a03744bb8d5b12422499ac86f1e604c019323ffbae7281c638f3c3dcd1b917e6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15-05-2024 01:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a03744bb8d5b12422499ac86f1e604c019323ffbae7281c638f3c3dcd1b917e6.dll
Size

4.2MB
MD5

494ae0e4e01254135706ec04e7ad0b96
SHA1

f56ec4eb8791fa06e28e22bba7e232a2860679e0
SHA256

a03744bb8d5b12422499ac86f1e604c019323ffbae7281c638f3c3dcd1b917e6
SHA512

17a1a1e51d31fb5c808953e608ea2488aa026f725308199d112509ba8b920b7f2899e4e695d751532508a691102f8a9a5c7fee77b59c72afe4f5edd54f7bf21a
SSDEEP

98304:dFdCwAsvmtoZ7Nm0V8HQtHGkZQ9hIof8I+:HdrAsvJmX+HGkZQPINI+

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PPCAppServerProvider.PPCContentHandler\	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F0768350-1C07-4AB4-AE21-089CD1A928DD}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F0768350-1C07-4AB4-AE21-089CD1A928DD}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F0768350-1C07-4AB4-AE21-089CD1A928DD}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a03744bb8d5b12422499ac86f1e604c019323ffbae7281c638f3c3dcd1b917e6.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F0768350-1C07-4AB4-AE21-089CD1A928DD}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}\TypeLib\ = "{F0768350-1C07-4AB4-AE21-089CD1A928DD}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF730124-B592-4F35-938B-F470BD6D9C19}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators\{FF730124-B592-4F35-938B-F470BD6D9C19} = "Аутентификатор Negotiate \"Парус 8\" PPC для удаленного доступа приложения Win32"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PPCAppServerProvider.PPCAuthenticator	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a03744bb8d5b12422499ac86f1e604c019323ffbae7281c638f3c3dcd1b917e6.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}\TypeLib\ = "{F0768350-1C07-4AB4-AE21-089CD1A928DD}"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}.bitmap = 424d360c000000000000360000002800000020000000200000000100180000000000000c000000000000000000000000000000000000ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffba7500ba7500ba7500ba7500ba7500ba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff0b3143083236093c22093c22093c22093c22093c22093c220b452a0c4d300d5030ba7500ba7500eedebfeedebfeedebfeedebfeedebfeedebfba7500ba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff0f3c592555778ab6d20d5135147e5c147d5b147c5b147c5b147b5a137958ba7500ba7500eedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfba7500ba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ff1c4b6c4579a15d94bd93bcd90d523717906a178f6a178f6a24a883178160ba7500eedebfeedebfeedebfeedebfeedebfeedebfeedebfdebe84be7d00e6d0a5eedebfeedebfeedebfeedebfba7500ff00ffff00ffff00ffff00ffff00ff22587641759a659bc36ca1c895bfdc0d55391aa37a1aa27a1aa078199e76ba7500eedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfc18300ba7500c08200eedebfeedebfeedebfeedebfeedebfba7500ff00ffff00ffff00ffff00ff2d63876499c073a7cd7aaed398c1dd0c4e3318976e1aa47c1ba880ba7500eedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfbb7700ba7500ba7500eedebfeedebfeedebfeedebfeedebfeedebfba7500ff00ffff00ffff00ff3873977aaed380b5d887badd8bbad017635012714d1cab8321af87ba7500eedebfeedebfeedebfeedebff1e4cceedebfeedebfe9d5afeedebfbb7700ba7500ba7500eedebfeedebfeedebfeedebfeedebfeedebfba7500ff00ffff00ffff00ff4481a688badd89bedc3a8a82116a4b147b59116a45168c65147e59ba7500eedebfeedebfeedebfeedebfbc7800c99430e7d1a6d6ad63eeddbeba7600ba7500ba7500ead7b2c38911dab673eedebfeedebfeedebfba7500ff00ffff00ffff00ff28757d35877f11684925947256d1ae50c6a3147d57147f59ba7500eedebfeedebfeedebfeedebfd5ac60ba7500c38911ecdab8ebd7b3ca9838ba7500ba7500ba7500e5cda1eedebfeedebfeedebfeedebfeedebfeedebfba7500ff00ffff00ff10664821987663dcba63ddbc4acca722a680168962168a64ba7500eedebfeedebfeedebfeedebfbf7f00ba7500e2c693c28700c8942edbb878ba7500ba7500c48a17eedebfe0c18beedebfeedebfeedebfeedebfeedebfba7500ff00ffff00ff126e4f168d6922a88133bc9538c09a2baf8a17936e189670ba7500eedebfeedebfeedebff1e2c9ba7500ba7500e6cea2bb7800bb7800e6cea3ba7500ba7500e3c999dbb97acea049eedebfeedebfeedebfeedebfeedebfba7500ff00ffff00ff1c725f15855f15855f168d683abd982ab18b199f791aa07aba7500eedebfeedebfeedebfe1c38fba7500ba7500e4ca9cbd7b00cc9a3de4ca9bba7500ba7500eedfc2e0c28cca9635dab676eedebfeedebfeedebfeedebfba7500ff00ffff00ffff00ff15815f15855f12704c137550199d761aa07a1ba37c49b392ba7500eedebfeedebfd5ac60ba7500ba7500e6cea2dbb777f1e4ccd2a859ba7500ba7500efe0c3f0e2c9cfa14bc79027eedebfeedebfeedebfba7500ff00ffff00ffff00ffff00ff158463168a6515845d15845d28c29737b38f1065411d7b5cba7500eedebfeedebfd0a450ba7500ba7500dbb97ad6af66c99532ba7500ba7500ba7500bd7b00e7d1a8c99531bc7900eedebfeedebfeedebfba7500ff00ffff00ffff00ffff00ffff00ff1a8d6c259d79147d591eb48a5addb980e2c5b9f4f4ba7500eedebfeedebfdab776ba7500ba7500c48b19e1c592ba7500ba7500ba7500ba7500c3880fe8d2aaba7500c08100eedebfeedebfeedebfba7500ff00ffff00ffff00ffff00ffff00ff339e7d2da3847de9cb168d6648d4ad89ecd6b9f4f4b8f3f2ba7500eedebfeedebfc08200ba7500ba7500debf85d9b36fbd7c00bd7c00d1a553ead6b1c08000c18500efdfc2eedebfeedebfba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ff279e7b43ba9861c0a32ebe9478e9cbb6f3f29de6dc446d90ba7500eedebfeedebfe9d5b0eddbbaeedebfeedebfeedebfeedebfeedebfead7b2edddbeeedebfeedebfeedebfba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff36a78a47bb9b1b936e62dbbc558a9f4d7ba25189b15190b8ba7500ba7500eedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfba7500ba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff82c1b115846439768c608bb173a7cd6ca5cb629ec45a97be5191b9ba7500ba7500eedebfeedebfeedebfeedebfeedebfeedebfba7500ba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff7096ba8fbee08bbee080b5da76aed26da7cc639fc55a98bf5392baba7500ba7500ba7500ba7500ba7500ba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff94bddea4d2f099c9e996c7e88cbfe182b8da78b0d46fa9ce64a0c75c9ac05393ba498cb44185af3b6890ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff82a8ccb5ddf3b4def3a9d6f19fcfee9ccced9acaea8ec2e384b9db79b0d470aacf66a1c85c9ac15395bc4d84ab3c5f86ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff93b9dcc8edf6c1e9f5b6e1f3aedbf2a4d3f0a1d2f0a0cfef9bcceb90c3e485badd7ab2d570abcf66a3c86098be44698fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa1c7e8d3f5f8cbeff6c3eaf5bbe5f4b2dff2a9d8f1a7d7f1a4d3f0a3d3f09cceee91c5e687bdde7bb3d771a7cb4b6f97ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa5cbeddcf9f9d6f7f8cff3f7c7eef6bfe8f4b8e4f3b0def2acdbf1a9daf1a8d8f1a7d7f19ecfef92c6e781b1d453789fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff616971b9d0dddffafad8f9f9d2f6f8cbf2f6c3ecf5bce8f4b5e3f3b0e0f2b0def2adddf2abdbf1a8d7f1324758597b9fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5f6163686c6ed4ecf8e1fafad0eef79db5c073848e5f6f785566704b5d685167746380915e7b8c152229000000110d24ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5f60635b5b5b626363838b8f5556564949493d3d3d3232322727271c1c1c0f0f0f0505050000000000000000005f5f5fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6363625b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5858584c4c4c4141413636362b2b2b1f1f1f141414090909000000ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5e5d5d5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5050504646463a3a3a2e2e2e232323171717ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5b5a5b5f5f5f5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5555554a4a4a3f3f3fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6462625b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b616161ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF730124-B592-4F35-938B-F470BD6D9C19}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF730124-B592-4F35-938B-F470BD6D9C19}\ProgID\ = "PPCAppServerProvider.PPCNegotiateAuthenticator"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF730124-B592-4F35-938B-F470BD6D9C19}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a03744bb8d5b12422499ac86f1e604c019323ffbae7281c638f3c3dcd1b917e6.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PPCAppServerProvider.PPCContentHandler	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\ContentHandlers\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}.bitmap = 424d360c000000000000360000002800000020000000200000000100180000000000000c000000000000000000000000000000000000ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff9f7c637f4f2e7e4f2d8a5f40a07e66c2ac9dff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff68310a6b340d92694da888729f7c648d6346875c3d9f7c63ccbaadff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff662e06926a4ef1ebe8fcfbfaf6f2f0efe9e5e0d5cdc1aa9aa07c649f7c63cbb8abff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6b340eaa8a74fdfcfbe5dbd59e7a619f7b62bba290d9cbc1ebe4deded2c9b79c8aaf927dff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffc8bbaebaa38dc2b09c7643209e7b61fbfaf9cbb8aa703c17ab8c77c3ad9db29682aa8b76bea695dfd3cbd4c4b9b59a86ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff9971489063368f633692694d875b3df3eeebd7c8be805231e5dbd5fffffffcfbfaf1ebe8d8c9bfbca391bba291af917dff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffb0967b9063348f61328e61328f6233764320dfd4ccebe4df885c3dd8cac0fffffffffffffffffffffffffcfbfaeae3ddb69c89b79c89ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffaa8b6b8e60318e60318e60318e60317a4927c0a999f8f6f49b765cc0a897fffffeffffffffffffffffffffffffffffffdacdc3bba290ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa685638e60318e60318e60318e60319771569b775df9f6f4bda493a38069faf9f8ffffffffffffffffffffffffffffffdccfc6d1c0b4ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa4825e8e60318e60318e60318e603193673b815232e8dfd9e0d5cd92694cede6e2ffffffffffffffffffffffffffffffdccfc6d5c5baff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa3805d8e60318e60318e60318e6031926639875b3bc4ae9ff6f3f19d7960cfbeb2ffffffffffffffffffffffffffffffdbcdc4d6c7bcff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffb5aba2a5825e8e60318e60318e60318e6031916437b19580977257f7f4f1c4af9fa88872fbf9f8ffffffffffffffffffffffffdacbc2d8cac0ff00ffff00ffff00ffff00ffff00ffbea994b8b2acff00ffe1ddd9d2c1b1b79c80b29577cbbbacd9cfc5a784618e60318e60318e60318e6031906335a17d57875b3dddd1c8ebe4df997358e6ddd7ffffffffffffffffffffffffd8cac0dbcec5ff00ffff00ffff00ffff00ffa3805d956b3fad8f71cfcac6ff00ffff00ffc5beb8ad9072a47f5ad3c1afa885608e60318e60318e60318e60318f61339a7047a88872ad8f7af9f7f5b69c89bda593fdfdfcfffffffffffffffefed5c6bbded1c9ff00ffff00ffff00ffff00ff93673a8f613294683cb59b80ada9a6ff00ffff00ffd7cfc7bda286cfbca99d754d8e60318e60318e60318e60318e6132926639ddd0c38f6549e6ddd7e6dcd69f7b62eee8e3fffffffffffffefdfdcfbdb1dfd3cbff00ffff00ffff00ff966c438f62338e60318f6132956a3fc8b6a4cdc7c0c8bbaee9e1dad5c5b4a6825d9063368e60318e60318e60318e60318e6031906335af8f6dab8c76b49986faf8f6baa08ec3ac9dfefdfdfffffffcfbfbcab6a9dccfc6ff00ffff00ffbca58d9063368e60318e60318f62349b7248cfbca9bba1859f7851c5ae97c5ae979266388f62338e60318e60318e60318e60318e6132916537bfa58aece6e0956e53e5dcd5ebe4dfa78770ece5e0fffffffbf9f8c8b3a5d9ccc3ff00ffff00ffa07b549063358e60318e6032916537b59779c5ae96976d428f6233a27c55dbcdbe986f448f62338e60318e60318e60318e60319062349d754de2d6cad9cabbbca392b0937ffaf8f6ccbaadbea695fcfbfaf6f2f0cbb7a9d7c8beff00ffff00ff956a3e8f62338e60318f613295693dd2c1aeaa88649265388f613294693cc5ad96b293739265388e60318e60318e60318e603194683bc5ad95c0a68cbb9f83ccb7a2a27f67d9cbc2f7f4f2b99f8dded1c8eae3ddd1c0b4cebcafff00ffff00ff9266388f61328e60318f6132956b3fd7c6b5a5805a9164368e6132916537ae8d6bc8b29b94683b8e60318e60318e60318e6132a6825cd3c2b09c754bb6977abea488baa38ba88972f3eeebeee7e3bea595bfa898e4dad3c9b6a8ff00ffa2805e8f61338e60318e60318f6132956a3dcebaa5ac8a689164378e60318f6233a27c55d2bfac956a3e8e60318e60318e6132916436bda287bda286986e43b99d81b79a7ca6835fc1ab9bc2ac9dfcfbfaf5f2efede6e2efe9e6cbb9aba69d949b754f8e60318e60318e60318f613294693cc7b099b08f6f9165378e6031906234a37e57d1beab956a3e8e60318e60319062349d754cc4ac93a88561966c40c0a68db19172986f44ff00ffb69c89ddd0c8fefefeffffffe2d8d1daccc2b2a3949870488e60318e60318e60318f613294693cc7b098b191719366398f6234926638ae8d6bc9b39d94693c8e60318e6031916436a98662c2a88f9e764e966b40c0a78db2927295693dff00ffff00ffbaa18fe7ded8faf9f8cfbdb1ff00ffbca791966c408e60318e60318e60318f613294693cccb7a1b59778976d42b19170d1beaac2a88fba9d819266398e60318e6031916437ad8b69c3ab92ae8d6ba37e58bb9f83b99d7f94683b92673cff00ffff00ffc3ae9fc8b4a6d4c5baff00ffbaa08493673b8e60318e60318e60318f613294683ccdb9a4ddd0c2bfa489bca185c8b19bd6c6b5a17c559063358e60318e6031906335a17b54c7b099cfbda8c7b19abfa48ac0a78d93673a8f6235c8b7a6ff00ffff00ffff00ffff00ffff00ffb79a7c9366398e60318e60318e60318f613293673ac2a98fc7b19abfa68cccb8a3cab59fac8b698f62348e60318e60318e60318e6032906335ab8865cab59fcebaa5dccdbebfa68b93673a8f6335b59a7fff00ffff00ffff00ffff00ffff00ffb79b7d93673a8e60318e60318e60318e6032916437b19170c7b099986f44966b3f94693d9165378f61328e60318e60318e60318e60318e6031916537996f44a5805bd6c6b5a98662916436906335ab8a68ff00ffff00ffff00ffff00ffff00ffbaa08593673b8e60318e60318e60318e60318f62339d754dd6c5b49a71478e60318e60318e60318e60318e60318e60318e60318e60318e60318f6133916537ba9d81cdb9a49366398f6132906335a78460ff00ffff00ffff00ffff00ffff00ffff00ff976e438e60318e60318e60318e60318e6032956a3eccb7a1ad8c6a8f61328e60318e60318e60318e60318e60318e60318e60318e6031926639a6815ce0d3c79e78508f62338e6031906335ab8c6cff00ffff00ffff00ffff00ffff00ffff00ffff00ff9165378f61328e60318e60318e6031926638b39475c7af989c734a9164368e60328e60318e60318e60318e613290633595693da88561cfbca8ac8a689266398f61329164379a734aff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa7835f9164378e60318e60318e60319062349c744acab59fc9b39c9e764d8f61328e60318e60318e60318f61339c744bba9e82cbb6a1b293749266398e6132906335a5815cff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffb3997eaf9275b09579b8a189c0af9eff00ffff00ffff00ffb79f87ad8f71aa8c6cb09478c1ac96d3c4b6d2c1b0b49778a37d57a07b55a98967ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F0768350-1C07-4AB4-AE21-089CD1A928DD}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}.parameters = "<parameters><string name=\"Database\" caption=\"База данных\"/><string name=\"UserName\" caption=\"Пользователь\"/><string name=\"Password\" caption=\"Пароль\"/><string name=\"Company\" caption=\"Организация\"/><boolean name=\"NoCheckVersions\" caption=\"Не требовать соответствие версии "Парус 8" при проверке\"/></parameters>\r\n"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF730124-B592-4F35-938B-F470BD6D9C19}\Version\ = "1.0"	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators\{FF730124-B592-4F35-938B-F470BD6D9C19}.bitmap = 424d360c000000000000360000002800000020000000200000000100180000000000000c000000000000000000000000000000000000ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffba7500ba7500ba7500ba7500ba7500ba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff0b3143083236093c22093c22093c22093c22093c22093c220b452a0c4d300d5030ba7500ba7500eedebfeedebfeedebfeedebfeedebfeedebfba7500ba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff0f3c592555778ab6d20d5135147e5c147d5b147c5b147c5b147b5a137958ba7500ba7500eedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfba7500ba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ff1c4b6c4579a15d94bd93bcd90d523717906a178f6a178f6a24a883178160ba7500eedebfeedebfeedebfeedebfeedebfeedebfeedebfdebe84be7d00e6d0a5eedebfeedebfeedebfeedebfba7500ff00ffff00ffff00ffff00ffff00ff22587641759a659bc36ca1c895bfdc0d55391aa37a1aa27a1aa078199e76ba7500eedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfc18300ba7500c08200eedebfeedebfeedebfeedebfeedebfba7500ff00ffff00ffff00ffff00ff2d63876499c073a7cd7aaed398c1dd0c4e3318976e1aa47c1ba880ba7500eedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfbb7700ba7500ba7500eedebfeedebfeedebfeedebfeedebfeedebfba7500ff00ffff00ffff00ff3873977aaed380b5d887badd8bbad017635012714d1cab8321af87ba7500eedebfeedebfeedebfeedebff1e4cceedebfeedebfe9d5afeedebfbb7700ba7500ba7500eedebfeedebfeedebfeedebfeedebfeedebfba7500ff00ffff00ffff00ff4481a688badd89bedc3a8a82116a4b147b59116a45168c65147e59ba7500eedebfeedebfeedebfeedebfbc7800c99430e7d1a6d6ad63eeddbeba7600ba7500ba7500ead7b2c38911dab673eedebfeedebfeedebfba7500ff00ffff00ffff00ff28757d35877f11684925947256d1ae50c6a3147d57147f59ba7500eedebfeedebfeedebfeedebfd5ac60ba7500c38911ecdab8ebd7b3ca9838ba7500ba7500ba7500e5cda1eedebfeedebfeedebfeedebfeedebfeedebfba7500ff00ffff00ff10664821987663dcba63ddbc4acca722a680168962168a64ba7500eedebfeedebfeedebfeedebfbf7f00ba7500e2c693c28700c8942edbb878ba7500ba7500c48a17eedebfe0c18beedebfeedebfeedebfeedebfeedebfba7500ff00ffff00ff126e4f168d6922a88133bc9538c09a2baf8a17936e189670ba7500eedebfeedebfeedebff1e2c9ba7500ba7500e6cea2bb7800bb7800e6cea3ba7500ba7500e3c999dbb97acea049eedebfeedebfeedebfeedebfeedebfba7500ff00ffff00ff1c725f15855f15855f168d683abd982ab18b199f791aa07aba7500eedebfeedebfeedebfe1c38fba7500ba7500e4ca9cbd7b00cc9a3de4ca9bba7500ba7500eedfc2e0c28cca9635dab676eedebfeedebfeedebfeedebfba7500ff00ffff00ffff00ff15815f15855f12704c137550199d761aa07a1ba37c49b392ba7500eedebfeedebfd5ac60ba7500ba7500e6cea2dbb777f1e4ccd2a859ba7500ba7500efe0c3f0e2c9cfa14bc79027eedebfeedebfeedebfba7500ff00ffff00ffff00ffff00ff158463168a6515845d15845d28c29737b38f1065411d7b5cba7500eedebfeedebfd0a450ba7500ba7500dbb97ad6af66c99532ba7500ba7500ba7500bd7b00e7d1a8c99531bc7900eedebfeedebfeedebfba7500ff00ffff00ffff00ffff00ffff00ff1a8d6c259d79147d591eb48a5addb980e2c5b9f4f4ba7500eedebfeedebfdab776ba7500ba7500c48b19e1c592ba7500ba7500ba7500ba7500c3880fe8d2aaba7500c08100eedebfeedebfeedebfba7500ff00ffff00ffff00ffff00ffff00ff339e7d2da3847de9cb168d6648d4ad89ecd6b9f4f4b8f3f2ba7500eedebfeedebfc08200ba7500ba7500debf85d9b36fbd7c00bd7c00d1a553ead6b1c08000c18500efdfc2eedebfeedebfba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ff279e7b43ba9861c0a32ebe9478e9cbb6f3f29de6dc446d90ba7500eedebfeedebfe9d5b0eddbbaeedebfeedebfeedebfeedebfeedebfead7b2edddbeeedebfeedebfeedebfba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff36a78a47bb9b1b936e62dbbc558a9f4d7ba25189b15190b8ba7500ba7500eedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfeedebfba7500ba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff82c1b115846439768c608bb173a7cd6ca5cb629ec45a97be5191b9ba7500ba7500eedebfeedebfeedebfeedebfeedebfeedebfba7500ba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff7096ba8fbee08bbee080b5da76aed26da7cc639fc55a98bf5392baba7500ba7500ba7500ba7500ba7500ba7500ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff94bddea4d2f099c9e996c7e88cbfe182b8da78b0d46fa9ce64a0c75c9ac05393ba498cb44185af3b6890ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff82a8ccb5ddf3b4def3a9d6f19fcfee9ccced9acaea8ec2e384b9db79b0d470aacf66a1c85c9ac15395bc4d84ab3c5f86ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff93b9dcc8edf6c1e9f5b6e1f3aedbf2a4d3f0a1d2f0a0cfef9bcceb90c3e485badd7ab2d570abcf66a3c86098be44698fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa1c7e8d3f5f8cbeff6c3eaf5bbe5f4b2dff2a9d8f1a7d7f1a4d3f0a3d3f09cceee91c5e687bdde7bb3d771a7cb4b6f97ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa5cbeddcf9f9d6f7f8cff3f7c7eef6bfe8f4b8e4f3b0def2acdbf1a9daf1a8d8f1a7d7f19ecfef92c6e781b1d453789fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff616971b9d0dddffafad8f9f9d2f6f8cbf2f6c3ecf5bce8f4b5e3f3b0e0f2b0def2adddf2abdbf1a8d7f1324758597b9fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5f6163686c6ed4ecf8e1fafad0eef79db5c073848e5f6f785566704b5d685167746380915e7b8c152229000000110d24ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5f60635b5b5b626363838b8f5556564949493d3d3d3232322727271c1c1c0f0f0f0505050000000000000000005f5f5fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6363625b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5858584c4c4c4141413636362b2b2b1f1f1f141414090909000000ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5e5d5d5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5050504646463a3a3a2e2e2e232323171717ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5b5a5b5f5f5f5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5555554a4a4a3f3f3fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6462625b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b616161ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\ContentHandlers\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}.parameters.1 = "e=\"ParusExtAuthNegotiateProvider\" caption=\"Внешний поставщик информационных услуг для Negotiate аутентификации\"/><boolean name=\"AllowRegisterNegotiateLogin\" caption=\"Разрешить регистрацию пользователей домена Windows\" published=\"1\"/><boolean name=\"UseAppServerLicenses\" caption=\"Использовать серверные лицензии "Парус 8"\" published=\"1\"/><boolean name=\"UseDelayLogin\" caption=\"Использовать отложенную авторизацию\"/><integer name=\"ParusSessionTimeOut\" caption=\"Таймаут сессии "Парус 8" (в секундах)\"/><integer name=\"MaxInlineBlobSize\" caption=\"Максимальный размер данных BLOB-а, передаваемых вместе с данными ответа\"/><integer name=\"MaxInMemoryBlobSize\" caption=\"Максимальный размер данных BLOB-а, хранимых в памяти, отложенными до востребования\"/></parameters>\r\n"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF730124-B592-4F35-938B-F470BD6D9C19}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators\{FF730124-B592-4F35-938B-F470BD6D9C19}.parameters = "<parameters><string name=\"Database\" caption=\"База данных\"/><string name=\"UserName\" caption=\"Пользователь\"/><string name=\"Password\" caption=\"Пароль\"/><boolean name=\"NoCheckVersions\" caption=\"Не требовать соответствие версии "Парус 8" при проверке\"/><string name=\"ParusExtAuthNegotiateProvider\" caption=\"Внешний поставщик информационных услуг для Negotiate аутентификации\"/><string name=\"AllowedDomains\" caption=\"Разрешенные домены\"/><boolean name=\"AllowLocalAddress\" caption=\"Всегда разрешать локальные соединения\"/><boolean name=\"AdminOnly\" caption=\"Допускать только администраторов\"/></parameters>\r\n"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PPCAppServerProvider.PPCAuthenticator\Clsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PPCAppServerProvider.PPCContentHandler\Clsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F0768350-1C07-4AB4-AE21-089CD1A928DD}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PPCAppServerProvider.PPCAuthenticator\Clsid\ = "{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F0768350-1C07-4AB4-AE21-089CD1A928DD}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF730124-B592-4F35-938B-F470BD6D9C19}\TypeLib\ = "{F0768350-1C07-4AB4-AE21-089CD1A928DD}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\ContentHandlers\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}.defaults = "<defaults><param name=\"ConnectionTimeout\" value=\"0\"/><param name=\"MaxInlineBlobSize\" value=\"262144\"/><param name=\"MaxInMemoryBlobSize\" value=\"4194304\"/></defaults>\r\n"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF730124-B592-4F35-938B-F470BD6D9C19}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}\Version\ = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PPCAppServerProvider.PPCNegotiateAuthenticator	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PPCAppServerProvider.PPCAuthenticator\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3} = "Аутентификатор \"Парус 8\" PPC для удаленного доступа приложения Win32"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PPCAppServerProvider.PPCContentHandler\Clsid\ = "{73A6B080-08BA-4ED6-9E63-68B77BB60D25}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}\ProgID\ = "PPCAppServerProvider.PPCAuthenticator"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\ContentHandlers\{73A6B080-08BA-4ED6-9E63-68B77BB60D25} = "Обработчик запросов \"Парус 8\" PPC для удаленного доступа приложения Win32"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PPCAppServerProvider.PPCNegotiateAuthenticator\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PPCAppServerProvider.PPCNegotiateAuthenticator\Clsid\ = "{FF730124-B592-4F35-938B-F470BD6D9C19}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D2F467B1-CE4D-49DF-A07F-284FD0CEA1E3}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\ContentHandlers\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}.parameters.0 = "<parameters><string name=\"Database\" caption=\"База данных\"/><string name=\"Description\" caption=\"Наименование\"/><string name=\"FriendlyName\" caption=\"Наименование для пользователя\" published=\"1\"/><string name=\"UserName\" caption=\"Пользователь\" published=\"1\"/><string name=\"Password\" caption=\"Пароль\"/><string name=\"Company\" caption=\"Организация\" published=\"1\"/><string name=\"Application\" caption=\"Приложение\" published=\"1\"/><boolean name=\"NoCheckVersions\" caption=\"Не требовать соответствие версии "Парус 8" при проверке\"/><boolean name=\"NoConnectOnStart\" caption=\"Не устанавливать соединения с Oracle при старте\"/><integer name=\"ConnectionTimeout\" caption=\"Таймаут соединения с Oracle (в секундах)\"/><boolean name=\"InlineConstants\" caption=\"Встраивать значения констант вместо использования функций\"/><boolean name=\"NoAutonomousTransactions\" caption=\"Эмулировать автономные транзакции в основном соединении\"/><boolean name=\"KeepTemporaryObjects\" caption=\"Не удалять временные объекты после использования\"/><string nam"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF730124-B592-4F35-938B-F470BD6D9C19}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\a03744bb8d5b12422499ac86f1e604c019323ffbae7281c638f3c3dcd1b917e6.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PPCAppServerProvider.PPCNegotiateAuthenticator\Clsid	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{73A6B080-08BA-4ED6-9E63-68B77BB60D25}\ProgID\ = "PPCAppServerProvider.PPCContentHandler"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\ContentHandlers	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F0768350-1C07-4AB4-AE21-089CD1A928DD}\1.0\FLAGS\ = "0"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 4256	4620	regsvr32.exe	84
PID 4620 wrote to memory of 4256	4620	regsvr32.exe	84
PID 4620 wrote to memory of 4256	4620	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a03744bb8d5b12422499ac86f1e604c019323ffbae7281c638f3c3dcd1b917e6.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a03744bb8d5b12422499ac86f1e604c019323ffbae7281c638f3c3dcd1b917e6.dll
  2⤵
  - Modifies registry class
  PID:4256

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads