Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4EBC74 FindFirstFileExW, |
8_2_00007FFB0C4EBC74 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4B3530 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,FindNextFileW,FindClose, |
8_2_00007FFB0C4B3530 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4B3250 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,FindNextFileW,FindClose, |
8_2_00007FFB0C4B3250 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4EBC74 FindFirstFileExW, |
12_2_00007FFB0C4EBC74 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4B3530 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,FindNextFileW,FindClose, |
12_2_00007FFB0C4B3530 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4B3250 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,FindNextFileW,FindClose, |
12_2_00007FFB0C4B3250 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4EBC74 FindFirstFileExW, |
20_2_00007FFB0C4EBC74 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4B3530 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,FindNextFileW,FindClose, |
20_2_00007FFB0C4B3530 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4B3250 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,FindNextFileW,FindClose, |
20_2_00007FFB0C4B3250 |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: 0 |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: Amcache.hve.11.dr |
String found in binary or memory: http://upx.sf.net |
Source: Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
String found in binary or memory: http://www.actualinstaller.com |
Source: HitPawInfo.exe.5.dr, 0 |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
String found in binary or memory: https://www.actualinstaller.comU |
Source: Player reports algnet 07-10-2024 .pdf www.skype.com.exe, 00000005.00000003.1370907201.00000000046E4000.00000004.00001000.00020000.00000000.sdmp, Player reports algnet 07-10-2024 .pdf www.skype.com.exe, 00000005.00000003.1371083740.00000000028A7000.00000004.00001000.00020000.00000000.sdmp, Player reports algnet 07-10-2024 .pdf www.skype.com.exe, 00000005.00000003.1371083740.00000000028AD000.00000004.00001000.00020000.00000000.sdmp, Player reports algnet 07-10-2024 .pdf www.skype.com.exe, 00000005.00000003.1371083740.00000000028BC000.00000004.00001000.00020000.00000000.sdmp, Dutchai.lng.5.dr |
String found in binary or memory: https://www.daproverb.be) |
Source: Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
String found in binary or memory: https://www.google.comU |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4DF694 |
8_2_00007FFB0C4DF694 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4EACC4 |
8_2_00007FFB0C4EACC4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4E2DD8 |
8_2_00007FFB0C4E2DD8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4E4FE4 |
8_2_00007FFB0C4E4FE4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4EE8F8 |
8_2_00007FFB0C4EE8F8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4DABD8 |
8_2_00007FFB0C4DABD8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4F2500 |
8_2_00007FFB0C4F2500 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4DA840 |
8_2_00007FFB0C4DA840 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4DA0E0 |
8_2_00007FFB0C4DA0E0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4E0310 |
8_2_00007FFB0C4E0310 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4F03E8 |
8_2_00007FFB0C4F03E8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4D9CD8 |
8_2_00007FFB0C4D9CD8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4F1E64 |
8_2_00007FFB0C4F1E64 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4D9EDC |
8_2_00007FFB0C4D9EDC |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4E1958 |
8_2_00007FFB0C4E1958 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4DFA40 |
8_2_00007FFB0C4DFA40 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4E5AF8 |
8_2_00007FFB0C4E5AF8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4E9B1C |
8_2_00007FFB0C4E9B1C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4EBC74 |
8_2_00007FFB0C4EBC74 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4ED680 |
8_2_00007FFB0C4ED680 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4DB6A4 |
8_2_00007FFB0C4DB6A4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4C16D0 |
8_2_00007FFB0C4C16D0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4DB26C |
8_2_00007FFB0C4DB26C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4E5478 |
8_2_00007FFB0C4E5478 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4EACC4 |
12_2_00007FFB0C4EACC4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4E2DD8 |
12_2_00007FFB0C4E2DD8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4E4FE4 |
12_2_00007FFB0C4E4FE4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4EE8F8 |
12_2_00007FFB0C4EE8F8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4DABD8 |
12_2_00007FFB0C4DABD8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4F2500 |
12_2_00007FFB0C4F2500 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4DA840 |
12_2_00007FFB0C4DA840 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4DA0E0 |
12_2_00007FFB0C4DA0E0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4E0310 |
12_2_00007FFB0C4E0310 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4F03E8 |
12_2_00007FFB0C4F03E8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4D9CD8 |
12_2_00007FFB0C4D9CD8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4F1E64 |
12_2_00007FFB0C4F1E64 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4D9EDC |
12_2_00007FFB0C4D9EDC |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4E1958 |
12_2_00007FFB0C4E1958 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4DFA40 |
12_2_00007FFB0C4DFA40 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4E5AF8 |
12_2_00007FFB0C4E5AF8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4E9B1C |
12_2_00007FFB0C4E9B1C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4EBC74 |
12_2_00007FFB0C4EBC74 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4DF694 |
12_2_00007FFB0C4DF694 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4ED680 |
12_2_00007FFB0C4ED680 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4DB6A4 |
12_2_00007FFB0C4DB6A4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4C16D0 |
12_2_00007FFB0C4C16D0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4DB26C |
12_2_00007FFB0C4DB26C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4E5478 |
12_2_00007FFB0C4E5478 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4EACC4 |
20_2_00007FFB0C4EACC4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4E2DD8 |
20_2_00007FFB0C4E2DD8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4E4FE4 |
20_2_00007FFB0C4E4FE4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4EE8F8 |
20_2_00007FFB0C4EE8F8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4DABD8 |
20_2_00007FFB0C4DABD8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4F2500 |
20_2_00007FFB0C4F2500 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4DA840 |
20_2_00007FFB0C4DA840 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4DA0E0 |
20_2_00007FFB0C4DA0E0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4E0310 |
20_2_00007FFB0C4E0310 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4F03E8 |
20_2_00007FFB0C4F03E8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4D9CD8 |
20_2_00007FFB0C4D9CD8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4F1E64 |
20_2_00007FFB0C4F1E64 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4D9EDC |
20_2_00007FFB0C4D9EDC |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4E1958 |
20_2_00007FFB0C4E1958 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4DFA40 |
20_2_00007FFB0C4DFA40 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4E5AF8 |
20_2_00007FFB0C4E5AF8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4E9B1C |
20_2_00007FFB0C4E9B1C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4EBC74 |
20_2_00007FFB0C4EBC74 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4DF694 |
20_2_00007FFB0C4DF694 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4ED680 |
20_2_00007FFB0C4ED680 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4DB6A4 |
20_2_00007FFB0C4DB6A4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4C16D0 |
20_2_00007FFB0C4C16D0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4DB26C |
20_2_00007FFB0C4DB26C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4E5478 |
20_2_00007FFB0C4E5478 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: String function: 00007FFB0C4A2E50 appears 63 times |
|
Source: C:\Windows\System32\regsvr32.exe |
Code function: String function: 00007FFB0C495120 appears 36 times |
|
Source: C:\Windows\System32\regsvr32.exe |
Code function: String function: 00007FFB0C4E4154 appears 75 times |
|
Source: C:\Windows\System32\regsvr32.exe |
Code function: String function: 00007FFB0C4D598C appears 39 times |
|
Source: C:\Windows\System32\regsvr32.exe |
Code function: String function: 00007FFB0C497410 appears 33 times |
|
Source: unknown |
Process created: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe "C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe" |
|
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Process created: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe "C:\Users\user~1\AppData\Local\Temp\HitPawInfo.exe" |
|
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Process created: C:\Windows\System32\regsvr32.exe ResPrompt.dll |
|
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6652 -s 524 |
|
Source: unknown |
Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s ResPrompt.dll |
|
Source: unknown |
Process created: C:\Windows\System32\reg.exe C:\Windows\system32\REG.EXE ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "PMP" /t REG_SZ /F /D "schtasks /run /tn PMP" |
|
Source: C:\Windows\System32\reg.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\System32\regsvr32.exe regsvr32.exe /s ResPrompt.dll |
|
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Process created: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe "C:\Users\user~1\AppData\Local\Temp\HitPawInfo.exe" |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Process created: C:\Windows\System32\regsvr32.exe ResPrompt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: msftedit.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: windows.globalization.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: bcp47mrm.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: globinputhost.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Section loaded: pcinfo.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: resprompt.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: resprompt.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: aclayers.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Section loaded: resprompt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Player reports algnet 07-10-2024 .pdf www.skype.com.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\HitPawInfo.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4EBC74 FindFirstFileExW, |
8_2_00007FFB0C4EBC74 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4B3530 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,FindNextFileW,FindClose, |
8_2_00007FFB0C4B3530 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4B3250 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,FindNextFileW,FindClose, |
8_2_00007FFB0C4B3250 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4EBC74 FindFirstFileExW, |
12_2_00007FFB0C4EBC74 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4B3530 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,FindNextFileW,FindClose, |
12_2_00007FFB0C4B3530 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4B3250 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,FindNextFileW,FindClose, |
12_2_00007FFB0C4B3250 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4EBC74 FindFirstFileExW, |
20_2_00007FFB0C4EBC74 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4B3530 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,FindNextFileW,FindClose, |
20_2_00007FFB0C4B3530 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4B3250 Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileW,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,FindNextFileW,FindClose, |
20_2_00007FFB0C4B3250 |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware Virtual USB Mouse |
Source: Amcache.hve.11.dr |
Binary or memory string: vmci.syshbin |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware, Inc. |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware20,1hbin@ |
Source: Amcache.hve.11.dr |
Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563 |
Source: Amcache.hve.11.dr |
Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: Amcache.hve.11.dr |
Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys |
Source: Player reports algnet 07-10-2024 .pdf www.skype.com.exe, 00000005.00000003.1372382822.0000000000E07000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: Amcache.hve.11.dr |
Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.11.dr |
Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev |
Source: Amcache.hve.11.dr |
Binary or memory string: c:/windows/system32/drivers/vmci.sys |
Source: Amcache.hve.11.dr |
Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000 |
Source: regsvr32.exe, 00000008.00000002.3179259080.0000000000DF8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]] |
Source: Amcache.hve.11.dr |
Binary or memory string: vmci.sys |
Source: Player reports algnet 07-10-2024 .pdf www.skype.com.exe, 00000005.00000003.1372382822.0000000000E07000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: Amcache.hve.11.dr |
Binary or memory string: vmci.syshbin` |
Source: Amcache.hve.11.dr |
Binary or memory string: \driver\vmci,\driver\pci |
Source: Amcache.hve.11.dr |
Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000 |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware20,1 |
Source: Amcache.hve.11.dr |
Binary or memory string: Microsoft Hyper-V Generation Counter |
Source: Amcache.hve.11.dr |
Binary or memory string: NECVMWar VMware SATA CD00 |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: Amcache.hve.11.dr |
Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom |
Source: Amcache.hve.11.dr |
Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk |
Source: Amcache.hve.11.dr |
Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware PCI VMCI Bus Device |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware VMCI Bus Device |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware Virtual RAM |
Source: Amcache.hve.11.dr |
Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1 |
Source: Amcache.hve.11.dr |
Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d |
Source: Amcache.hve.11.dr |
Binary or memory string: vmci.inf_amd64_68ed49469341f563 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4D40A0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
8_2_00007FFB0C4D40A0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4D4354 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
8_2_00007FFB0C4D4354 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 8_2_00007FFB0C4D9238 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
8_2_00007FFB0C4D9238 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4D40A0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
12_2_00007FFB0C4D40A0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4D4354 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
12_2_00007FFB0C4D4354 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 12_2_00007FFB0C4D9238 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
12_2_00007FFB0C4D9238 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4D40A0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
20_2_00007FFB0C4D40A0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4D4354 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
20_2_00007FFB0C4D4354 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: 20_2_00007FFB0C4D9238 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
20_2_00007FFB0C4D9238 |
Source: regsvr32.exe, 00000008.00000002.3179259080.0000000000DF8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 367706/user<-->Windows 10 Pro=19045<-->C:\Windows\System32\regsvr32.exe<-->Microsoft Defender Antivirus-<-->1709044087<-->A<-->7/12/2019 4:9 a.m.<-->Program Manager<-->o |
Source: regsvr32.exe, 00000008.00000002.3179259080.0000000000DF8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 367706/user<-->Windows 10 Pro=19045<-->C:\Windows\System32\regsvr32.exe<-->Microsoft Defender Antivirus-<-->1709044087<-->A<-->7/12/2019 4:9 a.m.<-->Program Manager<--> |
Source: regsvr32.exe, 00000008.00000002.3179259080.0000000000DF8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ClientInfo>>//>>367706/user<-->Windows 10 Pro=19045<-->C:\Windows\System32\regsvr32.exe<-->Microsoft Defender Antivirus-<-->1709044087<-->A<-->7/12/2019 4:9 a.m.<-->Program Manager<-->lication Error<-->H |
Source: regsvr32.exe, 00000008.00000002.3179259080.0000000000DF8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ClientInfo>>//>>367706/user<-->Windows 10 Pro=19045<-->C:\Windows\System32\regsvr32.exe<-->Microsoft Defender Antivirus-<-->1709044087<-->A<-->7/12/2019 4:9 a.m.<-->Program Manager<--> |
Source: C:\Windows\System32\regsvr32.exe |
Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, |
8_2_00007FFB0C4EEE88 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW, |
8_2_00007FFB0C4E44C4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: EnumSystemLocalesW, |
8_2_00007FFB0C4E40D8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
8_2_00007FFB0C4EF8D0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW, |
8_2_00007FFB0C4EF594 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
8_2_00007FFB0C4EF6EC |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW, |
8_2_00007FFB0C4EF79C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: EnumSystemLocalesW, |
8_2_00007FFB0C4EF1E4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: EnumSystemLocalesW, |
8_2_00007FFB0C4EF2B4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
8_2_00007FFB0C4EF34C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, |
12_2_00007FFB0C4EEE88 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW, |
12_2_00007FFB0C4E44C4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: EnumSystemLocalesW, |
12_2_00007FFB0C4E40D8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
12_2_00007FFB0C4EF8D0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW, |
12_2_00007FFB0C4EF594 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
12_2_00007FFB0C4EF6EC |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW, |
12_2_00007FFB0C4EF79C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: EnumSystemLocalesW, |
12_2_00007FFB0C4EF1E4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: EnumSystemLocalesW, |
12_2_00007FFB0C4EF2B4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
12_2_00007FFB0C4EF34C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW, |
20_2_00007FFB0C4EEE88 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW, |
20_2_00007FFB0C4E44C4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: EnumSystemLocalesW, |
20_2_00007FFB0C4E40D8 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
20_2_00007FFB0C4EF8D0 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW, |
20_2_00007FFB0C4EF594 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP, |
20_2_00007FFB0C4EF6EC |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW, |
20_2_00007FFB0C4EF79C |
Source: C:\Windows\System32\regsvr32.exe |
Code function: EnumSystemLocalesW, |
20_2_00007FFB0C4EF1E4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: EnumSystemLocalesW, |
20_2_00007FFB0C4EF2B4 |
Source: C:\Windows\System32\regsvr32.exe |
Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW, |
20_2_00007FFB0C4EF34C |
Source: Amcache.hve.11.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe |
Source: Amcache.hve.11.dr |
Binary or memory string: msmpeng.exe |
Source: Amcache.hve.11.dr |
Binary or memory string: c:\program files\windows defender\msmpeng.exe |
Source: Amcache.hve.11.dr |
Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe |
Source: Amcache.hve.11.dr |
Binary or memory string: MsMpEng.exe |