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.2.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.2.DpiScaling.exe.72480000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.2.DpiScaling.exe.72480000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.2.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 19.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 19.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 19.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 19.0.DpiScaling.exe.72480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 19.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 19.0.DpiScaling.exe.72480000.2.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 19.2.DpiScaling.exe.72480000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 19.2.DpiScaling.exe.72480000.4.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.2.logagent.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.2.logagent.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 19.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 19.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.1.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 19.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 19.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 20.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 20.0.logagent.exe.72480000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.0.DpiScaling.exe.72480000.3.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.0.DpiScaling.exe.72480000.1.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.0.DpiScaling.exe.72480000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 7.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 7.0.DpiScaling.exe.72480000.3.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 19.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 19.0.DpiScaling.exe.72480000.2.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000016.00000002.577407800.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000016.00000002.577407800.0000000002E10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000007.00000000.382181653.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000000.382181653.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000013.00000002.539784754.0000000000930000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000013.00000002.539784754.0000000000930000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000013.00000000.497404130.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000013.00000000.497404130.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000013.00000002.539833484.0000000004030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000013.00000002.539833484.0000000004030000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000014.00000002.581563268.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000014.00000002.581563268.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000014.00000002.576773570.0000000003200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000014.00000002.576773570.0000000003200000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000016.00000002.576603089.0000000000BB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000016.00000002.576603089.0000000000BB0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000007.00000000.382731911.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000000.382731911.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000007.00000002.551622054.0000000004360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000002.551622054.0000000004360000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000007.00000002.549878995.0000000000760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000002.549878995.0000000000760000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000007.00000000.382462227.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000000.382462227.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000014.00000002.577204129.00000000033B0000.00000040.00000800.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000014.00000002.577204129.00000000033B0000.00000040.00000800.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000008.00000000.429270100.000000000FA29000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000008.00000000.429270100.000000000FA29000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000007.00000000.381928025.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000000.381928025.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000007.00000002.554263444.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000007.00000002.554263444.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000013.00000000.498207002.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000013.00000000.498207002.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000013.00000000.497789528.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000013.00000000.497789528.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000008.00000000.496447356.000000000FA29000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000008.00000000.496447356.000000000FA29000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000017.00000002.551797421.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000017.00000002.551797421.00000000008B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000014.00000000.521833051.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000014.00000000.521833051.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000014.00000000.522233517.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000014.00000000.522233517.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000016.00000002.576996398.0000000000CA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000016.00000002.576996398.0000000000CA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000013.00000000.498613511.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000013.00000000.498613511.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000014.00000000.521162250.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000014.00000000.521162250.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000013.00000002.546473865.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000013.00000002.546473865.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: 00000014.00000000.521484053.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
| Source: 00000014.00000000.521484053.0000000072480000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
| Source: C:\Users\user\Contacts\fledrgqdoI.url, type: DROPPED | Matched rule: Methodology_Shortcut_HotKey author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
| Source: C:\Users\user\Contacts\fledrgqdoI.url, type: DROPPED | Matched rule: Methodology_Contains_Shortcut_OtherURIhandlers author = @itsreallynick (Nick Carr), description = Detects possible shortcut usage for .URL persistence, reference = https://twitter.com/cglyer/status/1176184798248919044, score = 27.09.2019 |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ?l .dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???t.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ?l .dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??i.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??i.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??i.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??i.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\7AYsP32Q7Y.exe | Section loaded: ??l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l .dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???t.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l .dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??i.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??i.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??i.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??i.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l .dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???t.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?f???.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2?????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l .dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??i.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??i.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??i.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??i.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ????.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ?l.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???2.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ???b.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??.dll | Jump to behavior |
| Source: C:\Users\user\Contacts\Iodqgrdelf.exe | Section loaded: ??l.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\msiexec.exe | Section loaded: sfc.dll | Jump to behavior |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473746D mov eax, dword ptr fs:[00000030h] | 7_2_0473746D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047AC450 mov eax, dword ptr fs:[00000030h] | 7_2_047AC450 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047AC450 mov eax, dword ptr fs:[00000030h] | 7_2_047AC450 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474A44B mov eax, dword ptr fs:[00000030h] | 7_2_0474A44B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474BC2C mov eax, dword ptr fs:[00000030h] | 7_2_0474BC2C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E740D mov eax, dword ptr fs:[00000030h] | 7_2_047E740D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E740D mov eax, dword ptr fs:[00000030h] | 7_2_047E740D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E740D mov eax, dword ptr fs:[00000030h] | 7_2_047E740D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796C0A mov eax, dword ptr fs:[00000030h] | 7_2_04796C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796C0A mov eax, dword ptr fs:[00000030h] | 7_2_04796C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796C0A mov eax, dword ptr fs:[00000030h] | 7_2_04796C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796C0A mov eax, dword ptr fs:[00000030h] | 7_2_04796C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1C06 mov eax, dword ptr fs:[00000030h] | 7_2_047D1C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D14FB mov eax, dword ptr fs:[00000030h] | 7_2_047D14FB |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796CF0 mov eax, dword ptr fs:[00000030h] | 7_2_04796CF0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796CF0 mov eax, dword ptr fs:[00000030h] | 7_2_04796CF0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796CF0 mov eax, dword ptr fs:[00000030h] | 7_2_04796CF0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E8CD6 mov eax, dword ptr fs:[00000030h] | 7_2_047E8CD6 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0472849B mov eax, dword ptr fs:[00000030h] | 7_2_0472849B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473C577 mov eax, dword ptr fs:[00000030h] | 7_2_0473C577 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473C577 mov eax, dword ptr fs:[00000030h] | 7_2_0473C577 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04737D50 mov eax, dword ptr fs:[00000030h] | 7_2_04737D50 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04753D43 mov eax, dword ptr fs:[00000030h] | 7_2_04753D43 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04793540 mov eax, dword ptr fs:[00000030h] | 7_2_04793540 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047C3D40 mov eax, dword ptr fs:[00000030h] | 7_2_047C3D40 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471AD30 mov eax, dword ptr fs:[00000030h] | 7_2_0471AD30 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047DE539 mov eax, dword ptr fs:[00000030h] | 7_2_047DE539 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04723D34 mov eax, dword ptr fs:[00000030h] | 7_2_04723D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E8D34 mov eax, dword ptr fs:[00000030h] | 7_2_047E8D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0479A537 mov eax, dword ptr fs:[00000030h] | 7_2_0479A537 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04744D3B mov eax, dword ptr fs:[00000030h] | 7_2_04744D3B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04744D3B mov eax, dword ptr fs:[00000030h] | 7_2_04744D3B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04744D3B mov eax, dword ptr fs:[00000030h] | 7_2_04744D3B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047C8DF1 mov eax, dword ptr fs:[00000030h] | 7_2_047C8DF1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0472D5E0 mov eax, dword ptr fs:[00000030h] | 7_2_0472D5E0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0472D5E0 mov eax, dword ptr fs:[00000030h] | 7_2_0472D5E0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047DFDE2 mov eax, dword ptr fs:[00000030h] | 7_2_047DFDE2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047DFDE2 mov eax, dword ptr fs:[00000030h] | 7_2_047DFDE2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047DFDE2 mov eax, dword ptr fs:[00000030h] | 7_2_047DFDE2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047DFDE2 mov eax, dword ptr fs:[00000030h] | 7_2_047DFDE2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796DC9 mov eax, dword ptr fs:[00000030h] | 7_2_04796DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796DC9 mov eax, dword ptr fs:[00000030h] | 7_2_04796DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796DC9 mov eax, dword ptr fs:[00000030h] | 7_2_04796DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796DC9 mov ecx, dword ptr fs:[00000030h] | 7_2_04796DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796DC9 mov eax, dword ptr fs:[00000030h] | 7_2_04796DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04796DC9 mov eax, dword ptr fs:[00000030h] | 7_2_04796DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04741DB5 mov eax, dword ptr fs:[00000030h] | 7_2_04741DB5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04741DB5 mov eax, dword ptr fs:[00000030h] | 7_2_04741DB5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04741DB5 mov eax, dword ptr fs:[00000030h] | 7_2_04741DB5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E05AC mov eax, dword ptr fs:[00000030h] | 7_2_047E05AC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E05AC mov eax, dword ptr fs:[00000030h] | 7_2_047E05AC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047435A1 mov eax, dword ptr fs:[00000030h] | 7_2_047435A1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474FD9B mov eax, dword ptr fs:[00000030h] | 7_2_0474FD9B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474FD9B mov eax, dword ptr fs:[00000030h] | 7_2_0474FD9B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04742581 mov eax, dword ptr fs:[00000030h] | 7_2_04742581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04742581 mov eax, dword ptr fs:[00000030h] | 7_2_04742581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04742581 mov eax, dword ptr fs:[00000030h] | 7_2_04742581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04742581 mov eax, dword ptr fs:[00000030h] | 7_2_04742581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04712D8A mov eax, dword ptr fs:[00000030h] | 7_2_04712D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04712D8A mov eax, dword ptr fs:[00000030h] | 7_2_04712D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04712D8A mov eax, dword ptr fs:[00000030h] | 7_2_04712D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04712D8A mov eax, dword ptr fs:[00000030h] | 7_2_04712D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04712D8A mov eax, dword ptr fs:[00000030h] | 7_2_04712D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473AE73 mov eax, dword ptr fs:[00000030h] | 7_2_0473AE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473AE73 mov eax, dword ptr fs:[00000030h] | 7_2_0473AE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473AE73 mov eax, dword ptr fs:[00000030h] | 7_2_0473AE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473AE73 mov eax, dword ptr fs:[00000030h] | 7_2_0473AE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473AE73 mov eax, dword ptr fs:[00000030h] | 7_2_0473AE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0472766D mov eax, dword ptr fs:[00000030h] | 7_2_0472766D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04727E41 mov eax, dword ptr fs:[00000030h] | 7_2_04727E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04727E41 mov eax, dword ptr fs:[00000030h] | 7_2_04727E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04727E41 mov eax, dword ptr fs:[00000030h] | 7_2_04727E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04727E41 mov eax, dword ptr fs:[00000030h] | 7_2_04727E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04727E41 mov eax, dword ptr fs:[00000030h] | 7_2_04727E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04727E41 mov eax, dword ptr fs:[00000030h] | 7_2_04727E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047DAE44 mov eax, dword ptr fs:[00000030h] | 7_2_047DAE44 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047DAE44 mov eax, dword ptr fs:[00000030h] | 7_2_047DAE44 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047CFE3F mov eax, dword ptr fs:[00000030h] | 7_2_047CFE3F |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471E620 mov eax, dword ptr fs:[00000030h] | 7_2_0471E620 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474A61C mov eax, dword ptr fs:[00000030h] | 7_2_0474A61C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474A61C mov eax, dword ptr fs:[00000030h] | 7_2_0474A61C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471C600 mov eax, dword ptr fs:[00000030h] | 7_2_0471C600 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471C600 mov eax, dword ptr fs:[00000030h] | 7_2_0471C600 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471C600 mov eax, dword ptr fs:[00000030h] | 7_2_0471C600 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04748E00 mov eax, dword ptr fs:[00000030h] | 7_2_04748E00 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D1608 mov eax, dword ptr fs:[00000030h] | 7_2_047D1608 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047276E2 mov eax, dword ptr fs:[00000030h] | 7_2_047276E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047416E0 mov ecx, dword ptr fs:[00000030h] | 7_2_047416E0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E8ED6 mov eax, dword ptr fs:[00000030h] | 7_2_047E8ED6 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04758EC7 mov eax, dword ptr fs:[00000030h] | 7_2_04758EC7 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047436CC mov eax, dword ptr fs:[00000030h] | 7_2_047436CC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047CFEC0 mov eax, dword ptr fs:[00000030h] | 7_2_047CFEC0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E0EA5 mov eax, dword ptr fs:[00000030h] | 7_2_047E0EA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E0EA5 mov eax, dword ptr fs:[00000030h] | 7_2_047E0EA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E0EA5 mov eax, dword ptr fs:[00000030h] | 7_2_047E0EA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047946A7 mov eax, dword ptr fs:[00000030h] | 7_2_047946A7 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047AFE87 mov eax, dword ptr fs:[00000030h] | 7_2_047AFE87 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0472FF60 mov eax, dword ptr fs:[00000030h] | 7_2_0472FF60 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E8F6A mov eax, dword ptr fs:[00000030h] | 7_2_047E8F6A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0472EF40 mov eax, dword ptr fs:[00000030h] | 7_2_0472EF40 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474E730 mov eax, dword ptr fs:[00000030h] | 7_2_0474E730 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04714F2E mov eax, dword ptr fs:[00000030h] | 7_2_04714F2E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04714F2E mov eax, dword ptr fs:[00000030h] | 7_2_04714F2E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473F716 mov eax, dword ptr fs:[00000030h] | 7_2_0473F716 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047AFF10 mov eax, dword ptr fs:[00000030h] | 7_2_047AFF10 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047AFF10 mov eax, dword ptr fs:[00000030h] | 7_2_047AFF10 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E070D mov eax, dword ptr fs:[00000030h] | 7_2_047E070D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E070D mov eax, dword ptr fs:[00000030h] | 7_2_047E070D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474A70E mov eax, dword ptr fs:[00000030h] | 7_2_0474A70E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474A70E mov eax, dword ptr fs:[00000030h] | 7_2_0474A70E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047537F5 mov eax, dword ptr fs:[00000030h] | 7_2_047537F5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04728794 mov eax, dword ptr fs:[00000030h] | 7_2_04728794 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04797794 mov eax, dword ptr fs:[00000030h] | 7_2_04797794 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04797794 mov eax, dword ptr fs:[00000030h] | 7_2_04797794 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04797794 mov eax, dword ptr fs:[00000030h] | 7_2_04797794 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E1074 mov eax, dword ptr fs:[00000030h] | 7_2_047E1074 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D2073 mov eax, dword ptr fs:[00000030h] | 7_2_047D2073 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04730050 mov eax, dword ptr fs:[00000030h] | 7_2_04730050 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04730050 mov eax, dword ptr fs:[00000030h] | 7_2_04730050 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0472B02A mov eax, dword ptr fs:[00000030h] | 7_2_0472B02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0472B02A mov eax, dword ptr fs:[00000030h] | 7_2_0472B02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0472B02A mov eax, dword ptr fs:[00000030h] | 7_2_0472B02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0472B02A mov eax, dword ptr fs:[00000030h] | 7_2_0472B02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474002D mov eax, dword ptr fs:[00000030h] | 7_2_0474002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474002D mov eax, dword ptr fs:[00000030h] | 7_2_0474002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474002D mov eax, dword ptr fs:[00000030h] | 7_2_0474002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474002D mov eax, dword ptr fs:[00000030h] | 7_2_0474002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474002D mov eax, dword ptr fs:[00000030h] | 7_2_0474002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E4015 mov eax, dword ptr fs:[00000030h] | 7_2_047E4015 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E4015 mov eax, dword ptr fs:[00000030h] | 7_2_047E4015 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04797016 mov eax, dword ptr fs:[00000030h] | 7_2_04797016 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04797016 mov eax, dword ptr fs:[00000030h] | 7_2_04797016 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04797016 mov eax, dword ptr fs:[00000030h] | 7_2_04797016 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047140E1 mov eax, dword ptr fs:[00000030h] | 7_2_047140E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047140E1 mov eax, dword ptr fs:[00000030h] | 7_2_047140E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047140E1 mov eax, dword ptr fs:[00000030h] | 7_2_047140E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047158EC mov eax, dword ptr fs:[00000030h] | 7_2_047158EC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047AB8D0 mov eax, dword ptr fs:[00000030h] | 7_2_047AB8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047AB8D0 mov ecx, dword ptr fs:[00000030h] | 7_2_047AB8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047AB8D0 mov eax, dword ptr fs:[00000030h] | 7_2_047AB8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047AB8D0 mov eax, dword ptr fs:[00000030h] | 7_2_047AB8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047AB8D0 mov eax, dword ptr fs:[00000030h] | 7_2_047AB8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047AB8D0 mov eax, dword ptr fs:[00000030h] | 7_2_047AB8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474F0BF mov ecx, dword ptr fs:[00000030h] | 7_2_0474F0BF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474F0BF mov eax, dword ptr fs:[00000030h] | 7_2_0474F0BF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474F0BF mov eax, dword ptr fs:[00000030h] | 7_2_0474F0BF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047420A0 mov eax, dword ptr fs:[00000030h] | 7_2_047420A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047420A0 mov eax, dword ptr fs:[00000030h] | 7_2_047420A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047420A0 mov eax, dword ptr fs:[00000030h] | 7_2_047420A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047420A0 mov eax, dword ptr fs:[00000030h] | 7_2_047420A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047420A0 mov eax, dword ptr fs:[00000030h] | 7_2_047420A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047420A0 mov eax, dword ptr fs:[00000030h] | 7_2_047420A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047590AF mov eax, dword ptr fs:[00000030h] | 7_2_047590AF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04719080 mov eax, dword ptr fs:[00000030h] | 7_2_04719080 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04793884 mov eax, dword ptr fs:[00000030h] | 7_2_04793884 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04793884 mov eax, dword ptr fs:[00000030h] | 7_2_04793884 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471B171 mov eax, dword ptr fs:[00000030h] | 7_2_0471B171 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471B171 mov eax, dword ptr fs:[00000030h] | 7_2_0471B171 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471C962 mov eax, dword ptr fs:[00000030h] | 7_2_0471C962 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473B944 mov eax, dword ptr fs:[00000030h] | 7_2_0473B944 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473B944 mov eax, dword ptr fs:[00000030h] | 7_2_0473B944 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474513A mov eax, dword ptr fs:[00000030h] | 7_2_0474513A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474513A mov eax, dword ptr fs:[00000030h] | 7_2_0474513A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04734120 mov eax, dword ptr fs:[00000030h] | 7_2_04734120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04734120 mov eax, dword ptr fs:[00000030h] | 7_2_04734120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04734120 mov eax, dword ptr fs:[00000030h] | 7_2_04734120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04734120 mov eax, dword ptr fs:[00000030h] | 7_2_04734120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04734120 mov ecx, dword ptr fs:[00000030h] | 7_2_04734120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04719100 mov eax, dword ptr fs:[00000030h] | 7_2_04719100 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04719100 mov eax, dword ptr fs:[00000030h] | 7_2_04719100 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04719100 mov eax, dword ptr fs:[00000030h] | 7_2_04719100 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471B1E1 mov eax, dword ptr fs:[00000030h] | 7_2_0471B1E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471B1E1 mov eax, dword ptr fs:[00000030h] | 7_2_0471B1E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471B1E1 mov eax, dword ptr fs:[00000030h] | 7_2_0471B1E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047A41E8 mov eax, dword ptr fs:[00000030h] | 7_2_047A41E8 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047951BE mov eax, dword ptr fs:[00000030h] | 7_2_047951BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047951BE mov eax, dword ptr fs:[00000030h] | 7_2_047951BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047951BE mov eax, dword ptr fs:[00000030h] | 7_2_047951BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047951BE mov eax, dword ptr fs:[00000030h] | 7_2_047951BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047461A0 mov eax, dword ptr fs:[00000030h] | 7_2_047461A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047461A0 mov eax, dword ptr fs:[00000030h] | 7_2_047461A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D49A4 mov eax, dword ptr fs:[00000030h] | 7_2_047D49A4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D49A4 mov eax, dword ptr fs:[00000030h] | 7_2_047D49A4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D49A4 mov eax, dword ptr fs:[00000030h] | 7_2_047D49A4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D49A4 mov eax, dword ptr fs:[00000030h] | 7_2_047D49A4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047969A6 mov eax, dword ptr fs:[00000030h] | 7_2_047969A6 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04742990 mov eax, dword ptr fs:[00000030h] | 7_2_04742990 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473C182 mov eax, dword ptr fs:[00000030h] | 7_2_0473C182 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474A185 mov eax, dword ptr fs:[00000030h] | 7_2_0474A185 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0475927A mov eax, dword ptr fs:[00000030h] | 7_2_0475927A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047CB260 mov eax, dword ptr fs:[00000030h] | 7_2_047CB260 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047CB260 mov eax, dword ptr fs:[00000030h] | 7_2_047CB260 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E8A62 mov eax, dword ptr fs:[00000030h] | 7_2_047E8A62 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047DEA55 mov eax, dword ptr fs:[00000030h] | 7_2_047DEA55 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047A4257 mov eax, dword ptr fs:[00000030h] | 7_2_047A4257 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04719240 mov eax, dword ptr fs:[00000030h] | 7_2_04719240 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04719240 mov eax, dword ptr fs:[00000030h] | 7_2_04719240 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04719240 mov eax, dword ptr fs:[00000030h] | 7_2_04719240 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04719240 mov eax, dword ptr fs:[00000030h] | 7_2_04719240 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04754A2C mov eax, dword ptr fs:[00000030h] | 7_2_04754A2C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04754A2C mov eax, dword ptr fs:[00000030h] | 7_2_04754A2C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04715210 mov eax, dword ptr fs:[00000030h] | 7_2_04715210 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04715210 mov ecx, dword ptr fs:[00000030h] | 7_2_04715210 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04715210 mov eax, dword ptr fs:[00000030h] | 7_2_04715210 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04715210 mov eax, dword ptr fs:[00000030h] | 7_2_04715210 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471AA16 mov eax, dword ptr fs:[00000030h] | 7_2_0471AA16 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471AA16 mov eax, dword ptr fs:[00000030h] | 7_2_0471AA16 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047DAA16 mov eax, dword ptr fs:[00000030h] | 7_2_047DAA16 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047DAA16 mov eax, dword ptr fs:[00000030h] | 7_2_047DAA16 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04733A1C mov eax, dword ptr fs:[00000030h] | 7_2_04733A1C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04728A0A mov eax, dword ptr fs:[00000030h] | 7_2_04728A0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04742AE4 mov eax, dword ptr fs:[00000030h] | 7_2_04742AE4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04742ACB mov eax, dword ptr fs:[00000030h] | 7_2_04742ACB |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0472AAB0 mov eax, dword ptr fs:[00000030h] | 7_2_0472AAB0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0472AAB0 mov eax, dword ptr fs:[00000030h] | 7_2_0472AAB0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474FAB0 mov eax, dword ptr fs:[00000030h] | 7_2_0474FAB0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047152A5 mov eax, dword ptr fs:[00000030h] | 7_2_047152A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047152A5 mov eax, dword ptr fs:[00000030h] | 7_2_047152A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047152A5 mov eax, dword ptr fs:[00000030h] | 7_2_047152A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047152A5 mov eax, dword ptr fs:[00000030h] | 7_2_047152A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047152A5 mov eax, dword ptr fs:[00000030h] | 7_2_047152A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474D294 mov eax, dword ptr fs:[00000030h] | 7_2_0474D294 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474D294 mov eax, dword ptr fs:[00000030h] | 7_2_0474D294 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04743B7A mov eax, dword ptr fs:[00000030h] | 7_2_04743B7A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04743B7A mov eax, dword ptr fs:[00000030h] | 7_2_04743B7A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471DB60 mov ecx, dword ptr fs:[00000030h] | 7_2_0471DB60 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E8B58 mov eax, dword ptr fs:[00000030h] | 7_2_047E8B58 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471F358 mov eax, dword ptr fs:[00000030h] | 7_2_0471F358 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0471DB40 mov eax, dword ptr fs:[00000030h] | 7_2_0471DB40 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D131B mov eax, dword ptr fs:[00000030h] | 7_2_047D131B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047403E2 mov eax, dword ptr fs:[00000030h] | 7_2_047403E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047403E2 mov eax, dword ptr fs:[00000030h] | 7_2_047403E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047403E2 mov eax, dword ptr fs:[00000030h] | 7_2_047403E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047403E2 mov eax, dword ptr fs:[00000030h] | 7_2_047403E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047403E2 mov eax, dword ptr fs:[00000030h] | 7_2_047403E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047403E2 mov eax, dword ptr fs:[00000030h] | 7_2_047403E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0473DBE9 mov eax, dword ptr fs:[00000030h] | 7_2_0473DBE9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047953CA mov eax, dword ptr fs:[00000030h] | 7_2_047953CA |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047953CA mov eax, dword ptr fs:[00000030h] | 7_2_047953CA |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04744BAD mov eax, dword ptr fs:[00000030h] | 7_2_04744BAD |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04744BAD mov eax, dword ptr fs:[00000030h] | 7_2_04744BAD |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04744BAD mov eax, dword ptr fs:[00000030h] | 7_2_04744BAD |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047E5BA5 mov eax, dword ptr fs:[00000030h] | 7_2_047E5BA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04742397 mov eax, dword ptr fs:[00000030h] | 7_2_04742397 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_0474B390 mov eax, dword ptr fs:[00000030h] | 7_2_0474B390 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047D138A mov eax, dword ptr fs:[00000030h] | 7_2_047D138A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_047CD380 mov ecx, dword ptr fs:[00000030h] | 7_2_047CD380 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04721B8F mov eax, dword ptr fs:[00000030h] | 7_2_04721B8F |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 7_2_04721B8F mov eax, dword ptr fs:[00000030h] | 7_2_04721B8F |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042EB02A mov eax, dword ptr fs:[00000030h] | 19_2_042EB02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042EB02A mov eax, dword ptr fs:[00000030h] | 19_2_042EB02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042EB02A mov eax, dword ptr fs:[00000030h] | 19_2_042EB02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042EB02A mov eax, dword ptr fs:[00000030h] | 19_2_042EB02A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430BC2C mov eax, dword ptr fs:[00000030h] | 19_2_0430BC2C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430002D mov eax, dword ptr fs:[00000030h] | 19_2_0430002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430002D mov eax, dword ptr fs:[00000030h] | 19_2_0430002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430002D mov eax, dword ptr fs:[00000030h] | 19_2_0430002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430002D mov eax, dword ptr fs:[00000030h] | 19_2_0430002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430002D mov eax, dword ptr fs:[00000030h] | 19_2_0430002D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04357016 mov eax, dword ptr fs:[00000030h] | 19_2_04357016 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04357016 mov eax, dword ptr fs:[00000030h] | 19_2_04357016 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04357016 mov eax, dword ptr fs:[00000030h] | 19_2_04357016 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A4015 mov eax, dword ptr fs:[00000030h] | 19_2_043A4015 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A4015 mov eax, dword ptr fs:[00000030h] | 19_2_043A4015 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A740D mov eax, dword ptr fs:[00000030h] | 19_2_043A740D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A740D mov eax, dword ptr fs:[00000030h] | 19_2_043A740D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A740D mov eax, dword ptr fs:[00000030h] | 19_2_043A740D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391C06 mov eax, dword ptr fs:[00000030h] | 19_2_04391C06 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356C0A mov eax, dword ptr fs:[00000030h] | 19_2_04356C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356C0A mov eax, dword ptr fs:[00000030h] | 19_2_04356C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356C0A mov eax, dword ptr fs:[00000030h] | 19_2_04356C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356C0A mov eax, dword ptr fs:[00000030h] | 19_2_04356C0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042F746D mov eax, dword ptr fs:[00000030h] | 19_2_042F746D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04392073 mov eax, dword ptr fs:[00000030h] | 19_2_04392073 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A1074 mov eax, dword ptr fs:[00000030h] | 19_2_043A1074 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0436C450 mov eax, dword ptr fs:[00000030h] | 19_2_0436C450 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0436C450 mov eax, dword ptr fs:[00000030h] | 19_2_0436C450 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430A44B mov eax, dword ptr fs:[00000030h] | 19_2_0430A44B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042F0050 mov eax, dword ptr fs:[00000030h] | 19_2_042F0050 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042F0050 mov eax, dword ptr fs:[00000030h] | 19_2_042F0050 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430F0BF mov ecx, dword ptr fs:[00000030h] | 19_2_0430F0BF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430F0BF mov eax, dword ptr fs:[00000030h] | 19_2_0430F0BF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430F0BF mov eax, dword ptr fs:[00000030h] | 19_2_0430F0BF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043020A0 mov eax, dword ptr fs:[00000030h] | 19_2_043020A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043020A0 mov eax, dword ptr fs:[00000030h] | 19_2_043020A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043020A0 mov eax, dword ptr fs:[00000030h] | 19_2_043020A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043020A0 mov eax, dword ptr fs:[00000030h] | 19_2_043020A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043020A0 mov eax, dword ptr fs:[00000030h] | 19_2_043020A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043020A0 mov eax, dword ptr fs:[00000030h] | 19_2_043020A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043190AF mov eax, dword ptr fs:[00000030h] | 19_2_043190AF |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D9080 mov eax, dword ptr fs:[00000030h] | 19_2_042D9080 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04353884 mov eax, dword ptr fs:[00000030h] | 19_2_04353884 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04353884 mov eax, dword ptr fs:[00000030h] | 19_2_04353884 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E849B mov eax, dword ptr fs:[00000030h] | 19_2_042E849B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D58EC mov eax, dword ptr fs:[00000030h] | 19_2_042D58EC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043914FB mov eax, dword ptr fs:[00000030h] | 19_2_043914FB |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356CF0 mov eax, dword ptr fs:[00000030h] | 19_2_04356CF0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356CF0 mov eax, dword ptr fs:[00000030h] | 19_2_04356CF0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356CF0 mov eax, dword ptr fs:[00000030h] | 19_2_04356CF0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0436B8D0 mov eax, dword ptr fs:[00000030h] | 19_2_0436B8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0436B8D0 mov ecx, dword ptr fs:[00000030h] | 19_2_0436B8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0436B8D0 mov eax, dword ptr fs:[00000030h] | 19_2_0436B8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0436B8D0 mov eax, dword ptr fs:[00000030h] | 19_2_0436B8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0436B8D0 mov eax, dword ptr fs:[00000030h] | 19_2_0436B8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0436B8D0 mov eax, dword ptr fs:[00000030h] | 19_2_0436B8D0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A8CD6 mov eax, dword ptr fs:[00000030h] | 19_2_043A8CD6 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0435A537 mov eax, dword ptr fs:[00000030h] | 19_2_0435A537 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430513A mov eax, dword ptr fs:[00000030h] | 19_2_0430513A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430513A mov eax, dword ptr fs:[00000030h] | 19_2_0430513A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04304D3B mov eax, dword ptr fs:[00000030h] | 19_2_04304D3B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04304D3B mov eax, dword ptr fs:[00000030h] | 19_2_04304D3B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04304D3B mov eax, dword ptr fs:[00000030h] | 19_2_04304D3B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A8D34 mov eax, dword ptr fs:[00000030h] | 19_2_043A8D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042F4120 mov eax, dword ptr fs:[00000030h] | 19_2_042F4120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042F4120 mov eax, dword ptr fs:[00000030h] | 19_2_042F4120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042F4120 mov eax, dword ptr fs:[00000030h] | 19_2_042F4120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042F4120 mov eax, dword ptr fs:[00000030h] | 19_2_042F4120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042F4120 mov ecx, dword ptr fs:[00000030h] | 19_2_042F4120 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E3D34 mov eax, dword ptr fs:[00000030h] | 19_2_042E3D34 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DAD30 mov eax, dword ptr fs:[00000030h] | 19_2_042DAD30 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D9100 mov eax, dword ptr fs:[00000030h] | 19_2_042D9100 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D9100 mov eax, dword ptr fs:[00000030h] | 19_2_042D9100 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D9100 mov eax, dword ptr fs:[00000030h] | 19_2_042D9100 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DC962 mov eax, dword ptr fs:[00000030h] | 19_2_042DC962 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042FC577 mov eax, dword ptr fs:[00000030h] | 19_2_042FC577 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042FC577 mov eax, dword ptr fs:[00000030h] | 19_2_042FC577 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DB171 mov eax, dword ptr fs:[00000030h] | 19_2_042DB171 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DB171 mov eax, dword ptr fs:[00000030h] | 19_2_042DB171 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042FB944 mov eax, dword ptr fs:[00000030h] | 19_2_042FB944 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042FB944 mov eax, dword ptr fs:[00000030h] | 19_2_042FB944 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04313D43 mov eax, dword ptr fs:[00000030h] | 19_2_04313D43 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04353540 mov eax, dword ptr fs:[00000030h] | 19_2_04353540 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042F7D50 mov eax, dword ptr fs:[00000030h] | 19_2_042F7D50 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04301DB5 mov eax, dword ptr fs:[00000030h] | 19_2_04301DB5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04301DB5 mov eax, dword ptr fs:[00000030h] | 19_2_04301DB5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04301DB5 mov eax, dword ptr fs:[00000030h] | 19_2_04301DB5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043551BE mov eax, dword ptr fs:[00000030h] | 19_2_043551BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043551BE mov eax, dword ptr fs:[00000030h] | 19_2_043551BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043551BE mov eax, dword ptr fs:[00000030h] | 19_2_043551BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043551BE mov eax, dword ptr fs:[00000030h] | 19_2_043551BE |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043061A0 mov eax, dword ptr fs:[00000030h] | 19_2_043061A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043061A0 mov eax, dword ptr fs:[00000030h] | 19_2_043061A0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043035A1 mov eax, dword ptr fs:[00000030h] | 19_2_043035A1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043569A6 mov eax, dword ptr fs:[00000030h] | 19_2_043569A6 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A05AC mov eax, dword ptr fs:[00000030h] | 19_2_043A05AC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A05AC mov eax, dword ptr fs:[00000030h] | 19_2_043A05AC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04302990 mov eax, dword ptr fs:[00000030h] | 19_2_04302990 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D2D8A mov eax, dword ptr fs:[00000030h] | 19_2_042D2D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D2D8A mov eax, dword ptr fs:[00000030h] | 19_2_042D2D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D2D8A mov eax, dword ptr fs:[00000030h] | 19_2_042D2D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D2D8A mov eax, dword ptr fs:[00000030h] | 19_2_042D2D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D2D8A mov eax, dword ptr fs:[00000030h] | 19_2_042D2D8A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430FD9B mov eax, dword ptr fs:[00000030h] | 19_2_0430FD9B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430FD9B mov eax, dword ptr fs:[00000030h] | 19_2_0430FD9B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042FC182 mov eax, dword ptr fs:[00000030h] | 19_2_042FC182 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04302581 mov eax, dword ptr fs:[00000030h] | 19_2_04302581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04302581 mov eax, dword ptr fs:[00000030h] | 19_2_04302581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04302581 mov eax, dword ptr fs:[00000030h] | 19_2_04302581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04302581 mov eax, dword ptr fs:[00000030h] | 19_2_04302581 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430A185 mov eax, dword ptr fs:[00000030h] | 19_2_0430A185 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04388DF1 mov eax, dword ptr fs:[00000030h] | 19_2_04388DF1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DB1E1 mov eax, dword ptr fs:[00000030h] | 19_2_042DB1E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DB1E1 mov eax, dword ptr fs:[00000030h] | 19_2_042DB1E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DB1E1 mov eax, dword ptr fs:[00000030h] | 19_2_042DB1E1 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042ED5E0 mov eax, dword ptr fs:[00000030h] | 19_2_042ED5E0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042ED5E0 mov eax, dword ptr fs:[00000030h] | 19_2_042ED5E0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043641E8 mov eax, dword ptr fs:[00000030h] | 19_2_043641E8 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356DC9 mov eax, dword ptr fs:[00000030h] | 19_2_04356DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356DC9 mov eax, dword ptr fs:[00000030h] | 19_2_04356DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356DC9 mov eax, dword ptr fs:[00000030h] | 19_2_04356DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356DC9 mov ecx, dword ptr fs:[00000030h] | 19_2_04356DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356DC9 mov eax, dword ptr fs:[00000030h] | 19_2_04356DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04356DC9 mov eax, dword ptr fs:[00000030h] | 19_2_04356DC9 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0438FE3F mov eax, dword ptr fs:[00000030h] | 19_2_0438FE3F |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DE620 mov eax, dword ptr fs:[00000030h] | 19_2_042DE620 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04314A2C mov eax, dword ptr fs:[00000030h] | 19_2_04314A2C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04314A2C mov eax, dword ptr fs:[00000030h] | 19_2_04314A2C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E8A0A mov eax, dword ptr fs:[00000030h] | 19_2_042E8A0A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430A61C mov eax, dword ptr fs:[00000030h] | 19_2_0430A61C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430A61C mov eax, dword ptr fs:[00000030h] | 19_2_0430A61C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DC600 mov eax, dword ptr fs:[00000030h] | 19_2_042DC600 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DC600 mov eax, dword ptr fs:[00000030h] | 19_2_042DC600 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DC600 mov eax, dword ptr fs:[00000030h] | 19_2_042DC600 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04308E00 mov eax, dword ptr fs:[00000030h] | 19_2_04308E00 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04391608 mov eax, dword ptr fs:[00000030h] | 19_2_04391608 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042F3A1C mov eax, dword ptr fs:[00000030h] | 19_2_042F3A1C |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DAA16 mov eax, dword ptr fs:[00000030h] | 19_2_042DAA16 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DAA16 mov eax, dword ptr fs:[00000030h] | 19_2_042DAA16 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D5210 mov eax, dword ptr fs:[00000030h] | 19_2_042D5210 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D5210 mov ecx, dword ptr fs:[00000030h] | 19_2_042D5210 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D5210 mov eax, dword ptr fs:[00000030h] | 19_2_042D5210 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D5210 mov eax, dword ptr fs:[00000030h] | 19_2_042D5210 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E766D mov eax, dword ptr fs:[00000030h] | 19_2_042E766D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0431927A mov eax, dword ptr fs:[00000030h] | 19_2_0431927A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0438B260 mov eax, dword ptr fs:[00000030h] | 19_2_0438B260 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0438B260 mov eax, dword ptr fs:[00000030h] | 19_2_0438B260 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A8A62 mov eax, dword ptr fs:[00000030h] | 19_2_043A8A62 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042FAE73 mov eax, dword ptr fs:[00000030h] | 19_2_042FAE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042FAE73 mov eax, dword ptr fs:[00000030h] | 19_2_042FAE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042FAE73 mov eax, dword ptr fs:[00000030h] | 19_2_042FAE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042FAE73 mov eax, dword ptr fs:[00000030h] | 19_2_042FAE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042FAE73 mov eax, dword ptr fs:[00000030h] | 19_2_042FAE73 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04364257 mov eax, dword ptr fs:[00000030h] | 19_2_04364257 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D9240 mov eax, dword ptr fs:[00000030h] | 19_2_042D9240 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D9240 mov eax, dword ptr fs:[00000030h] | 19_2_042D9240 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D9240 mov eax, dword ptr fs:[00000030h] | 19_2_042D9240 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D9240 mov eax, dword ptr fs:[00000030h] | 19_2_042D9240 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E7E41 mov eax, dword ptr fs:[00000030h] | 19_2_042E7E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E7E41 mov eax, dword ptr fs:[00000030h] | 19_2_042E7E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E7E41 mov eax, dword ptr fs:[00000030h] | 19_2_042E7E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E7E41 mov eax, dword ptr fs:[00000030h] | 19_2_042E7E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E7E41 mov eax, dword ptr fs:[00000030h] | 19_2_042E7E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E7E41 mov eax, dword ptr fs:[00000030h] | 19_2_042E7E41 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430FAB0 mov eax, dword ptr fs:[00000030h] | 19_2_0430FAB0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D52A5 mov eax, dword ptr fs:[00000030h] | 19_2_042D52A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D52A5 mov eax, dword ptr fs:[00000030h] | 19_2_042D52A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D52A5 mov eax, dword ptr fs:[00000030h] | 19_2_042D52A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D52A5 mov eax, dword ptr fs:[00000030h] | 19_2_042D52A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D52A5 mov eax, dword ptr fs:[00000030h] | 19_2_042D52A5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043546A7 mov eax, dword ptr fs:[00000030h] | 19_2_043546A7 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042EAAB0 mov eax, dword ptr fs:[00000030h] | 19_2_042EAAB0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042EAAB0 mov eax, dword ptr fs:[00000030h] | 19_2_042EAAB0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A0EA5 mov eax, dword ptr fs:[00000030h] | 19_2_043A0EA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A0EA5 mov eax, dword ptr fs:[00000030h] | 19_2_043A0EA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A0EA5 mov eax, dword ptr fs:[00000030h] | 19_2_043A0EA5 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430D294 mov eax, dword ptr fs:[00000030h] | 19_2_0430D294 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430D294 mov eax, dword ptr fs:[00000030h] | 19_2_0430D294 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0436FE87 mov eax, dword ptr fs:[00000030h] | 19_2_0436FE87 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042E76E2 mov eax, dword ptr fs:[00000030h] | 19_2_042E76E2 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043016E0 mov ecx, dword ptr fs:[00000030h] | 19_2_043016E0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04302AE4 mov eax, dword ptr fs:[00000030h] | 19_2_04302AE4 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A8ED6 mov eax, dword ptr fs:[00000030h] | 19_2_043A8ED6 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04318EC7 mov eax, dword ptr fs:[00000030h] | 19_2_04318EC7 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0438FEC0 mov eax, dword ptr fs:[00000030h] | 19_2_0438FEC0 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04302ACB mov eax, dword ptr fs:[00000030h] | 19_2_04302ACB |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043036CC mov eax, dword ptr fs:[00000030h] | 19_2_043036CC |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430E730 mov eax, dword ptr fs:[00000030h] | 19_2_0430E730 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D4F2E mov eax, dword ptr fs:[00000030h] | 19_2_042D4F2E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042D4F2E mov eax, dword ptr fs:[00000030h] | 19_2_042D4F2E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0439131B mov eax, dword ptr fs:[00000030h] | 19_2_0439131B |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0436FF10 mov eax, dword ptr fs:[00000030h] | 19_2_0436FF10 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0436FF10 mov eax, dword ptr fs:[00000030h] | 19_2_0436FF10 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A070D mov eax, dword ptr fs:[00000030h] | 19_2_043A070D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_043A070D mov eax, dword ptr fs:[00000030h] | 19_2_043A070D |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042FF716 mov eax, dword ptr fs:[00000030h] | 19_2_042FF716 |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430A70E mov eax, dword ptr fs:[00000030h] | 19_2_0430A70E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_0430A70E mov eax, dword ptr fs:[00000030h] | 19_2_0430A70E |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04303B7A mov eax, dword ptr fs:[00000030h] | 19_2_04303B7A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_04303B7A mov eax, dword ptr fs:[00000030h] | 19_2_04303B7A |
| Source: C:\Windows\SysWOW64\DpiScaling.exe | Code function: 19_2_042DDB60 mov ecx, dword ptr fs:[00000030h] | 19_2_042DDB60 |
Edit tour
7AYsP32Q7Y.exe (PID: 2940 cmdline: 
DpiScaling.exe (PID: 2984 cmdline: 
explorer.exe (PID: 3352 cmdline: 
msiexec.exe (PID: 3912 cmdline: 
cscript.exe (PID: 6684 cmdline: 
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node