3d0fd116fb9a5b29b0347b7adb9ec23dcbacca516f6664f51b0c0b88b0fff663

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d0fd116fb9a5b29b0347b7adb9ec23dcbacca516f6664f51b0c0b88b0fff663.dll
Size

3.4MB
MD5

d86c931ec371fd985c536b9dd784a090
SHA1

b78de9a7f4d8fe13b95abf2d5fd4804eea015820
SHA256

3d0fd116fb9a5b29b0347b7adb9ec23dcbacca516f6664f51b0c0b88b0fff663
SHA512

1356a6310ddfdfcff72401617602ff6a5b8ee3157259438352c9e9f1488d3434d2e5271acb20e7f3119b1f627e12280fa6d9232faccab08ecd8ae4a2d1d1e3b3
SSDEEP

49152:ZG1+MAeSI8qqFztEjeS8yZguDms4Myo1HHq5hc2MbNtcdY:ZGUMAs8VFzUDRyoswuY

Score

1^/10

Malware Config

Signatures

Modifies registry class 64 IoCs

Processes:

regsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5C69B06-8212-48BA-9086-3952047DE79B}\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5C69B06-8212-48BA-9086-3952047DE79B}\ProgID\ = "ParusRemoteAccessAppProvider.ParusRemoteAccessNegotiateAuthenticator"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5C69B06-8212-48BA-9086-3952047DE79B}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F3597BEC-0FB7-4BDC-9B4E-B66070692EC7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{40AED9AB-36F1-42C4-98EE-57D90CEC2958}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{40AED9AB-36F1-42C4-98EE-57D90CEC2958}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F3597BEC-0FB7-4BDC-9B4E-B66070692EC7}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F3597BEC-0FB7-4BDC-9B4E-B66070692EC7}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\ContentHandlers	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ParusRemoteAccessAppProvider.ParusRemoteAccessAuthenticator\Clsid	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F3597BEC-0FB7-4BDC-9B4E-B66070692EC7}\TypeLib\ = "{40AED9AB-36F1-42C4-98EE-57D90CEC2958}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ParusRemoteAccessAppProvider.ParusRemoteAccessContentHandler\	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ParusRemoteAccessAppProvider.ParusRemoteAccessAuthenticator	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}\TypeLib\ = "{40AED9AB-36F1-42C4-98EE-57D90CEC2958}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\ContentHandlers\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}.parameters.0 = "<parameters><string name=\"Database\" caption=\"База данных\"/><string name=\"Description\" caption=\"Наименование\"/><string name=\"FriendlyName\" caption=\"Наименование для пользователя\" published=\"1\"/><string name=\"SchemaName\" caption=\"Схема базы данных\"/><string name=\"UserName\" caption=\"Пользователь\" published=\"1\"/><string name=\"Password\" caption=\"Пароль\"/><string name=\"Company\" caption=\"Организация\" published=\"1\"/><string name=\"Application\" caption=\"Приложение\" published=\"1\"/><boolean name=\"NoCheckVersions\" caption=\"Не требовать соответствие версии "Парус 8" при проверке\"/><boolean name=\"NoConnectOnStart\" caption=\"Не устанавливать соединения с Oracle при старте\"/><integer name=\"ConnectionTimeout\" caption=\"Таймаут соединения с Oracle (в секундах)\"/><string name=\"ParusExtAuthNegotiateProvider\" caption=\"Внешний поставщик информационных услуг для Negotiate аутентификации\"/><boolean name=\"AllowRegisterNegotiateLogin\" caption=\"Разрешить регистрацию пользователей домена Windows\" published=\"1\"/><boolean name=\"Use"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{40AED9AB-36F1-42C4-98EE-57D90CEC2958}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{40AED9AB-36F1-42C4-98EE-57D90CEC2958}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{40AED9AB-36F1-42C4-98EE-57D90CEC2958}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3d0fd116fb9a5b29b0347b7adb9ec23dcbacca516f6664f51b0c0b88b0fff663.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ParusRemoteAccessAppProvider.ParusRemoteAccessContentHandler\Clsid\ = "{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5C69B06-8212-48BA-9086-3952047DE79B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5C69B06-8212-48BA-9086-3952047DE79B}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ParusRemoteAccessAppProvider.ParusRemoteAccessNegotiateAuthenticator\Clsid	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators\{F5C69B06-8212-48BA-9086-3952047DE79B} = "Аутентификатор Negotiate \"Парус 8\" для удаленного доступа приложения Win32"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F3597BEC-0FB7-4BDC-9B4E-B66070692EC7}\	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{40AED9AB-36F1-42C4-98EE-57D90CEC2958}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ParusRemoteAccessAppProvider.ParusRemoteAccessAuthenticator\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ParusRemoteAccessAppProvider.ParusRemoteAccessAuthenticator\Clsid\ = "{F3597BEC-0FB7-4BDC-9B4E-B66070692EC7}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5C69B06-8212-48BA-9086-3952047DE79B}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators\{F5C69B06-8212-48BA-9086-3952047DE79B}.parameters = "<parameters><string name=\"Database\" caption=\"База данных\"/><string name=\"SchemaName\" caption=\"Схема базы данных\"/><string name=\"UserName\" caption=\"Пользователь\"/><string name=\"Password\" caption=\"Пароль\"/><boolean name=\"NoCheckVersions\" caption=\"Не требовать соответствие версии "Парус 8" при проверке\"/><string name=\"ParusExtAuthNegotiateProvider\" caption=\"Внешний поставщик информационных услуг для Negotiate аутентификации\"/><string name=\"AllowedDomains\" caption=\"Разрешенные домены\"/><boolean name=\"AllowLocalAddress\" caption=\"Всегда разрешать локальные соединения\"/><boolean name=\"AdminOnly\" caption=\"Допускать только администраторов\"/></parameters>\r\n"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators\{F3597BEC-0FB7-4BDC-9B4E-B66070692EC7} = "Аутентификатор \"Парус 8\" для удаленного доступа приложения Win32"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators\{F3597BEC-0FB7-4BDC-9B4E-B66070692EC7}.parameters = "<parameters><string name=\"Database\" caption=\"База данных\"/><string name=\"SchemaName\" caption=\"Схема базы данных\"/><string name=\"UserName\" caption=\"Пользователь\"/><string name=\"Password\" caption=\"Пароль\"/><string name=\"Company\" caption=\"Организация\"/><boolean name=\"NoCheckVersions\" caption=\"Не требовать соответствие версии "Парус 8" при проверке\"/></parameters>\r\n"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ParusRemoteAccessAppProvider.ParusRemoteAccessNegotiateAuthenticator\Clsid\ = "{F5C69B06-8212-48BA-9086-3952047DE79B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F3597BEC-0FB7-4BDC-9B4E-B66070692EC7}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3d0fd116fb9a5b29b0347b7adb9ec23dcbacca516f6664f51b0c0b88b0fff663.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ParusRemoteAccessAppProvider.ParusRemoteAccessContentHandler\Clsid	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{40AED9AB-36F1-42C4-98EE-57D90CEC2958}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5C69B06-8212-48BA-9086-3952047DE79B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3d0fd116fb9a5b29b0347b7adb9ec23dcbacca516f6664f51b0c0b88b0fff663.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5C69B06-8212-48BA-9086-3952047DE79B}\Version	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators\{F5C69B06-8212-48BA-9086-3952047DE79B}.bitmap = 424d360c000000000000360000002800000020000000200000000100180000000000000c000000000000000000000000000000000000ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff9f7c637f4f2e7e4f2d8a5f40a07e66c2ac9dff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff0b3143083236093c22093c22093c22093c22093c22093c220b452a0c4d300d50300c4d300b452a68310a6b340d92694da888729f7c648d6346875c3d9f7c63ccbaadff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff0f3c592555778ab6d20d5135147e5c147d5b147c5b147c5b147b5a1379581377500d5534137750137958662e06926a4ef1ebe8fcfbfaf6f2f0efe9e5e0d5cdc1aa9aa07c649f7c63cbb8abff00ffff00ffff00ffff00ffff00ffff00ff1c4b6c4579a15d94bd93bcd90d523717906a178f6a178f6a24a8831781600f5d3f1377500e5b391377500f5d3f6b340eaa8a74fdfcfbe5dbd59e7a619f7b62bba290d9cbc1ebe4deded2c9b79c8aaf927dff00ffff00ffff00ffff00ff22587641759a659bc36ca1c895bfdc0d55391aa37a1aa27a1aa078199e761689621377501377501063413fbe9a15825c7643209e7b61fbfaf9cbb8aa703c17ab8c77c3ad9db29682aa8b76bea695dfd3cbd4c4b9b59a86ff00ffff00ffff00ff2d63876499c073a7cd7aaed398c1dd0c4e3318976e1aa47c1ba88017906913775012724b3fba9610634113775012724b92694d875b3df3eeebd7c8be805231e5dbd5fffffffcfbfaf1ebe8d8c9bfbca391bba291af917dff00ffff00ffff00ff3873977aaed380b5d887badd8bbad017635012714d1cab8321af8726a27e2798761377501377501063413fbe9a137750279876764320dfd4ccebe4df885c3dd8cac0fffffffffffffffffffffffffcfbfaeae3ddb69c89b79c89ff00ffff00ff4481a688badd89bedc3a8a82116a4b147b59116a45168c65147e5913775213775013775013775010634113775013775012724b7a4927c0a999f8f6f49b765cc0a897fffffeffffffffffffffffffffffffffffffdacdc3bba290ff00ffff00ff28757d35877f11684925947256d1ae50c6a3147d57147f5915815c15845e12724b12724b1377501063413fbe9a12724b12724b9771569b775df9f6f4bda493a38069faf9f8ffffffffffffffffffffffffffffffdccfc6d1c0b4ff00ffff00ff10664821987663dcba63ddbc4acca722a680168962168a64178e6833b490178e68178e6812724b178e68178e6812714d12714d33b490815232e8dfd9e0d5cd92694cede6e2ffffffffffffffffffffffffffffffdccfc6d5c5baff00ffff00ff126e4f168d6922a88133bc9538c09a2baf8a17936e18967033b59061d9b7a9f1e6a9f1e64a9799178e684a979912714d12714d61d9b7875b3bc4ae9ff6f3f19d7960cfbeb2ffffffffffffffffffffffffffffffdbcdc4d6c7bcff00ffff00ff1c725f15855f15855f168d683abd982ab18b199f791aa07a5cd5b377e6c6a9f1e6178e684a97999ccced4a979924a883a9f1e677e6c6b19580977257f7f4f1c4af9fa88872fbf9f8ffffffffffffffffffffffffdacbc2d8cac0ff00ffff00ffff00ff15815f15855f12704c137550199d761aa07a1ba37c49b392429e80a7f1e54a97999ccced9ccced9ccced4a9799a7f1e5429e8049b392875b3dddd1c8ebe4df997358e6ddd7ffffffffffffffffffffffffd8cac0dbcec5ff00ffff00ffff00ff158463168a6515845d15845d28c29737b38f1065411d7b5caef2e97bd7bc8cc2de9ccced9fcfef9ccced8cc2de7bd7bcaef2e91d7b5ca88872ad8f7af9f7f5b69c89bda593fdfdfcfffffffffffffffefed5c6bbded1c9ff00ffff00ffff00ffff00ff1a8d6c259d79147d591eb48a5addb980e2c5b9f4f4b9f4f43e9f87a1d2f0a4d3f0a8d8f1a4d3f0a1d2f03e9f87b9f4f4b9f4f480e2c58f6549e6ddd7e6dcd69f7b62eee8e3fffffffffffffefdfdcfbdb1dfd3cbff00ffff00ffff00ffff00ff339e7d2da3847de9cb168d6648d4ad89ecd6b9f4f4b8f3f253a29f9ccae98ebbda82adcd8ebbda9ccae953a29fb8f3f2b9f4f489ecd6ab8c76b49986faf8f6baa08ec3ac9dfefdfdfffffffcfbfbcab6a9dccfc6ff00ffff00ffff00ffff00ffff00ff279e7b43ba9861c0a32ebe9478e9cbb6f3f29de6dc446d90426c9342759d40769d3f759d3d6f97446d909de6dcb6f3f278e9cb2ebe94956e53e5dcd5ebe4dfa78770ece5e0fffffffbf9f8c8b3a5d9ccc3ff00ffff00ffff00ffff00ffff00ffff00ff36a78a47bb9b1b936e62dbbc558a9f4d7ba25189b15190b8498ab34185ae397fa9337ba62f78a23b789f558a9f62dbbc1b936ebca392b0937ffaf8f6ccbaadbea695fcfbfaf6f2f0cbb7a9d7c8beff00ffff00ffff00ffff00ffff00ffff00ffff00ff82c1b115846439768c608bb173a7cd6ca5cb629ec45a97be5191b9498bb34185af397fa9327ba62f759f39768c15846482c1b1a27f67d9cbc2f7f4f2b99f8dded1c8eae3ddd1c0b4cebcafff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff7096ba8fbee08bbee080b5da76aed26da7cc639fc55a98bf5392ba498cb44286af3980a935769f375d82ff00ffff00ffa88972f3eeebeee7e3bea595bfa898e4dad3c9b6a8ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff94bddea4d2f099c9e996c7e88cbfe182b8da78b0d46fa9ce64a0c75c9ac05393ba498cb44185af3b6890ff00ffff00ffc1ab9bc2ac9dfcfbfaf5f2efede6e2efe9e6cbb9abff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff82a8ccb5ddf3b4def3a9d6f19fcfee9ccced9acaea8ec2e384b9db79b0d470aacf66a1c85c9ac15395bc4d84ab3c5f86ff00ffff00ffb69c89ddd0c8fefefeffffffe2d8d1daccc2ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff93b9dcc8edf6c1e9f5b6e1f3aedbf2a4d3f0a1d2f0a0cfef9bcceb90c3e485badd7ab2d570abcf66a3c86098be44698fff00ffff00ffff00ffbaa18fe7ded8faf9f8cfbdb1ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa1c7e8d3f5f8cbeff6c3eaf5bbe5f4b2dff2a9d8f1a7d7f1a4d3f0a3d3f09cceee91c5e687bdde7bb3d771a7cb4b6f97ff00ffff00ffff00ffff00ffc3ae9fc8b4a6d4c5baff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa5cbeddcf9f9d6f7f8cff3f7c7eef6bfe8f4b8e4f3b0def2acdbf1a9daf1a8d8f1a7d7f19ecfef92c6e781b1d453789fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff616971b9d0dddffafad8f9f9d2f6f8cbf2f6c3ecf5bce8f4b5e3f3b0e0f2b0def2adddf2abdbf1a8d7f1324758597b9fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5f6163686c6ed4ecf8e1fafad0eef79db5c073848e5f6f785566704b5d685167746380915e7b8c152229000000110d24ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5f60635b5b5b626363838b8f5556564949493d3d3d3232322727271c1c1c0f0f0f0505050000000000000000005f5f5fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6363625b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5858584c4c4c4141413636362b2b2b1f1f1f141414090909000000ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5e5d5d5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5050504646463a3a3a2e2e2e232323171717ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5b5a5b5f5f5f5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5555554a4a4a3f3f3fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6462625b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b616161ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F3597BEC-0FB7-4BDC-9B4E-B66070692EC7}\Version	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\ContentHandlers\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}.bitmap = 424d360c000000000000360000002800000020000000200000000100180000000000000c000000000000000000000000000000000000ff00ffff00ffff00ffff00ffff00ffff00ffff00ff9e755c7a4422743a187f4526926145af8c77ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff9a6d536927006927006927006927006927006927006927006f2f0a976a4fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff7839196927006927009e735ae0d3cbeae1dce2d5cdc8b0a2a37a627d4422692700763a1ab59582ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff7b401e6927007e4523fdfcfbffffffffffffffffffffffffffffffffffffe7ddd7b59582834d2d763a1ab18e7aff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff8d5c3e692700926246fffffffffffff1ece8aa846ea17860b49380d7c5bbfbfaf9ffffffffffffdbcbc29b6f55834b2cff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffac88726927008c5a3cffffffffffffbda08f692700692700804827814a29824b2b9c7056ceb8abfcfbfaffffffe0d3cb834d2dff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff692700783d1af8f5f3ffffffbfa392692700af8c77fffffffcfbfae7dcd6c1a595996c518e5c3fb18e7aece3def2ece996674cff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff783919692700dfd1c9ffffffdacac0692700c4a99affffffffffffffffffffffffffffffefe7e3c1a5959a6d53b18f7b9e735aff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa1775f692700bd9f8efffffff4efec6c2b05ab8771ffffffffffffffffffffffffffffffffffffffffffffffffd7c5bb95674ba47c64ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff69270096684dffffffffffff8854358b5739ffffffffffffffffffffffffffffffffffffffffffffffffffffffd6c4b99e735ac5ab9cff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff763a1a71320df4efecffffffb797846d2d07f4f0edffffffffffffffffffffffffffffffffffffffffffffffffd1bcb0d5c3b8bea192ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffae8a75692700d1bdb1ffffffe2d5ce692700d7c5bbffffffffffffffffffffffffffffffffffffffffffffffffd2bfb3d5c2b7d3c0b4ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff692700a37a62fffffffdfcfb7c4220ab8771ffffffffffffffffffffffffffffffffffffffffffffffffd2beb2d4c1b6dbcbc2ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff8a5638703411f7f3f1ffffffaf8c777c4321fdfcfcffffffffffffffffffffffffffffffffffffffffffcfbaaed6c5baddcec5ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffc9b1a3692700d0bbafffffffe6dbd4692700e0d2caffffffffffffffffffffffffffffffffffffffffffccb6a9d9c9bfdccdc4ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff763a16926246ffffffffffff895536a67f68ffffffffffffffffffffffffffffffffffffffffffc8b0a2ddcec5d9c8bfff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffb3927e692700ece3deffffffc8b0a2723510f8f5f3ffffffffffffffffffffffffffffffffffffc3a999e2d5cdd4c1b6ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6d2c06ae8a75fffffffaf8f7783c19c4aa9bffffffffffffffffffffffffffffffffffffbd9f8ee8ded8ccb5a8ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa8826b71320df7f3f1ffffffb89987814a29fefefeffffffffffffffffffffffffffffffb79784f0eae6c3a998ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6b2a03bd9f8efffffff7f4f2763a16d1bcb0ffffffffffffffffffffffffffffffb3927ef5f1eec0a493ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffad8873753814f9f7f5ffffffbd9f8e855030fefefefffffffffffffffffffefefeb18e7af9f7f5bca18fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6f300bbea190fffffffbf9f8804827ccb6a9fffffffffffffffffff7f4f2b4937ffaf8f7bc9f8dff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffbea291723510f7f3f1ffffffd1bdb1844e2efbfaf9ffffffffffffeee6e2bda08ff4efecbd9f8eff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff824b2aae8a75ffffffffffff9a6e54ba9b89ffffffffffffe3d6cfcbb4a6e8ded8c3a89aff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6e2e08e9dfd9fffffff0eae6865132eae1dbffffffd3bfb4dbcbc2d7c6bbff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffaa846e8f5e41ffffffffffffd5c2b796684de9e0dab3917df4f0edc5ae9fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff824b2bc5ab9cffffffffffffd7c5bba27961ccb6a9ffffffb89786ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff7d4422ede5e0fffffffffffffffffffffffff7f3f1b3927dff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffc4a99a96674cfefefeffffffffffffffffffe0d3cbc4a99aff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffab8670b49380ffffffffffffffffffc0a494ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa78069c0a495ffffffefe8e4b3917dff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffbb9e8cb08d78ad8974ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\ContentHandlers\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}.defaults = "<defaults><param name=\"ConnectionTimeout\" value=\"0\"/><param name=\"MaxInlineBlobSize\" value=\"262144\"/><param name=\"MaxInMemoryBlobSize\" value=\"4194304\"/></defaults>\r\n"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{40AED9AB-36F1-42C4-98EE-57D90CEC2958}\1.0\ = "ParusRemoteAccessAppProvider Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5C69B06-8212-48BA-9086-3952047DE79B}\TypeLib\ = "{40AED9AB-36F1-42C4-98EE-57D90CEC2958}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\Authenticators\{F3597BEC-0FB7-4BDC-9B4E-B66070692EC7}.bitmap = 424d360c000000000000360000002800000020000000200000000100180000000000000c000000000000000000000000000000000000ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff9f7c637f4f2e7e4f2d8a5f40a07e66c2ac9dff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff0b3143083236093c22093c22093c22093c22093c22093c220b452a0c4d300d50300c4d300b452a68310a6b340d92694da888729f7c648d6346875c3d9f7c63ccbaadff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff0f3c592555778ab6d20d5135147e5c147d5b147c5b147c5b147b5a1379581377500d5534137750137958662e06926a4ef1ebe8fcfbfaf6f2f0efe9e5e0d5cdc1aa9aa07c649f7c63cbb8abff00ffff00ffff00ffff00ffff00ffff00ff1c4b6c4579a15d94bd93bcd90d523717906a178f6a178f6a24a8831781600f5d3f1377500e5b391377500f5d3f6b340eaa8a74fdfcfbe5dbd59e7a619f7b62bba290d9cbc1ebe4deded2c9b79c8aaf927dff00ffff00ffff00ffff00ff22587641759a659bc36ca1c895bfdc0d55391aa37a1aa27a1aa078199e761689621377501377501063413fbe9a15825c7643209e7b61fbfaf9cbb8aa703c17ab8c77c3ad9db29682aa8b76bea695dfd3cbd4c4b9b59a86ff00ffff00ffff00ff2d63876499c073a7cd7aaed398c1dd0c4e3318976e1aa47c1ba88017906913775012724b3fba9610634113775012724b92694d875b3df3eeebd7c8be805231e5dbd5fffffffcfbfaf1ebe8d8c9bfbca391bba291af917dff00ffff00ffff00ff3873977aaed380b5d887badd8bbad017635012714d1cab8321af8726a27e2798761377501377501063413fbe9a137750279876764320dfd4ccebe4df885c3dd8cac0fffffffffffffffffffffffffcfbfaeae3ddb69c89b79c89ff00ffff00ff4481a688badd89bedc3a8a82116a4b147b59116a45168c65147e5913775213775013775013775010634113775013775012724b7a4927c0a999f8f6f49b765cc0a897fffffeffffffffffffffffffffffffffffffdacdc3bba290ff00ffff00ff28757d35877f11684925947256d1ae50c6a3147d57147f5915815c15845e12724b12724b1377501063413fbe9a12724b12724b9771569b775df9f6f4bda493a38069faf9f8ffffffffffffffffffffffffffffffdccfc6d1c0b4ff00ffff00ff10664821987663dcba63ddbc4acca722a680168962168a64178e6833b490178e68178e6812724b178e68178e6812714d12714d33b490815232e8dfd9e0d5cd92694cede6e2ffffffffffffffffffffffffffffffdccfc6d5c5baff00ffff00ff126e4f168d6922a88133bc9538c09a2baf8a17936e18967033b59061d9b7a9f1e6a9f1e64a9799178e684a979912714d12714d61d9b7875b3bc4ae9ff6f3f19d7960cfbeb2ffffffffffffffffffffffffffffffdbcdc4d6c7bcff00ffff00ff1c725f15855f15855f168d683abd982ab18b199f791aa07a5cd5b377e6c6a9f1e6178e684a97999ccced4a979924a883a9f1e677e6c6b19580977257f7f4f1c4af9fa88872fbf9f8ffffffffffffffffffffffffdacbc2d8cac0ff00ffff00ffff00ff15815f15855f12704c137550199d761aa07a1ba37c49b392429e80a7f1e54a97999ccced9ccced9ccced4a9799a7f1e5429e8049b392875b3dddd1c8ebe4df997358e6ddd7ffffffffffffffffffffffffd8cac0dbcec5ff00ffff00ffff00ff158463168a6515845d15845d28c29737b38f1065411d7b5caef2e97bd7bc8cc2de9ccced9fcfef9ccced8cc2de7bd7bcaef2e91d7b5ca88872ad8f7af9f7f5b69c89bda593fdfdfcfffffffffffffffefed5c6bbded1c9ff00ffff00ffff00ffff00ff1a8d6c259d79147d591eb48a5addb980e2c5b9f4f4b9f4f43e9f87a1d2f0a4d3f0a8d8f1a4d3f0a1d2f03e9f87b9f4f4b9f4f480e2c58f6549e6ddd7e6dcd69f7b62eee8e3fffffffffffffefdfdcfbdb1dfd3cbff00ffff00ffff00ffff00ff339e7d2da3847de9cb168d6648d4ad89ecd6b9f4f4b8f3f253a29f9ccae98ebbda82adcd8ebbda9ccae953a29fb8f3f2b9f4f489ecd6ab8c76b49986faf8f6baa08ec3ac9dfefdfdfffffffcfbfbcab6a9dccfc6ff00ffff00ffff00ffff00ffff00ff279e7b43ba9861c0a32ebe9478e9cbb6f3f29de6dc446d90426c9342759d40769d3f759d3d6f97446d909de6dcb6f3f278e9cb2ebe94956e53e5dcd5ebe4dfa78770ece5e0fffffffbf9f8c8b3a5d9ccc3ff00ffff00ffff00ffff00ffff00ffff00ff36a78a47bb9b1b936e62dbbc558a9f4d7ba25189b15190b8498ab34185ae397fa9337ba62f78a23b789f558a9f62dbbc1b936ebca392b0937ffaf8f6ccbaadbea695fcfbfaf6f2f0cbb7a9d7c8beff00ffff00ffff00ffff00ffff00ffff00ffff00ff82c1b115846439768c608bb173a7cd6ca5cb629ec45a97be5191b9498bb34185af397fa9327ba62f759f39768c15846482c1b1a27f67d9cbc2f7f4f2b99f8dded1c8eae3ddd1c0b4cebcafff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff7096ba8fbee08bbee080b5da76aed26da7cc639fc55a98bf5392ba498cb44286af3980a935769f375d82ff00ffff00ffa88972f3eeebeee7e3bea595bfa898e4dad3c9b6a8ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff94bddea4d2f099c9e996c7e88cbfe182b8da78b0d46fa9ce64a0c75c9ac05393ba498cb44185af3b6890ff00ffff00ffc1ab9bc2ac9dfcfbfaf5f2efede6e2efe9e6cbb9abff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff82a8ccb5ddf3b4def3a9d6f19fcfee9ccced9acaea8ec2e384b9db79b0d470aacf66a1c85c9ac15395bc4d84ab3c5f86ff00ffff00ffb69c89ddd0c8fefefeffffffe2d8d1daccc2ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff93b9dcc8edf6c1e9f5b6e1f3aedbf2a4d3f0a1d2f0a0cfef9bcceb90c3e485badd7ab2d570abcf66a3c86098be44698fff00ffff00ffff00ffbaa18fe7ded8faf9f8cfbdb1ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa1c7e8d3f5f8cbeff6c3eaf5bbe5f4b2dff2a9d8f1a7d7f1a4d3f0a3d3f09cceee91c5e687bdde7bb3d771a7cb4b6f97ff00ffff00ffff00ffff00ffc3ae9fc8b4a6d4c5baff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffa5cbeddcf9f9d6f7f8cff3f7c7eef6bfe8f4b8e4f3b0def2acdbf1a9daf1a8d8f1a7d7f19ecfef92c6e781b1d453789fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff616971b9d0dddffafad8f9f9d2f6f8cbf2f6c3ecf5bce8f4b5e3f3b0e0f2b0def2adddf2abdbf1a8d7f1324758597b9fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5f6163686c6ed4ecf8e1fafad0eef79db5c073848e5f6f785566704b5d685167746380915e7b8c152229000000110d24ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5f60635b5b5b626363838b8f5556564949493d3d3d3232322727271c1c1c0f0f0f0505050000000000000000005f5f5fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6363625b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5858584c4c4c4141413636362b2b2b1f1f1f141414090909000000ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5e5d5d5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5050504646463a3a3a2e2e2e232323171717ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff5b5a5b5f5f5f5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5555554a4a4a3f3f3fff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff6462625b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b5b616161ff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ffff00ff	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}\ProgID\ = "ParusRemoteAccessAppProvider.ParusRemoteAccessContentHandler"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20C38DA8-0249-444C-868C-8CFBF2128B64}\ContentHandlers\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B} = "Обработчик запросов \"Парус 8\" для удаленного доступа приложения Win32"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{40AED9AB-36F1-42C4-98EE-57D90CEC2958}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F5C69B06-8212-48BA-9086-3952047DE79B}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F3597BEC-0FB7-4BDC-9B4E-B66070692EC7}\ProgID\ = "ParusRemoteAccessAppProvider.ParusRemoteAccessAuthenticator"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ParusRemoteAccessAppProvider.ParusRemoteAccessNegotiateAuthenticator\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E9ACB1C3-3F97-4045-BDB3-B6944CA9D21B}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ParusRemoteAccessAppProvider.ParusRemoteAccessContentHandler	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{40AED9AB-36F1-42C4-98EE-57D90CEC2958}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ParusRemoteAccessAppProvider.ParusRemoteAccessNegotiateAuthenticator	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2096 wrote to memory of 1980	2096	regsvr32.exe	regsvr32.exe
PID 2096 wrote to memory of 1980	2096	regsvr32.exe	regsvr32.exe
PID 2096 wrote to memory of 1980	2096	regsvr32.exe	regsvr32.exe
PID 2096 wrote to memory of 1980	2096	regsvr32.exe	regsvr32.exe
PID 2096 wrote to memory of 1980	2096	regsvr32.exe	regsvr32.exe
PID 2096 wrote to memory of 1980	2096	regsvr32.exe	regsvr32.exe
PID 2096 wrote to memory of 1980	2096	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3d0fd116fb9a5b29b0347b7adb9ec23dcbacca516f6664f51b0c0b88b0fff663.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3d0fd116fb9a5b29b0347b7adb9ec23dcbacca516f6664f51b0c0b88b0fff663.dll
  2⤵
  - Modifies registry class
  PID:1980

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads