Windows Analysis Report
tZz1Ogtr2C.exe

Overview

General Information

Sample name: tZz1Ogtr2C.exe
renamed because original name is a hash value
Original sample name: 2b2dd793a745ce3221f4e6641e88562fe642b37b08ff48ce004cdd886db6a5a1.exe
Analysis ID: 1530783
MD5: d6afb0bc04fe2f54920119de06a0e344
SHA1: 766646d307944b5e70cad48ce6b0b70860e4685c
SHA256: 2b2dd793a745ce3221f4e6641e88562fe642b37b08ff48ce004cdd886db6a5a1
Tags: exeuser-adrian__luca
Infos:

Detection

FormBook
Score: 80
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
AI detected suspicious sample
Machine Learning detection for sample
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file does not import any functions
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: tZz1Ogtr2C.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: tZz1Ogtr2C.exe ReversingLabs: Detection: 60%
Yara detected FormBook
Source: Yara match File source: 0.2.tZz1Ogtr2C.exe.d10000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: tZz1Ogtr2C.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: tZz1Ogtr2C.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: tZz1Ogtr2C.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: tZz1Ogtr2C.exe, 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1681346410.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000002.2019518337.000000000126E000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1679288329.0000000000D66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: tZz1Ogtr2C.exe, tZz1Ogtr2C.exe, 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1681346410.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000002.2019518337.000000000126E000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1679288329.0000000000D66000.00000004.00000020.00020000.00000000.sdmp

E-Banking Fraud
barindex
Yara detected FormBook
Source: Yara match File source: 0.2.tZz1Ogtr2C.exe.d10000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 0.2.tZz1Ogtr2C.exe.d10000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Contains functionality to call native functions
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D3C1E3 NtClose, 0_2_00D3C1E3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142B60 NtClose,LdrInitializeThunk, 0_2_01142B60
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142DF0 NtQuerySystemInformation,LdrInitializeThunk, 0_2_01142DF0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142C70 NtFreeVirtualMemory,LdrInitializeThunk, 0_2_01142C70
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011435C0 NtCreateMutant,LdrInitializeThunk, 0_2_011435C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01144340 NtSetContextThread, 0_2_01144340
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01144650 NtSuspendThread, 0_2_01144650
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142B80 NtQueryInformationFile, 0_2_01142B80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142BA0 NtEnumerateValueKey, 0_2_01142BA0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142BF0 NtAllocateVirtualMemory, 0_2_01142BF0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142BE0 NtQueryValueKey, 0_2_01142BE0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142AB0 NtWaitForSingleObject, 0_2_01142AB0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142AD0 NtReadFile, 0_2_01142AD0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142AF0 NtWriteFile, 0_2_01142AF0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142D10 NtMapViewOfSection, 0_2_01142D10
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142D00 NtSetInformationFile, 0_2_01142D00
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142D30 NtUnmapViewOfSection, 0_2_01142D30
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142DB0 NtEnumerateKey, 0_2_01142DB0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142DD0 NtDelayExecution, 0_2_01142DD0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142C00 NtQueryInformationProcess, 0_2_01142C00
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142C60 NtCreateKey, 0_2_01142C60
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142CA0 NtQueryInformationToken, 0_2_01142CA0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142CC0 NtQueryVirtualMemory, 0_2_01142CC0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142CF0 NtOpenProcess, 0_2_01142CF0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142F30 NtCreateSection, 0_2_01142F30
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142F60 NtCreateProcessEx, 0_2_01142F60
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142F90 NtProtectVirtualMemory, 0_2_01142F90
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142FB0 NtResumeThread, 0_2_01142FB0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142FA0 NtQuerySection, 0_2_01142FA0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142FE0 NtCreateFile, 0_2_01142FE0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142E30 NtWriteVirtualMemory, 0_2_01142E30
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142E80 NtReadVirtualMemory, 0_2_01142E80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142EA0 NtAdjustPrivilegesToken, 0_2_01142EA0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142EE0 NtQueueApcThread, 0_2_01142EE0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01143010 NtOpenDirectoryObject, 0_2_01143010
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01143090 NtSetValueKey, 0_2_01143090
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011439B0 NtGetContextThread, 0_2_011439B0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01143D10 NtOpenProcessToken, 0_2_01143D10
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01143D70 NtOpenThread, 0_2_01143D70
Detected potential crypto function
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D3E833 0_2_00D3E833
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D111A0 0_2_00D111A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D12930 0_2_00D12930
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D1292C 0_2_00D1292C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D12251 0_2_00D12251
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D12260 0_2_00D12260
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D1FA63 0_2_00D1FA63
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D26383 0_2_00D26383
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D26380 0_2_00D26380
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D1FC83 0_2_00D1FC83
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D1DD03 0_2_00D1DD03
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D12E40 0_2_00D12E40
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AA118 0_2_011AA118
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01100100 0_2_01100100
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01198158 0_2_01198158
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D01AA 0_2_011D01AA
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C41A2 0_2_011C41A2
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C81CC 0_2_011C81CC
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A2000 0_2_011A2000
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CA352 0_2_011CA352
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111E3F0 0_2_0111E3F0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D03E6 0_2_011D03E6
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011902C0 0_2_011902C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110535 0_2_01110535
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D0591 0_2_011D0591
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B4420 0_2_011B4420
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C2446 0_2_011C2446
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011BE4F6 0_2_011BE4F6
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01134750 0_2_01134750
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110C7C0 0_2_0110C7C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112C6E0 0_2_0112C6E0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01126962 0_2_01126962
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011DA9A6 0_2_011DA9A6
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111A840 0_2_0111A840
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01112840 0_2_01112840
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010F68B8 0_2_010F68B8
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E8F0 0_2_0113E8F0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CAB40 0_2_011CAB40
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C6BD7 0_2_011C6BD7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110EA80 0_2_0110EA80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011ACD1F 0_2_011ACD1F
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111AD00 0_2_0111AD00
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01128DBF 0_2_01128DBF
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110ADE0 0_2_0110ADE0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110C00 0_2_01110C00
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0CB5 0_2_011B0CB5
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01100CF2 0_2_01100CF2
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01130F30 0_2_01130F30
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B2F30 0_2_011B2F30
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01152F28 0_2_01152F28
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01184F40 0_2_01184F40
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118EFA0 0_2_0118EFA0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01102FC8 0_2_01102FC8
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111CFE0 0_2_0111CFE0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CEE26 0_2_011CEE26
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110E59 0_2_01110E59
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01122E90 0_2_01122E90
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CCE93 0_2_011CCE93
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CEEDB 0_2_011CEEDB
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011DB16B 0_2_011DB16B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0114516C 0_2_0114516C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FF172 0_2_010FF172
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111B1B0 0_2_0111B1B0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011170C0 0_2_011170C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011BF0CC 0_2_011BF0CC
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C70E9 0_2_011C70E9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CF0E0 0_2_011CF0E0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C132D 0_2_011C132D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FD34C 0_2_010FD34C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0115739A 0_2_0115739A
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011152A0 0_2_011152A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112B2C0 0_2_0112B2C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B12ED 0_2_011B12ED
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C7571 0_2_011C7571
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AD5B0 0_2_011AD5B0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D95C3 0_2_011D95C3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CF43F 0_2_011CF43F
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01101460 0_2_01101460
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CF7B0 0_2_011CF7B0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01155630 0_2_01155630
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C16CC 0_2_011C16CC
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A5910 0_2_011A5910
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01119950 0_2_01119950
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112B950 0_2_0112B950
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117D800 0_2_0117D800
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011138E0 0_2_011138E0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CFB76 0_2_011CFB76
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112FB80 0_2_0112FB80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01185BF0 0_2_01185BF0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0114DBF9 0_2_0114DBF9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CFA49 0_2_011CFA49
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C7A46 0_2_011C7A46
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01183A6C 0_2_01183A6C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01155AA0 0_2_01155AA0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011ADAAC 0_2_011ADAAC
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B1AA3 0_2_011B1AA3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011BDAC6 0_2_011BDAC6
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C1D5A 0_2_011C1D5A
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01113D40 0_2_01113D40
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C7D73 0_2_011C7D73
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112FDC0 0_2_0112FDC0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01189C32 0_2_01189C32
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CFCF2 0_2_011CFCF2
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CFF09 0_2_011CFF09
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01111F92 0_2_01111F92
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CFFB1 0_2_011CFFB1
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010D3FD5 0_2_010D3FD5
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010D3FD2 0_2_010D3FD2
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01119EB0 0_2_01119EB0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: String function: 01145130 appears 58 times
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: String function: 010FB970 appears 280 times
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: String function: 01157E54 appears 111 times
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: String function: 0117EA12 appears 86 times
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: String function: 0118F290 appears 105 times
PE file does not import any functions
Source: tZz1Ogtr2C.exe Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: tZz1Ogtr2C.exe, 00000000.00000002.2019518337.00000000013A1000.00000040.00001000.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs tZz1Ogtr2C.exe
Source: tZz1Ogtr2C.exe, 00000000.00000003.1681346410.0000000001048000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs tZz1Ogtr2C.exe
Source: tZz1Ogtr2C.exe, 00000000.00000003.1679288329.0000000000E89000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamentdll.dllj% vs tZz1Ogtr2C.exe
Uses 32bit PE files
Source: tZz1Ogtr2C.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 0.2.tZz1Ogtr2C.exe.d10000.0.unpack, type: UNPACKEDPE Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: tZz1Ogtr2C.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: tZz1Ogtr2C.exe Static PE information: Section .text
Source: classification engine Classification label: mal80.troj.winEXE@1/0@0/0
Source: tZz1Ogtr2C.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: tZz1Ogtr2C.exe ReversingLabs: Detection: 60%
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Section loaded: apphelp.dll Jump to behavior
Source: tZz1Ogtr2C.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: wntdll.pdbUGP source: tZz1Ogtr2C.exe, 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1681346410.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000002.2019518337.000000000126E000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1679288329.0000000000D66000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: tZz1Ogtr2C.exe, tZz1Ogtr2C.exe, 00000000.00000002.2019518337.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1681346410.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000002.2019518337.000000000126E000.00000040.00001000.00020000.00000000.sdmp, tZz1Ogtr2C.exe, 00000000.00000003.1679288329.0000000000D66000.00000004.00000020.00020000.00000000.sdmp
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D130C0 push eax; ret 0_2_00D130C2
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D181B7 push es; iretd 0_2_00D181B9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D34253 push edx; retf 0_2_00D34254
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D1AA0B push ebp; retf 0_2_00D1AA24
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D23A3F push FFFFFFBBh; retf 0_2_00D23AC2
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D24594 push esi; ret 0_2_00D245B2
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D23F1D push cs; ret 0_2_00D23F30
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D21F30 push es; iretd 0_2_00D21F33
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010D225F pushad ; ret 0_2_010D27F9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010D27FA pushad ; ret 0_2_010D27F9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011009AD push ecx; mov dword ptr [esp], ecx 0_2_011009B6
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010D283D push eax; iretd 0_2_010D2858
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010D1368 push eax; iretd 0_2_010D1369
Source: tZz1Ogtr2C.exe Static PE information: section name: .text entropy: 7.995237143421081
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0114096E rdtsc 0_2_0114096E
Found large amount of non-executed APIs
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe API coverage: 0.6 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe TID: 5540 Thread sleep time: -30000s >= -30000s Jump to behavior
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0114096E rdtsc 0_2_0114096E
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_00D27333 LdrLoadDll, 0_2_00D27333
Contains functionality to read the PEB
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AA118 mov ecx, dword ptr fs:[00000030h] 0_2_011AA118
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AA118 mov eax, dword ptr fs:[00000030h] 0_2_011AA118
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AA118 mov eax, dword ptr fs:[00000030h] 0_2_011AA118
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AA118 mov eax, dword ptr fs:[00000030h] 0_2_011AA118
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C0115 mov eax, dword ptr fs:[00000030h] 0_2_011C0115
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE10E mov eax, dword ptr fs:[00000030h] 0_2_011AE10E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE10E mov ecx, dword ptr fs:[00000030h] 0_2_011AE10E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE10E mov eax, dword ptr fs:[00000030h] 0_2_011AE10E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE10E mov eax, dword ptr fs:[00000030h] 0_2_011AE10E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE10E mov ecx, dword ptr fs:[00000030h] 0_2_011AE10E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE10E mov eax, dword ptr fs:[00000030h] 0_2_011AE10E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE10E mov eax, dword ptr fs:[00000030h] 0_2_011AE10E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE10E mov ecx, dword ptr fs:[00000030h] 0_2_011AE10E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE10E mov eax, dword ptr fs:[00000030h] 0_2_011AE10E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE10E mov ecx, dword ptr fs:[00000030h] 0_2_011AE10E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01130124 mov eax, dword ptr fs:[00000030h] 0_2_01130124
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01198158 mov eax, dword ptr fs:[00000030h] 0_2_01198158
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01106154 mov eax, dword ptr fs:[00000030h] 0_2_01106154
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01106154 mov eax, dword ptr fs:[00000030h] 0_2_01106154
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FC156 mov eax, dword ptr fs:[00000030h] 0_2_010FC156
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01194144 mov eax, dword ptr fs:[00000030h] 0_2_01194144
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01194144 mov eax, dword ptr fs:[00000030h] 0_2_01194144
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01194144 mov ecx, dword ptr fs:[00000030h] 0_2_01194144
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01194144 mov eax, dword ptr fs:[00000030h] 0_2_01194144
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01194144 mov eax, dword ptr fs:[00000030h] 0_2_01194144
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D4164 mov eax, dword ptr fs:[00000030h] 0_2_011D4164
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D4164 mov eax, dword ptr fs:[00000030h] 0_2_011D4164
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118019F mov eax, dword ptr fs:[00000030h] 0_2_0118019F
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118019F mov eax, dword ptr fs:[00000030h] 0_2_0118019F
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118019F mov eax, dword ptr fs:[00000030h] 0_2_0118019F
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118019F mov eax, dword ptr fs:[00000030h] 0_2_0118019F
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01140185 mov eax, dword ptr fs:[00000030h] 0_2_01140185
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011BC188 mov eax, dword ptr fs:[00000030h] 0_2_011BC188
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011BC188 mov eax, dword ptr fs:[00000030h] 0_2_011BC188
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FA197 mov eax, dword ptr fs:[00000030h] 0_2_010FA197
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FA197 mov eax, dword ptr fs:[00000030h] 0_2_010FA197
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FA197 mov eax, dword ptr fs:[00000030h] 0_2_010FA197
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A4180 mov eax, dword ptr fs:[00000030h] 0_2_011A4180
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A4180 mov eax, dword ptr fs:[00000030h] 0_2_011A4180
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117E1D0 mov eax, dword ptr fs:[00000030h] 0_2_0117E1D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117E1D0 mov eax, dword ptr fs:[00000030h] 0_2_0117E1D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117E1D0 mov ecx, dword ptr fs:[00000030h] 0_2_0117E1D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117E1D0 mov eax, dword ptr fs:[00000030h] 0_2_0117E1D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117E1D0 mov eax, dword ptr fs:[00000030h] 0_2_0117E1D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C61C3 mov eax, dword ptr fs:[00000030h] 0_2_011C61C3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C61C3 mov eax, dword ptr fs:[00000030h] 0_2_011C61C3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011301F8 mov eax, dword ptr fs:[00000030h] 0_2_011301F8
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D61E5 mov eax, dword ptr fs:[00000030h] 0_2_011D61E5
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111E016 mov eax, dword ptr fs:[00000030h] 0_2_0111E016
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111E016 mov eax, dword ptr fs:[00000030h] 0_2_0111E016
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111E016 mov eax, dword ptr fs:[00000030h] 0_2_0111E016
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111E016 mov eax, dword ptr fs:[00000030h] 0_2_0111E016
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01184000 mov ecx, dword ptr fs:[00000030h] 0_2_01184000
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h] 0_2_011A2000
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h] 0_2_011A2000
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h] 0_2_011A2000
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h] 0_2_011A2000
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h] 0_2_011A2000
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h] 0_2_011A2000
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h] 0_2_011A2000
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A2000 mov eax, dword ptr fs:[00000030h] 0_2_011A2000
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01196030 mov eax, dword ptr fs:[00000030h] 0_2_01196030
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FA020 mov eax, dword ptr fs:[00000030h] 0_2_010FA020
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FC020 mov eax, dword ptr fs:[00000030h] 0_2_010FC020
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01102050 mov eax, dword ptr fs:[00000030h] 0_2_01102050
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01186050 mov eax, dword ptr fs:[00000030h] 0_2_01186050
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112C073 mov eax, dword ptr fs:[00000030h] 0_2_0112C073
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110208A mov eax, dword ptr fs:[00000030h] 0_2_0110208A
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C60B8 mov eax, dword ptr fs:[00000030h] 0_2_011C60B8
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C60B8 mov ecx, dword ptr fs:[00000030h] 0_2_011C60B8
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010F80A0 mov eax, dword ptr fs:[00000030h] 0_2_010F80A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011980A8 mov eax, dword ptr fs:[00000030h] 0_2_011980A8
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011820DE mov eax, dword ptr fs:[00000030h] 0_2_011820DE
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011420F0 mov ecx, dword ptr fs:[00000030h] 0_2_011420F0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FA0E3 mov ecx, dword ptr fs:[00000030h] 0_2_010FA0E3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011860E0 mov eax, dword ptr fs:[00000030h] 0_2_011860E0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011080E9 mov eax, dword ptr fs:[00000030h] 0_2_011080E9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FC0F0 mov eax, dword ptr fs:[00000030h] 0_2_010FC0F0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01120310 mov ecx, dword ptr fs:[00000030h] 0_2_01120310
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113A30B mov eax, dword ptr fs:[00000030h] 0_2_0113A30B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113A30B mov eax, dword ptr fs:[00000030h] 0_2_0113A30B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113A30B mov eax, dword ptr fs:[00000030h] 0_2_0113A30B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FC310 mov ecx, dword ptr fs:[00000030h] 0_2_010FC310
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D8324 mov eax, dword ptr fs:[00000030h] 0_2_011D8324
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D8324 mov ecx, dword ptr fs:[00000030h] 0_2_011D8324
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D8324 mov eax, dword ptr fs:[00000030h] 0_2_011D8324
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D8324 mov eax, dword ptr fs:[00000030h] 0_2_011D8324
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118035C mov eax, dword ptr fs:[00000030h] 0_2_0118035C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118035C mov eax, dword ptr fs:[00000030h] 0_2_0118035C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118035C mov eax, dword ptr fs:[00000030h] 0_2_0118035C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118035C mov ecx, dword ptr fs:[00000030h] 0_2_0118035C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118035C mov eax, dword ptr fs:[00000030h] 0_2_0118035C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118035C mov eax, dword ptr fs:[00000030h] 0_2_0118035C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A8350 mov ecx, dword ptr fs:[00000030h] 0_2_011A8350
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CA352 mov eax, dword ptr fs:[00000030h] 0_2_011CA352
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01182349 mov eax, dword ptr fs:[00000030h] 0_2_01182349
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D634F mov eax, dword ptr fs:[00000030h] 0_2_011D634F
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A437C mov eax, dword ptr fs:[00000030h] 0_2_011A437C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FE388 mov eax, dword ptr fs:[00000030h] 0_2_010FE388
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FE388 mov eax, dword ptr fs:[00000030h] 0_2_010FE388
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FE388 mov eax, dword ptr fs:[00000030h] 0_2_010FE388
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010F8397 mov eax, dword ptr fs:[00000030h] 0_2_010F8397
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010F8397 mov eax, dword ptr fs:[00000030h] 0_2_010F8397
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010F8397 mov eax, dword ptr fs:[00000030h] 0_2_010F8397
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112438F mov eax, dword ptr fs:[00000030h] 0_2_0112438F
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112438F mov eax, dword ptr fs:[00000030h] 0_2_0112438F
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE3DB mov eax, dword ptr fs:[00000030h] 0_2_011AE3DB
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE3DB mov eax, dword ptr fs:[00000030h] 0_2_011AE3DB
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE3DB mov ecx, dword ptr fs:[00000030h] 0_2_011AE3DB
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AE3DB mov eax, dword ptr fs:[00000030h] 0_2_011AE3DB
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A43D4 mov eax, dword ptr fs:[00000030h] 0_2_011A43D4
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A43D4 mov eax, dword ptr fs:[00000030h] 0_2_011A43D4
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 0_2_0110A3C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 0_2_0110A3C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 0_2_0110A3C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 0_2_0110A3C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 0_2_0110A3C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A3C0 mov eax, dword ptr fs:[00000030h] 0_2_0110A3C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011083C0 mov eax, dword ptr fs:[00000030h] 0_2_011083C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011083C0 mov eax, dword ptr fs:[00000030h] 0_2_011083C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011083C0 mov eax, dword ptr fs:[00000030h] 0_2_011083C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011083C0 mov eax, dword ptr fs:[00000030h] 0_2_011083C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011BC3CD mov eax, dword ptr fs:[00000030h] 0_2_011BC3CD
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011863C0 mov eax, dword ptr fs:[00000030h] 0_2_011863C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111E3F0 mov eax, dword ptr fs:[00000030h] 0_2_0111E3F0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111E3F0 mov eax, dword ptr fs:[00000030h] 0_2_0111E3F0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111E3F0 mov eax, dword ptr fs:[00000030h] 0_2_0111E3F0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011363FF mov eax, dword ptr fs:[00000030h] 0_2_011363FF
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h] 0_2_011103E9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h] 0_2_011103E9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h] 0_2_011103E9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h] 0_2_011103E9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h] 0_2_011103E9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h] 0_2_011103E9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h] 0_2_011103E9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011103E9 mov eax, dword ptr fs:[00000030h] 0_2_011103E9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010F823B mov eax, dword ptr fs:[00000030h] 0_2_010F823B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D625D mov eax, dword ptr fs:[00000030h] 0_2_011D625D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01106259 mov eax, dword ptr fs:[00000030h] 0_2_01106259
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011BA250 mov eax, dword ptr fs:[00000030h] 0_2_011BA250
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011BA250 mov eax, dword ptr fs:[00000030h] 0_2_011BA250
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01188243 mov eax, dword ptr fs:[00000030h] 0_2_01188243
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01188243 mov ecx, dword ptr fs:[00000030h] 0_2_01188243
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FA250 mov eax, dword ptr fs:[00000030h] 0_2_010FA250
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010F826B mov eax, dword ptr fs:[00000030h] 0_2_010F826B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h] 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h] 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h] 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h] 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h] 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h] 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h] 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h] 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h] 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h] 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h] 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B0274 mov eax, dword ptr fs:[00000030h] 0_2_011B0274
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01104260 mov eax, dword ptr fs:[00000030h] 0_2_01104260
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01104260 mov eax, dword ptr fs:[00000030h] 0_2_01104260
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01104260 mov eax, dword ptr fs:[00000030h] 0_2_01104260
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E284 mov eax, dword ptr fs:[00000030h] 0_2_0113E284
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E284 mov eax, dword ptr fs:[00000030h] 0_2_0113E284
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01180283 mov eax, dword ptr fs:[00000030h] 0_2_01180283
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01180283 mov eax, dword ptr fs:[00000030h] 0_2_01180283
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01180283 mov eax, dword ptr fs:[00000030h] 0_2_01180283
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011102A0 mov eax, dword ptr fs:[00000030h] 0_2_011102A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011102A0 mov eax, dword ptr fs:[00000030h] 0_2_011102A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011962A0 mov eax, dword ptr fs:[00000030h] 0_2_011962A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011962A0 mov ecx, dword ptr fs:[00000030h] 0_2_011962A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011962A0 mov eax, dword ptr fs:[00000030h] 0_2_011962A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011962A0 mov eax, dword ptr fs:[00000030h] 0_2_011962A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011962A0 mov eax, dword ptr fs:[00000030h] 0_2_011962A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011962A0 mov eax, dword ptr fs:[00000030h] 0_2_011962A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D62D6 mov eax, dword ptr fs:[00000030h] 0_2_011D62D6
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 0_2_0110A2C3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 0_2_0110A2C3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 0_2_0110A2C3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 0_2_0110A2C3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A2C3 mov eax, dword ptr fs:[00000030h] 0_2_0110A2C3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011102E1 mov eax, dword ptr fs:[00000030h] 0_2_011102E1
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011102E1 mov eax, dword ptr fs:[00000030h] 0_2_011102E1
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011102E1 mov eax, dword ptr fs:[00000030h] 0_2_011102E1
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01196500 mov eax, dword ptr fs:[00000030h] 0_2_01196500
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h] 0_2_011D4500
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h] 0_2_011D4500
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h] 0_2_011D4500
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h] 0_2_011D4500
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h] 0_2_011D4500
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h] 0_2_011D4500
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D4500 mov eax, dword ptr fs:[00000030h] 0_2_011D4500
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110535 mov eax, dword ptr fs:[00000030h] 0_2_01110535
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110535 mov eax, dword ptr fs:[00000030h] 0_2_01110535
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110535 mov eax, dword ptr fs:[00000030h] 0_2_01110535
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110535 mov eax, dword ptr fs:[00000030h] 0_2_01110535
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110535 mov eax, dword ptr fs:[00000030h] 0_2_01110535
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110535 mov eax, dword ptr fs:[00000030h] 0_2_01110535
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E53E mov eax, dword ptr fs:[00000030h] 0_2_0112E53E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E53E mov eax, dword ptr fs:[00000030h] 0_2_0112E53E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E53E mov eax, dword ptr fs:[00000030h] 0_2_0112E53E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E53E mov eax, dword ptr fs:[00000030h] 0_2_0112E53E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E53E mov eax, dword ptr fs:[00000030h] 0_2_0112E53E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01108550 mov eax, dword ptr fs:[00000030h] 0_2_01108550
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01108550 mov eax, dword ptr fs:[00000030h] 0_2_01108550
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113656A mov eax, dword ptr fs:[00000030h] 0_2_0113656A
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113656A mov eax, dword ptr fs:[00000030h] 0_2_0113656A
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113656A mov eax, dword ptr fs:[00000030h] 0_2_0113656A
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E59C mov eax, dword ptr fs:[00000030h] 0_2_0113E59C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01102582 mov eax, dword ptr fs:[00000030h] 0_2_01102582
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01102582 mov ecx, dword ptr fs:[00000030h] 0_2_01102582
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01134588 mov eax, dword ptr fs:[00000030h] 0_2_01134588
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011245B1 mov eax, dword ptr fs:[00000030h] 0_2_011245B1
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011245B1 mov eax, dword ptr fs:[00000030h] 0_2_011245B1
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011805A7 mov eax, dword ptr fs:[00000030h] 0_2_011805A7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011805A7 mov eax, dword ptr fs:[00000030h] 0_2_011805A7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011805A7 mov eax, dword ptr fs:[00000030h] 0_2_011805A7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011065D0 mov eax, dword ptr fs:[00000030h] 0_2_011065D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113A5D0 mov eax, dword ptr fs:[00000030h] 0_2_0113A5D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113A5D0 mov eax, dword ptr fs:[00000030h] 0_2_0113A5D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E5CF mov eax, dword ptr fs:[00000030h] 0_2_0113E5CF
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E5CF mov eax, dword ptr fs:[00000030h] 0_2_0113E5CF
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011025E0 mov eax, dword ptr fs:[00000030h] 0_2_011025E0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0112E5E7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0112E5E7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0112E5E7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0112E5E7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0112E5E7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0112E5E7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0112E5E7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E5E7 mov eax, dword ptr fs:[00000030h] 0_2_0112E5E7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113C5ED mov eax, dword ptr fs:[00000030h] 0_2_0113C5ED
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113C5ED mov eax, dword ptr fs:[00000030h] 0_2_0113C5ED
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01138402 mov eax, dword ptr fs:[00000030h] 0_2_01138402
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01138402 mov eax, dword ptr fs:[00000030h] 0_2_01138402
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01138402 mov eax, dword ptr fs:[00000030h] 0_2_01138402
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113A430 mov eax, dword ptr fs:[00000030h] 0_2_0113A430
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FC427 mov eax, dword ptr fs:[00000030h] 0_2_010FC427
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FE420 mov eax, dword ptr fs:[00000030h] 0_2_010FE420
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FE420 mov eax, dword ptr fs:[00000030h] 0_2_010FE420
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FE420 mov eax, dword ptr fs:[00000030h] 0_2_010FE420
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01186420 mov eax, dword ptr fs:[00000030h] 0_2_01186420
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01186420 mov eax, dword ptr fs:[00000030h] 0_2_01186420
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01186420 mov eax, dword ptr fs:[00000030h] 0_2_01186420
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01186420 mov eax, dword ptr fs:[00000030h] 0_2_01186420
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01186420 mov eax, dword ptr fs:[00000030h] 0_2_01186420
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01186420 mov eax, dword ptr fs:[00000030h] 0_2_01186420
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01186420 mov eax, dword ptr fs:[00000030h] 0_2_01186420
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112245A mov eax, dword ptr fs:[00000030h] 0_2_0112245A
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011BA456 mov eax, dword ptr fs:[00000030h] 0_2_011BA456
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h] 0_2_0113E443
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h] 0_2_0113E443
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h] 0_2_0113E443
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h] 0_2_0113E443
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h] 0_2_0113E443
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h] 0_2_0113E443
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h] 0_2_0113E443
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113E443 mov eax, dword ptr fs:[00000030h] 0_2_0113E443
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010F645D mov eax, dword ptr fs:[00000030h] 0_2_010F645D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112A470 mov eax, dword ptr fs:[00000030h] 0_2_0112A470
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112A470 mov eax, dword ptr fs:[00000030h] 0_2_0112A470
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112A470 mov eax, dword ptr fs:[00000030h] 0_2_0112A470
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118C460 mov ecx, dword ptr fs:[00000030h] 0_2_0118C460
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011BA49A mov eax, dword ptr fs:[00000030h] 0_2_011BA49A
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011344B0 mov ecx, dword ptr fs:[00000030h] 0_2_011344B0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118A4B0 mov eax, dword ptr fs:[00000030h] 0_2_0118A4B0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011064AB mov eax, dword ptr fs:[00000030h] 0_2_011064AB
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011004E5 mov ecx, dword ptr fs:[00000030h] 0_2_011004E5
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01100710 mov eax, dword ptr fs:[00000030h] 0_2_01100710
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01130710 mov eax, dword ptr fs:[00000030h] 0_2_01130710
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113C700 mov eax, dword ptr fs:[00000030h] 0_2_0113C700
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117C730 mov eax, dword ptr fs:[00000030h] 0_2_0117C730
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113273C mov eax, dword ptr fs:[00000030h] 0_2_0113273C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113273C mov ecx, dword ptr fs:[00000030h] 0_2_0113273C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113273C mov eax, dword ptr fs:[00000030h] 0_2_0113273C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113C720 mov eax, dword ptr fs:[00000030h] 0_2_0113C720
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113C720 mov eax, dword ptr fs:[00000030h] 0_2_0113C720
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01100750 mov eax, dword ptr fs:[00000030h] 0_2_01100750
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142750 mov eax, dword ptr fs:[00000030h] 0_2_01142750
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142750 mov eax, dword ptr fs:[00000030h] 0_2_01142750
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118E75D mov eax, dword ptr fs:[00000030h] 0_2_0118E75D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01184755 mov eax, dword ptr fs:[00000030h] 0_2_01184755
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113674D mov esi, dword ptr fs:[00000030h] 0_2_0113674D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113674D mov eax, dword ptr fs:[00000030h] 0_2_0113674D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113674D mov eax, dword ptr fs:[00000030h] 0_2_0113674D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01108770 mov eax, dword ptr fs:[00000030h] 0_2_01108770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 mov eax, dword ptr fs:[00000030h] 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 mov eax, dword ptr fs:[00000030h] 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 mov eax, dword ptr fs:[00000030h] 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 mov eax, dword ptr fs:[00000030h] 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 mov eax, dword ptr fs:[00000030h] 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 mov eax, dword ptr fs:[00000030h] 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 mov eax, dword ptr fs:[00000030h] 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 mov eax, dword ptr fs:[00000030h] 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 mov eax, dword ptr fs:[00000030h] 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 mov eax, dword ptr fs:[00000030h] 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 mov eax, dword ptr fs:[00000030h] 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110770 mov eax, dword ptr fs:[00000030h] 0_2_01110770
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A678E mov eax, dword ptr fs:[00000030h] 0_2_011A678E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B47A0 mov eax, dword ptr fs:[00000030h] 0_2_011B47A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011007AF mov eax, dword ptr fs:[00000030h] 0_2_011007AF
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110C7C0 mov eax, dword ptr fs:[00000030h] 0_2_0110C7C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011807C3 mov eax, dword ptr fs:[00000030h] 0_2_011807C3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011047FB mov eax, dword ptr fs:[00000030h] 0_2_011047FB
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011047FB mov eax, dword ptr fs:[00000030h] 0_2_011047FB
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118E7E1 mov eax, dword ptr fs:[00000030h] 0_2_0118E7E1
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011227ED mov eax, dword ptr fs:[00000030h] 0_2_011227ED
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011227ED mov eax, dword ptr fs:[00000030h] 0_2_011227ED
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011227ED mov eax, dword ptr fs:[00000030h] 0_2_011227ED
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01142619 mov eax, dword ptr fs:[00000030h] 0_2_01142619
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111260B mov eax, dword ptr fs:[00000030h] 0_2_0111260B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111260B mov eax, dword ptr fs:[00000030h] 0_2_0111260B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111260B mov eax, dword ptr fs:[00000030h] 0_2_0111260B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111260B mov eax, dword ptr fs:[00000030h] 0_2_0111260B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111260B mov eax, dword ptr fs:[00000030h] 0_2_0111260B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111260B mov eax, dword ptr fs:[00000030h] 0_2_0111260B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111260B mov eax, dword ptr fs:[00000030h] 0_2_0111260B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117E609 mov eax, dword ptr fs:[00000030h] 0_2_0117E609
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01136620 mov eax, dword ptr fs:[00000030h] 0_2_01136620
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01138620 mov eax, dword ptr fs:[00000030h] 0_2_01138620
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111E627 mov eax, dword ptr fs:[00000030h] 0_2_0111E627
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110262C mov eax, dword ptr fs:[00000030h] 0_2_0110262C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0111C640 mov eax, dword ptr fs:[00000030h] 0_2_0111C640
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01132674 mov eax, dword ptr fs:[00000030h] 0_2_01132674
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C866E mov eax, dword ptr fs:[00000030h] 0_2_011C866E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C866E mov eax, dword ptr fs:[00000030h] 0_2_011C866E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113A660 mov eax, dword ptr fs:[00000030h] 0_2_0113A660
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113A660 mov eax, dword ptr fs:[00000030h] 0_2_0113A660
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01104690 mov eax, dword ptr fs:[00000030h] 0_2_01104690
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01104690 mov eax, dword ptr fs:[00000030h] 0_2_01104690
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011366B0 mov eax, dword ptr fs:[00000030h] 0_2_011366B0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113C6A6 mov eax, dword ptr fs:[00000030h] 0_2_0113C6A6
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113A6C7 mov ebx, dword ptr fs:[00000030h] 0_2_0113A6C7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113A6C7 mov eax, dword ptr fs:[00000030h] 0_2_0113A6C7
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117E6F2 mov eax, dword ptr fs:[00000030h] 0_2_0117E6F2
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117E6F2 mov eax, dword ptr fs:[00000030h] 0_2_0117E6F2
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117E6F2 mov eax, dword ptr fs:[00000030h] 0_2_0117E6F2
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117E6F2 mov eax, dword ptr fs:[00000030h] 0_2_0117E6F2
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011806F1 mov eax, dword ptr fs:[00000030h] 0_2_011806F1
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011806F1 mov eax, dword ptr fs:[00000030h] 0_2_011806F1
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118C912 mov eax, dword ptr fs:[00000030h] 0_2_0118C912
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010F8918 mov eax, dword ptr fs:[00000030h] 0_2_010F8918
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010F8918 mov eax, dword ptr fs:[00000030h] 0_2_010F8918
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117E908 mov eax, dword ptr fs:[00000030h] 0_2_0117E908
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117E908 mov eax, dword ptr fs:[00000030h] 0_2_0117E908
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118892A mov eax, dword ptr fs:[00000030h] 0_2_0118892A
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0119892B mov eax, dword ptr fs:[00000030h] 0_2_0119892B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D4940 mov eax, dword ptr fs:[00000030h] 0_2_011D4940
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01180946 mov eax, dword ptr fs:[00000030h] 0_2_01180946
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A4978 mov eax, dword ptr fs:[00000030h] 0_2_011A4978
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A4978 mov eax, dword ptr fs:[00000030h] 0_2_011A4978
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118C97C mov eax, dword ptr fs:[00000030h] 0_2_0118C97C
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01126962 mov eax, dword ptr fs:[00000030h] 0_2_01126962
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01126962 mov eax, dword ptr fs:[00000030h] 0_2_01126962
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01126962 mov eax, dword ptr fs:[00000030h] 0_2_01126962
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0114096E mov eax, dword ptr fs:[00000030h] 0_2_0114096E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0114096E mov edx, dword ptr fs:[00000030h] 0_2_0114096E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0114096E mov eax, dword ptr fs:[00000030h] 0_2_0114096E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011889B3 mov esi, dword ptr fs:[00000030h] 0_2_011889B3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011889B3 mov eax, dword ptr fs:[00000030h] 0_2_011889B3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011889B3 mov eax, dword ptr fs:[00000030h] 0_2_011889B3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011129A0 mov eax, dword ptr fs:[00000030h] 0_2_011129A0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011009AD mov eax, dword ptr fs:[00000030h] 0_2_011009AD
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011009AD mov eax, dword ptr fs:[00000030h] 0_2_011009AD
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A9D0 mov eax, dword ptr fs:[00000030h] 0_2_0110A9D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A9D0 mov eax, dword ptr fs:[00000030h] 0_2_0110A9D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A9D0 mov eax, dword ptr fs:[00000030h] 0_2_0110A9D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A9D0 mov eax, dword ptr fs:[00000030h] 0_2_0110A9D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A9D0 mov eax, dword ptr fs:[00000030h] 0_2_0110A9D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110A9D0 mov eax, dword ptr fs:[00000030h] 0_2_0110A9D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011349D0 mov eax, dword ptr fs:[00000030h] 0_2_011349D0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CA9D3 mov eax, dword ptr fs:[00000030h] 0_2_011CA9D3
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011969C0 mov eax, dword ptr fs:[00000030h] 0_2_011969C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011329F9 mov eax, dword ptr fs:[00000030h] 0_2_011329F9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011329F9 mov eax, dword ptr fs:[00000030h] 0_2_011329F9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118E9E0 mov eax, dword ptr fs:[00000030h] 0_2_0118E9E0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118C810 mov eax, dword ptr fs:[00000030h] 0_2_0118C810
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A483A mov eax, dword ptr fs:[00000030h] 0_2_011A483A
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A483A mov eax, dword ptr fs:[00000030h] 0_2_011A483A
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113A830 mov eax, dword ptr fs:[00000030h] 0_2_0113A830
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01122835 mov eax, dword ptr fs:[00000030h] 0_2_01122835
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01122835 mov eax, dword ptr fs:[00000030h] 0_2_01122835
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01122835 mov eax, dword ptr fs:[00000030h] 0_2_01122835
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01122835 mov ecx, dword ptr fs:[00000030h] 0_2_01122835
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01122835 mov eax, dword ptr fs:[00000030h] 0_2_01122835
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01122835 mov eax, dword ptr fs:[00000030h] 0_2_01122835
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01130854 mov eax, dword ptr fs:[00000030h] 0_2_01130854
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01104859 mov eax, dword ptr fs:[00000030h] 0_2_01104859
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01104859 mov eax, dword ptr fs:[00000030h] 0_2_01104859
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01112840 mov ecx, dword ptr fs:[00000030h] 0_2_01112840
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01196870 mov eax, dword ptr fs:[00000030h] 0_2_01196870
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01196870 mov eax, dword ptr fs:[00000030h] 0_2_01196870
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118E872 mov eax, dword ptr fs:[00000030h] 0_2_0118E872
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118E872 mov eax, dword ptr fs:[00000030h] 0_2_0118E872
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118C89D mov eax, dword ptr fs:[00000030h] 0_2_0118C89D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01100887 mov eax, dword ptr fs:[00000030h] 0_2_01100887
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112E8C0 mov eax, dword ptr fs:[00000030h] 0_2_0112E8C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D08C0 mov eax, dword ptr fs:[00000030h] 0_2_011D08C0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113C8F9 mov eax, dword ptr fs:[00000030h] 0_2_0113C8F9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113C8F9 mov eax, dword ptr fs:[00000030h] 0_2_0113C8F9
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CA8E4 mov eax, dword ptr fs:[00000030h] 0_2_011CA8E4
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h] 0_2_0117EB1D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h] 0_2_0117EB1D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h] 0_2_0117EB1D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h] 0_2_0117EB1D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h] 0_2_0117EB1D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h] 0_2_0117EB1D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h] 0_2_0117EB1D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h] 0_2_0117EB1D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117EB1D mov eax, dword ptr fs:[00000030h] 0_2_0117EB1D
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D4B00 mov eax, dword ptr fs:[00000030h] 0_2_011D4B00
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112EB20 mov eax, dword ptr fs:[00000030h] 0_2_0112EB20
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112EB20 mov eax, dword ptr fs:[00000030h] 0_2_0112EB20
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C8B28 mov eax, dword ptr fs:[00000030h] 0_2_011C8B28
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011C8B28 mov eax, dword ptr fs:[00000030h] 0_2_011C8B28
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AEB50 mov eax, dword ptr fs:[00000030h] 0_2_011AEB50
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D2B57 mov eax, dword ptr fs:[00000030h] 0_2_011D2B57
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D2B57 mov eax, dword ptr fs:[00000030h] 0_2_011D2B57
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D2B57 mov eax, dword ptr fs:[00000030h] 0_2_011D2B57
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D2B57 mov eax, dword ptr fs:[00000030h] 0_2_011D2B57
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B4B4B mov eax, dword ptr fs:[00000030h] 0_2_011B4B4B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B4B4B mov eax, dword ptr fs:[00000030h] 0_2_011B4B4B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011A8B42 mov eax, dword ptr fs:[00000030h] 0_2_011A8B42
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01196B40 mov eax, dword ptr fs:[00000030h] 0_2_01196B40
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01196B40 mov eax, dword ptr fs:[00000030h] 0_2_01196B40
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011CAB40 mov eax, dword ptr fs:[00000030h] 0_2_011CAB40
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010F8B50 mov eax, dword ptr fs:[00000030h] 0_2_010F8B50
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_010FCB7E mov eax, dword ptr fs:[00000030h] 0_2_010FCB7E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B4BB0 mov eax, dword ptr fs:[00000030h] 0_2_011B4BB0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011B4BB0 mov eax, dword ptr fs:[00000030h] 0_2_011B4BB0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110BBE mov eax, dword ptr fs:[00000030h] 0_2_01110BBE
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110BBE mov eax, dword ptr fs:[00000030h] 0_2_01110BBE
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AEBD0 mov eax, dword ptr fs:[00000030h] 0_2_011AEBD0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01120BCB mov eax, dword ptr fs:[00000030h] 0_2_01120BCB
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01120BCB mov eax, dword ptr fs:[00000030h] 0_2_01120BCB
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01120BCB mov eax, dword ptr fs:[00000030h] 0_2_01120BCB
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01100BCD mov eax, dword ptr fs:[00000030h] 0_2_01100BCD
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01100BCD mov eax, dword ptr fs:[00000030h] 0_2_01100BCD
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01100BCD mov eax, dword ptr fs:[00000030h] 0_2_01100BCD
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01108BF0 mov eax, dword ptr fs:[00000030h] 0_2_01108BF0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01108BF0 mov eax, dword ptr fs:[00000030h] 0_2_01108BF0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01108BF0 mov eax, dword ptr fs:[00000030h] 0_2_01108BF0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118CBF0 mov eax, dword ptr fs:[00000030h] 0_2_0118CBF0
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112EBFC mov eax, dword ptr fs:[00000030h] 0_2_0112EBFC
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0118CA11 mov eax, dword ptr fs:[00000030h] 0_2_0118CA11
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01124A35 mov eax, dword ptr fs:[00000030h] 0_2_01124A35
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01124A35 mov eax, dword ptr fs:[00000030h] 0_2_01124A35
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113CA38 mov eax, dword ptr fs:[00000030h] 0_2_0113CA38
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113CA24 mov eax, dword ptr fs:[00000030h] 0_2_0113CA24
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0112EA2E mov eax, dword ptr fs:[00000030h] 0_2_0112EA2E
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h] 0_2_01106A50
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h] 0_2_01106A50
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h] 0_2_01106A50
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h] 0_2_01106A50
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h] 0_2_01106A50
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h] 0_2_01106A50
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01106A50 mov eax, dword ptr fs:[00000030h] 0_2_01106A50
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110A5B mov eax, dword ptr fs:[00000030h] 0_2_01110A5B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01110A5B mov eax, dword ptr fs:[00000030h] 0_2_01110A5B
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117CA72 mov eax, dword ptr fs:[00000030h] 0_2_0117CA72
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0117CA72 mov eax, dword ptr fs:[00000030h] 0_2_0117CA72
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011AEA60 mov eax, dword ptr fs:[00000030h] 0_2_011AEA60
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113CA6F mov eax, dword ptr fs:[00000030h] 0_2_0113CA6F
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113CA6F mov eax, dword ptr fs:[00000030h] 0_2_0113CA6F
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0113CA6F mov eax, dword ptr fs:[00000030h] 0_2_0113CA6F
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_01138A90 mov edx, dword ptr fs:[00000030h] 0_2_01138A90
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h] 0_2_0110EA80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h] 0_2_0110EA80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h] 0_2_0110EA80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h] 0_2_0110EA80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h] 0_2_0110EA80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h] 0_2_0110EA80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h] 0_2_0110EA80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h] 0_2_0110EA80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_0110EA80 mov eax, dword ptr fs:[00000030h] 0_2_0110EA80
Source: C:\Users\user\Desktop\tZz1Ogtr2C.exe Code function: 0_2_011D4A80 mov eax, dword ptr fs:[00000030h] 0_2_011D4A80
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Stealing of Sensitive Information
barindex
Yara detected FormBook
Source: Yara match File source: 0.2.tZz1Ogtr2C.exe.d10000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Remote Access Functionality
barindex
Yara detected FormBook
Source: Yara match File source: 0.2.tZz1Ogtr2C.exe.d10000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.2019241605.0000000000B30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.2019386556.0000000000D11000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1530783 Sample: tZz1Ogtr2C.exe Startdate: 10/10/2024 Architecture: WINDOWS Score: 80 7 Malicious sample detected (through community Yara rule) 2->7 9 Antivirus / Scanner detection for submitted sample 2->9 11 Multi AV Scanner detection for submitted file 2->11 13 3 other signatures 2->13 5 tZz1Ogtr2C.exe 2->5         started        process3
No contacted IP infos