Source: 2.0.zrztlh.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.0.zrztlh.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.0.zrztlh.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.0.zrztlh.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 1.2.zrztlh.exe.730000.0.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 1.2.zrztlh.exe.730000.0.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.2.zrztlh.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.2.zrztlh.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.2.zrztlh.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.2.zrztlh.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.0.zrztlh.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.0.zrztlh.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.0.zrztlh.exe.400000.6.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.0.zrztlh.exe.400000.6.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.0.zrztlh.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 2.0.zrztlh.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 1.2.zrztlh.exe.730000.0.raw.unpack, type: UNPACKEDPE | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 1.2.zrztlh.exe.730000.0.raw.unpack, type: UNPACKEDPE | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000A.00000002.716381096.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000A.00000002.716381096.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.532479062.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.532479062.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000002.447718606.0000000000730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000001.00000002.447718606.0000000000730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.533348401.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.533348401.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000003.00000000.509506176.0000000005327000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000003.00000000.509506176.0000000005327000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000003.00000000.489068141.0000000005327000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000003.00000000.489068141.0000000005327000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000002.532198194.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000002.532198194.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000000.445889127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000000.445889127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000A.00000002.716275585.0000000000E30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000A.00000002.716275585.0000000000E30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 0000000A.00000002.715399968.00000000007C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 0000000A.00000002.715399968.00000000007C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 00000002.00000000.443445716.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com |
Source: 00000002.00000000.443445716.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group |
Source: 2.0.zrztlh.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.0.zrztlh.exe.400000.6.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.0.zrztlh.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.0.zrztlh.exe.400000.8.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 1.2.zrztlh.exe.730000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 1.2.zrztlh.exe.730000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.2.zrztlh.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.2.zrztlh.exe.400000.0.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.2.zrztlh.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.2.zrztlh.exe.400000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.0.zrztlh.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.0.zrztlh.exe.400000.8.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.0.zrztlh.exe.400000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.0.zrztlh.exe.400000.6.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 2.0.zrztlh.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 2.0.zrztlh.exe.400000.4.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 1.2.zrztlh.exe.730000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 1.2.zrztlh.exe.730000.0.raw.unpack, type: UNPACKEDPE | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000A.00000002.716381096.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000A.00000002.716381096.0000000000E70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.532479062.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.532479062.00000000011E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000002.447718606.0000000000730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000001.00000002.447718606.0000000000730000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.533348401.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.533348401.0000000001550000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000003.00000000.509506176.0000000005327000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000003.00000000.509506176.0000000005327000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000003.00000000.489068141.0000000005327000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000003.00000000.489068141.0000000005327000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000002.532198194.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000002.532198194.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000000.445889127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000000.445889127.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000A.00000002.716275585.0000000000E30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000A.00000002.716275585.0000000000E30000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 0000000A.00000002.715399968.00000000007C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 0000000A.00000002.715399968.00000000007C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: 00000002.00000000.443445716.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE |
Source: 00000002.00000000.443445716.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY | Matched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: 2_2_0041A330 NtCreateFile, | 2_2_0041A330 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: 2_2_0041A3E0 NtReadFile, | 2_2_0041A3E0 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: 2_2_0041A460 NtClose, | 2_2_0041A460 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: 2_2_0041A510 NtAllocateVirtualMemory, | 2_2_0041A510 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: 2_2_0041A32A NtCreateFile, | 2_2_0041A32A |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: 2_2_0041A3DB NtReadFile, | 2_2_0041A3DB |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: 2_2_0041A45A NtClose, | 2_2_0041A45A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399710 NtQueryInformationToken,LdrInitializeThunk, | 10_2_03399710 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399780 NtMapViewOfSection,LdrInitializeThunk, | 10_2_03399780 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399FE0 NtCreateMutant,LdrInitializeThunk, | 10_2_03399FE0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399660 NtAllocateVirtualMemory,LdrInitializeThunk, | 10_2_03399660 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399A50 NtCreateFile,LdrInitializeThunk, | 10_2_03399A50 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399650 NtQueryValueKey,LdrInitializeThunk, | 10_2_03399650 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033996E0 NtFreeVirtualMemory,LdrInitializeThunk, | 10_2_033996E0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033996D0 NtCreateKey,LdrInitializeThunk, | 10_2_033996D0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399910 NtAdjustPrivilegesToken,LdrInitializeThunk, | 10_2_03399910 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399540 NtReadFile,LdrInitializeThunk, | 10_2_03399540 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033999A0 NtCreateSection,LdrInitializeThunk, | 10_2_033999A0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033995D0 NtClose,LdrInitializeThunk, | 10_2_033995D0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399860 NtQuerySystemInformation,LdrInitializeThunk, | 10_2_03399860 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399840 NtDelayExecution,LdrInitializeThunk, | 10_2_03399840 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399730 NtQueryVirtualMemory, | 10_2_03399730 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0339A710 NtOpenProcessToken, | 10_2_0339A710 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399B00 NtSetValueKey, | 10_2_03399B00 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399770 NtSetInformationFile, | 10_2_03399770 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0339A770 NtOpenThread, | 10_2_0339A770 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399760 NtOpenProcess, | 10_2_03399760 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0339A3B0 NtGetContextThread, | 10_2_0339A3B0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033997A0 NtUnmapViewOfSection, | 10_2_033997A0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399A20 NtResumeThread, | 10_2_03399A20 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399610 NtEnumerateValueKey, | 10_2_03399610 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399A10 NtQuerySection, | 10_2_03399A10 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399A00 NtProtectVirtualMemory, | 10_2_03399A00 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399670 NtQueryInformationProcess, | 10_2_03399670 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399A80 NtOpenDirectoryObject, | 10_2_03399A80 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0339AD30 NtSetContextThread, | 10_2_0339AD30 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399520 NtWaitForSingleObject, | 10_2_03399520 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399560 NtWriteFile, | 10_2_03399560 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399950 NtQueueApcThread, | 10_2_03399950 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033995F0 NtQueryInformationFile, | 10_2_033995F0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033999D0 NtCreateProcessEx, | 10_2_033999D0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03399820 NtEnumerateKey, | 10_2_03399820 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0339B040 NtSuspendThread, | 10_2_0339B040 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033998A0 NtWriteVirtualMemory, | 10_2_033998A0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033998F0 NtReadVirtualMemory, | 10_2_033998F0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_007DA330 NtCreateFile, | 10_2_007DA330 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_007DA3E0 NtReadFile, | 10_2_007DA3E0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_007DA460 NtClose, | 10_2_007DA460 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_007DA510 NtAllocateVirtualMemory, | 10_2_007DA510 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_007DA32A NtCreateFile, | 10_2_007DA32A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_007DA3DB NtReadFile, | 10_2_007DA3DB |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_007DA45A NtClose, | 10_2_007DA45A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338E730 mov eax, dword ptr fs:[00000030h] | 10_2_0338E730 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03428B58 mov eax, dword ptr fs:[00000030h] | 10_2_03428B58 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03354F2E mov eax, dword ptr fs:[00000030h] | 10_2_03354F2E |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03354F2E mov eax, dword ptr fs:[00000030h] | 10_2_03354F2E |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337F716 mov eax, dword ptr fs:[00000030h] | 10_2_0337F716 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03428F6A mov eax, dword ptr fs:[00000030h] | 10_2_03428F6A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033EFF10 mov eax, dword ptr fs:[00000030h] | 10_2_033EFF10 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033EFF10 mov eax, dword ptr fs:[00000030h] | 10_2_033EFF10 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338A70E mov eax, dword ptr fs:[00000030h] | 10_2_0338A70E |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338A70E mov eax, dword ptr fs:[00000030h] | 10_2_0338A70E |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03383B7A mov eax, dword ptr fs:[00000030h] | 10_2_03383B7A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03383B7A mov eax, dword ptr fs:[00000030h] | 10_2_03383B7A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0342070D mov eax, dword ptr fs:[00000030h] | 10_2_0342070D |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0342070D mov eax, dword ptr fs:[00000030h] | 10_2_0342070D |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335DB60 mov ecx, dword ptr fs:[00000030h] | 10_2_0335DB60 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0336FF60 mov eax, dword ptr fs:[00000030h] | 10_2_0336FF60 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0341131B mov eax, dword ptr fs:[00000030h] | 10_2_0341131B |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335F358 mov eax, dword ptr fs:[00000030h] | 10_2_0335F358 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335DB40 mov eax, dword ptr fs:[00000030h] | 10_2_0335DB40 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0336EF40 mov eax, dword ptr fs:[00000030h] | 10_2_0336EF40 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03384BAD mov eax, dword ptr fs:[00000030h] | 10_2_03384BAD |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03384BAD mov eax, dword ptr fs:[00000030h] | 10_2_03384BAD |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03384BAD mov eax, dword ptr fs:[00000030h] | 10_2_03384BAD |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03368794 mov eax, dword ptr fs:[00000030h] | 10_2_03368794 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338B390 mov eax, dword ptr fs:[00000030h] | 10_2_0338B390 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D7794 mov eax, dword ptr fs:[00000030h] | 10_2_033D7794 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D7794 mov eax, dword ptr fs:[00000030h] | 10_2_033D7794 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D7794 mov eax, dword ptr fs:[00000030h] | 10_2_033D7794 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03382397 mov eax, dword ptr fs:[00000030h] | 10_2_03382397 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03361B8F mov eax, dword ptr fs:[00000030h] | 10_2_03361B8F |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03361B8F mov eax, dword ptr fs:[00000030h] | 10_2_03361B8F |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0340D380 mov ecx, dword ptr fs:[00000030h] | 10_2_0340D380 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0341138A mov eax, dword ptr fs:[00000030h] | 10_2_0341138A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033937F5 mov eax, dword ptr fs:[00000030h] | 10_2_033937F5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033803E2 mov eax, dword ptr fs:[00000030h] | 10_2_033803E2 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033803E2 mov eax, dword ptr fs:[00000030h] | 10_2_033803E2 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033803E2 mov eax, dword ptr fs:[00000030h] | 10_2_033803E2 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033803E2 mov eax, dword ptr fs:[00000030h] | 10_2_033803E2 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033803E2 mov eax, dword ptr fs:[00000030h] | 10_2_033803E2 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033803E2 mov eax, dword ptr fs:[00000030h] | 10_2_033803E2 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337DBE9 mov eax, dword ptr fs:[00000030h] | 10_2_0337DBE9 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03425BA5 mov eax, dword ptr fs:[00000030h] | 10_2_03425BA5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D53CA mov eax, dword ptr fs:[00000030h] | 10_2_033D53CA |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D53CA mov eax, dword ptr fs:[00000030h] | 10_2_033D53CA |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335E620 mov eax, dword ptr fs:[00000030h] | 10_2_0335E620 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03394A2C mov eax, dword ptr fs:[00000030h] | 10_2_03394A2C |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03394A2C mov eax, dword ptr fs:[00000030h] | 10_2_03394A2C |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0340B260 mov eax, dword ptr fs:[00000030h] | 10_2_0340B260 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0340B260 mov eax, dword ptr fs:[00000030h] | 10_2_0340B260 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03428A62 mov eax, dword ptr fs:[00000030h] | 10_2_03428A62 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335AA16 mov eax, dword ptr fs:[00000030h] | 10_2_0335AA16 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335AA16 mov eax, dword ptr fs:[00000030h] | 10_2_0335AA16 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338A61C mov eax, dword ptr fs:[00000030h] | 10_2_0338A61C |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338A61C mov eax, dword ptr fs:[00000030h] | 10_2_0338A61C |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03355210 mov eax, dword ptr fs:[00000030h] | 10_2_03355210 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03355210 mov ecx, dword ptr fs:[00000030h] | 10_2_03355210 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03355210 mov eax, dword ptr fs:[00000030h] | 10_2_03355210 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03355210 mov eax, dword ptr fs:[00000030h] | 10_2_03355210 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03373A1C mov eax, dword ptr fs:[00000030h] | 10_2_03373A1C |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335C600 mov eax, dword ptr fs:[00000030h] | 10_2_0335C600 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335C600 mov eax, dword ptr fs:[00000030h] | 10_2_0335C600 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335C600 mov eax, dword ptr fs:[00000030h] | 10_2_0335C600 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03388E00 mov eax, dword ptr fs:[00000030h] | 10_2_03388E00 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03368A0A mov eax, dword ptr fs:[00000030h] | 10_2_03368A0A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0339927A mov eax, dword ptr fs:[00000030h] | 10_2_0339927A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337AE73 mov eax, dword ptr fs:[00000030h] | 10_2_0337AE73 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337AE73 mov eax, dword ptr fs:[00000030h] | 10_2_0337AE73 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337AE73 mov eax, dword ptr fs:[00000030h] | 10_2_0337AE73 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337AE73 mov eax, dword ptr fs:[00000030h] | 10_2_0337AE73 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337AE73 mov eax, dword ptr fs:[00000030h] | 10_2_0337AE73 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411608 mov eax, dword ptr fs:[00000030h] | 10_2_03411608 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0336766D mov eax, dword ptr fs:[00000030h] | 10_2_0336766D |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033E4257 mov eax, dword ptr fs:[00000030h] | 10_2_033E4257 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03359240 mov eax, dword ptr fs:[00000030h] | 10_2_03359240 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03359240 mov eax, dword ptr fs:[00000030h] | 10_2_03359240 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03359240 mov eax, dword ptr fs:[00000030h] | 10_2_03359240 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03359240 mov eax, dword ptr fs:[00000030h] | 10_2_03359240 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03367E41 mov eax, dword ptr fs:[00000030h] | 10_2_03367E41 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03367E41 mov eax, dword ptr fs:[00000030h] | 10_2_03367E41 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03367E41 mov eax, dword ptr fs:[00000030h] | 10_2_03367E41 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03367E41 mov eax, dword ptr fs:[00000030h] | 10_2_03367E41 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03367E41 mov eax, dword ptr fs:[00000030h] | 10_2_03367E41 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03367E41 mov eax, dword ptr fs:[00000030h] | 10_2_03367E41 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0340FE3F mov eax, dword ptr fs:[00000030h] | 10_2_0340FE3F |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0340FEC0 mov eax, dword ptr fs:[00000030h] | 10_2_0340FEC0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0336AAB0 mov eax, dword ptr fs:[00000030h] | 10_2_0336AAB0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0336AAB0 mov eax, dword ptr fs:[00000030h] | 10_2_0336AAB0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338FAB0 mov eax, dword ptr fs:[00000030h] | 10_2_0338FAB0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033552A5 mov eax, dword ptr fs:[00000030h] | 10_2_033552A5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033552A5 mov eax, dword ptr fs:[00000030h] | 10_2_033552A5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033552A5 mov eax, dword ptr fs:[00000030h] | 10_2_033552A5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033552A5 mov eax, dword ptr fs:[00000030h] | 10_2_033552A5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033552A5 mov eax, dword ptr fs:[00000030h] | 10_2_033552A5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03428ED6 mov eax, dword ptr fs:[00000030h] | 10_2_03428ED6 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D46A7 mov eax, dword ptr fs:[00000030h] | 10_2_033D46A7 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338D294 mov eax, dword ptr fs:[00000030h] | 10_2_0338D294 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338D294 mov eax, dword ptr fs:[00000030h] | 10_2_0338D294 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033EFE87 mov eax, dword ptr fs:[00000030h] | 10_2_033EFE87 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033676E2 mov eax, dword ptr fs:[00000030h] | 10_2_033676E2 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033816E0 mov ecx, dword ptr fs:[00000030h] | 10_2_033816E0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03382AE4 mov eax, dword ptr fs:[00000030h] | 10_2_03382AE4 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03420EA5 mov eax, dword ptr fs:[00000030h] | 10_2_03420EA5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03420EA5 mov eax, dword ptr fs:[00000030h] | 10_2_03420EA5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03420EA5 mov eax, dword ptr fs:[00000030h] | 10_2_03420EA5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03382ACB mov eax, dword ptr fs:[00000030h] | 10_2_03382ACB |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033836CC mov eax, dword ptr fs:[00000030h] | 10_2_033836CC |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03398EC7 mov eax, dword ptr fs:[00000030h] | 10_2_03398EC7 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338513A mov eax, dword ptr fs:[00000030h] | 10_2_0338513A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338513A mov eax, dword ptr fs:[00000030h] | 10_2_0338513A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03363D34 mov eax, dword ptr fs:[00000030h] | 10_2_03363D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03384D3B mov eax, dword ptr fs:[00000030h] | 10_2_03384D3B |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03384D3B mov eax, dword ptr fs:[00000030h] | 10_2_03384D3B |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03384D3B mov eax, dword ptr fs:[00000030h] | 10_2_03384D3B |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335AD30 mov eax, dword ptr fs:[00000030h] | 10_2_0335AD30 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033DA537 mov eax, dword ptr fs:[00000030h] | 10_2_033DA537 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03374120 mov eax, dword ptr fs:[00000030h] | 10_2_03374120 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03374120 mov eax, dword ptr fs:[00000030h] | 10_2_03374120 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03374120 mov eax, dword ptr fs:[00000030h] | 10_2_03374120 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03374120 mov eax, dword ptr fs:[00000030h] | 10_2_03374120 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03374120 mov ecx, dword ptr fs:[00000030h] | 10_2_03374120 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03359100 mov eax, dword ptr fs:[00000030h] | 10_2_03359100 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03359100 mov eax, dword ptr fs:[00000030h] | 10_2_03359100 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03359100 mov eax, dword ptr fs:[00000030h] | 10_2_03359100 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337C577 mov eax, dword ptr fs:[00000030h] | 10_2_0337C577 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337C577 mov eax, dword ptr fs:[00000030h] | 10_2_0337C577 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335B171 mov eax, dword ptr fs:[00000030h] | 10_2_0335B171 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335B171 mov eax, dword ptr fs:[00000030h] | 10_2_0335B171 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335C962 mov eax, dword ptr fs:[00000030h] | 10_2_0335C962 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03377D50 mov eax, dword ptr fs:[00000030h] | 10_2_03377D50 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337B944 mov eax, dword ptr fs:[00000030h] | 10_2_0337B944 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337B944 mov eax, dword ptr fs:[00000030h] | 10_2_0337B944 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03428D34 mov eax, dword ptr fs:[00000030h] | 10_2_03428D34 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03393D43 mov eax, dword ptr fs:[00000030h] | 10_2_03393D43 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D3540 mov eax, dword ptr fs:[00000030h] | 10_2_033D3540 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D51BE mov eax, dword ptr fs:[00000030h] | 10_2_033D51BE |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D51BE mov eax, dword ptr fs:[00000030h] | 10_2_033D51BE |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D51BE mov eax, dword ptr fs:[00000030h] | 10_2_033D51BE |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D51BE mov eax, dword ptr fs:[00000030h] | 10_2_033D51BE |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03381DB5 mov eax, dword ptr fs:[00000030h] | 10_2_03381DB5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03381DB5 mov eax, dword ptr fs:[00000030h] | 10_2_03381DB5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03381DB5 mov eax, dword ptr fs:[00000030h] | 10_2_03381DB5 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033861A0 mov eax, dword ptr fs:[00000030h] | 10_2_033861A0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033861A0 mov eax, dword ptr fs:[00000030h] | 10_2_033861A0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033835A1 mov eax, dword ptr fs:[00000030h] | 10_2_033835A1 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D69A6 mov eax, dword ptr fs:[00000030h] | 10_2_033D69A6 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338FD9B mov eax, dword ptr fs:[00000030h] | 10_2_0338FD9B |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338FD9B mov eax, dword ptr fs:[00000030h] | 10_2_0338FD9B |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0341FDE2 mov eax, dword ptr fs:[00000030h] | 10_2_0341FDE2 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0341FDE2 mov eax, dword ptr fs:[00000030h] | 10_2_0341FDE2 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0341FDE2 mov eax, dword ptr fs:[00000030h] | 10_2_0341FDE2 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0341FDE2 mov eax, dword ptr fs:[00000030h] | 10_2_0341FDE2 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03382990 mov eax, dword ptr fs:[00000030h] | 10_2_03382990 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03408DF1 mov eax, dword ptr fs:[00000030h] | 10_2_03408DF1 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337C182 mov eax, dword ptr fs:[00000030h] | 10_2_0337C182 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03382581 mov eax, dword ptr fs:[00000030h] | 10_2_03382581 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03382581 mov eax, dword ptr fs:[00000030h] | 10_2_03382581 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03382581 mov eax, dword ptr fs:[00000030h] | 10_2_03382581 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03382581 mov eax, dword ptr fs:[00000030h] | 10_2_03382581 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338A185 mov eax, dword ptr fs:[00000030h] | 10_2_0338A185 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03352D8A mov eax, dword ptr fs:[00000030h] | 10_2_03352D8A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03352D8A mov eax, dword ptr fs:[00000030h] | 10_2_03352D8A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03352D8A mov eax, dword ptr fs:[00000030h] | 10_2_03352D8A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03352D8A mov eax, dword ptr fs:[00000030h] | 10_2_03352D8A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03352D8A mov eax, dword ptr fs:[00000030h] | 10_2_03352D8A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335B1E1 mov eax, dword ptr fs:[00000030h] | 10_2_0335B1E1 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335B1E1 mov eax, dword ptr fs:[00000030h] | 10_2_0335B1E1 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0335B1E1 mov eax, dword ptr fs:[00000030h] | 10_2_0335B1E1 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033E41E8 mov eax, dword ptr fs:[00000030h] | 10_2_033E41E8 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0336D5E0 mov eax, dword ptr fs:[00000030h] | 10_2_0336D5E0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0336D5E0 mov eax, dword ptr fs:[00000030h] | 10_2_0336D5E0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_034205AC mov eax, dword ptr fs:[00000030h] | 10_2_034205AC |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_034205AC mov eax, dword ptr fs:[00000030h] | 10_2_034205AC |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6DC9 mov eax, dword ptr fs:[00000030h] | 10_2_033D6DC9 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6DC9 mov eax, dword ptr fs:[00000030h] | 10_2_033D6DC9 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6DC9 mov eax, dword ptr fs:[00000030h] | 10_2_033D6DC9 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6DC9 mov ecx, dword ptr fs:[00000030h] | 10_2_033D6DC9 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6DC9 mov eax, dword ptr fs:[00000030h] | 10_2_033D6DC9 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6DC9 mov eax, dword ptr fs:[00000030h] | 10_2_033D6DC9 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338BC2C mov eax, dword ptr fs:[00000030h] | 10_2_0338BC2C |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338002D mov eax, dword ptr fs:[00000030h] | 10_2_0338002D |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338002D mov eax, dword ptr fs:[00000030h] | 10_2_0338002D |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338002D mov eax, dword ptr fs:[00000030h] | 10_2_0338002D |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338002D mov eax, dword ptr fs:[00000030h] | 10_2_0338002D |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338002D mov eax, dword ptr fs:[00000030h] | 10_2_0338002D |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0336B02A mov eax, dword ptr fs:[00000030h] | 10_2_0336B02A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0336B02A mov eax, dword ptr fs:[00000030h] | 10_2_0336B02A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0336B02A mov eax, dword ptr fs:[00000030h] | 10_2_0336B02A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0336B02A mov eax, dword ptr fs:[00000030h] | 10_2_0336B02A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D7016 mov eax, dword ptr fs:[00000030h] | 10_2_033D7016 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D7016 mov eax, dword ptr fs:[00000030h] | 10_2_033D7016 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D7016 mov eax, dword ptr fs:[00000030h] | 10_2_033D7016 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03412073 mov eax, dword ptr fs:[00000030h] | 10_2_03412073 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03421074 mov eax, dword ptr fs:[00000030h] | 10_2_03421074 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6C0A mov eax, dword ptr fs:[00000030h] | 10_2_033D6C0A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6C0A mov eax, dword ptr fs:[00000030h] | 10_2_033D6C0A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6C0A mov eax, dword ptr fs:[00000030h] | 10_2_033D6C0A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6C0A mov eax, dword ptr fs:[00000030h] | 10_2_033D6C0A |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03411C06 mov eax, dword ptr fs:[00000030h] | 10_2_03411C06 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0342740D mov eax, dword ptr fs:[00000030h] | 10_2_0342740D |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0342740D mov eax, dword ptr fs:[00000030h] | 10_2_0342740D |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0342740D mov eax, dword ptr fs:[00000030h] | 10_2_0342740D |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03424015 mov eax, dword ptr fs:[00000030h] | 10_2_03424015 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03424015 mov eax, dword ptr fs:[00000030h] | 10_2_03424015 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0337746D mov eax, dword ptr fs:[00000030h] | 10_2_0337746D |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03370050 mov eax, dword ptr fs:[00000030h] | 10_2_03370050 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03370050 mov eax, dword ptr fs:[00000030h] | 10_2_03370050 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033EC450 mov eax, dword ptr fs:[00000030h] | 10_2_033EC450 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033EC450 mov eax, dword ptr fs:[00000030h] | 10_2_033EC450 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338A44B mov eax, dword ptr fs:[00000030h] | 10_2_0338A44B |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338F0BF mov ecx, dword ptr fs:[00000030h] | 10_2_0338F0BF |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338F0BF mov eax, dword ptr fs:[00000030h] | 10_2_0338F0BF |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0338F0BF mov eax, dword ptr fs:[00000030h] | 10_2_0338F0BF |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03428CD6 mov eax, dword ptr fs:[00000030h] | 10_2_03428CD6 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033990AF mov eax, dword ptr fs:[00000030h] | 10_2_033990AF |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033820A0 mov eax, dword ptr fs:[00000030h] | 10_2_033820A0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033820A0 mov eax, dword ptr fs:[00000030h] | 10_2_033820A0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033820A0 mov eax, dword ptr fs:[00000030h] | 10_2_033820A0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033820A0 mov eax, dword ptr fs:[00000030h] | 10_2_033820A0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033820A0 mov eax, dword ptr fs:[00000030h] | 10_2_033820A0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033820A0 mov eax, dword ptr fs:[00000030h] | 10_2_033820A0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_0336849B mov eax, dword ptr fs:[00000030h] | 10_2_0336849B |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_03359080 mov eax, dword ptr fs:[00000030h] | 10_2_03359080 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D3884 mov eax, dword ptr fs:[00000030h] | 10_2_033D3884 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D3884 mov eax, dword ptr fs:[00000030h] | 10_2_033D3884 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_034114FB mov eax, dword ptr fs:[00000030h] | 10_2_034114FB |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6CF0 mov eax, dword ptr fs:[00000030h] | 10_2_033D6CF0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6CF0 mov eax, dword ptr fs:[00000030h] | 10_2_033D6CF0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033D6CF0 mov eax, dword ptr fs:[00000030h] | 10_2_033D6CF0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033558EC mov eax, dword ptr fs:[00000030h] | 10_2_033558EC |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033EB8D0 mov eax, dword ptr fs:[00000030h] | 10_2_033EB8D0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033EB8D0 mov ecx, dword ptr fs:[00000030h] | 10_2_033EB8D0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033EB8D0 mov eax, dword ptr fs:[00000030h] | 10_2_033EB8D0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033EB8D0 mov eax, dword ptr fs:[00000030h] | 10_2_033EB8D0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033EB8D0 mov eax, dword ptr fs:[00000030h] | 10_2_033EB8D0 |
Source: C:\Windows\SysWOW64\NETSTAT.EXE | Code function: 10_2_033EB8D0 mov eax, dword ptr fs:[00000030h] | 10_2_033EB8D0 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 1_2_00EBE8C3 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 1_2_00EB8FA3 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW, | 1_2_00EBE1D4 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: GetLocaleInfoW,_GetPrimaryLen, | 1_2_00EBE970 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free, | 1_2_00EB8969 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: GetLocaleInfoW,_GetPrimaryLen, | 1_2_00EBE970 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 1_2_00EA4194 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s, | 1_2_00EBEA44 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 1_2_00EBE4A4 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson, | 1_2_00EB4CB1 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: EnumSystemLocalesW, | 1_2_00EBE448 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free, | 1_2_00EA26FB |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage, | 1_2_00EBE5A4 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, | 1_2_00EB9D92 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free,_free,_free, | 1_2_00EB8529 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 1_2_00EBE521 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 1_2_00EB8FA3 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free,_free,_free, | 1_2_00EB8529 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free, | 1_2_00EA67B8 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: GetLocaleInfoW, | 1_2_00EB9FDB |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 1_2_00EB8FA3 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage, | 1_2_00EBE799 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_memmove,_memmove,_memmove,_free,_free,_free,_free,_free,_free,_free,_free,_free, | 1_2_00EBA75F |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, | 2_2_00EBE8C3 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 2_2_00EB8FA3 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: __malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free, | 2_2_00EA1110 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,__invoke_watson,_LcidFromHexString,GetLocaleInfoW, | 2_2_00EBE1D4 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: GetLocaleInfoW,_GetPrimaryLen, | 2_2_00EBE970 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free, | 2_2_00EB8969 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: GetLocaleInfoW,_GetPrimaryLen, | 2_2_00EBE970 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 2_2_00EA4194 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s, | 2_2_00EBEA44 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 2_2_00EBE4A4 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson, | 2_2_00EB4CB1 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: EnumSystemLocalesW, | 2_2_00EBE448 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free, | 2_2_00EA26FB |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat, | 2_2_00EB9D92 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free,_free,_free, | 2_2_00EB8529 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _GetPrimaryLen,EnumSystemLocalesW, | 2_2_00EBE521 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 2_2_00EB8FA3 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free,_free,_free, | 2_2_00EB8529 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,_free,_free,_free, | 2_2_00EA67B8 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: GetLocaleInfoW, | 2_2_00EB9FDB |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo, | 2_2_00EB8FA3 |
Source: C:\Users\user\AppData\Local\Temp\zrztlh.exe | Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage, | 2_2_00EBE799 |