Source: global traffic |
TCP traffic: 192.168.2.6:49766 -> 163.123.142.171:8383 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"44k2hl2woi2893k79nhdxhsdml8vlcccdx5hdn2f3d7fgrukkccqutfnxm5ftkq8skuejncioyxvgnqsrmhuc9qx268crgw.rig_cpu","pass":"x","agent":"xmrig/6.20.0 (windows nt 10.0; win64; x64) libuv/1.44.2 msvc/2019","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","ghostrider"]}}. |
Source: global traffic |
TCP traffic: 192.168.2.6:49769 -> 163.123.142.171:8383 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"44k2hl2woi2893k79nhdxhsdml8vlcccdx5hdn2f3d7fgrukkccqutfnxm5ftkq8skuejncioyxvgnqsrmhuc9qx268crgw.rig_cpu","pass":"x","agent":"xmrig/6.20.0 (windows nt 10.0; win64; x64) libuv/1.44.2 msvc/2019","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","ghostrider"]}}. |
Source: global traffic |
TCP traffic: 192.168.2.6:49772 -> 163.123.142.171:8383 payload: {"id":1,"jsonrpc":"2.0","method":"login","params":{"login":"44k2hl2woi2893k79nhdxhsdml8vlcccdx5hdn2f3d7fgrukkccqutfnxm5ftkq8skuejncioyxvgnqsrmhuc9qx268crgw.rig_cpu","pass":"x","agent":"xmrig/6.20.0 (windows nt 10.0; win64; x64) libuv/1.44.2 msvc/2019","algo":["rx/0","cn/2","cn/r","cn/fast","cn/half","cn/xao","cn/rto","cn/rwz","cn/zls","cn/double","cn/ccx","cn-lite/1","cn-heavy/0","cn-heavy/tube","cn-heavy/xhv","cn-pico","cn-pico/tlo","cn/upx2","cn/1","rx/wow","rx/arq","rx/graft","rx/sfx","rx/keva","argon2/chukwa","argon2/chukwav2","argon2/ninja","ghostrider"]}}. |
Source: |
Binary string: Vchwz.pdb source: e2kLb2J2Y7.exe, 00000000.00000002.2115249580.0000000013EB9000.00000004.00000800.00020000.00000000.sdmp, e2kLb2J2Y7.exe, 00000000.00000002.2112901867.00000000034C0000.00000004.08000000.00040000.00000000.sdmp, e2kLb2J2Y7.exe, 00000000.00000002.2115249580.0000000013D32000.00000004.00000800.00020000.00000000.sdmp, Key.exe, 00000004.00000002.2165294330.0000000014288000.00000004.00000800.00020000.00000000.sdmp, zhtyxulkfny.exe, 00000011.00000002.3066172573.0000000013A98000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: Ndubaw.pdb source: xddtyli.exe, 00000009.00000002.2371258222.000001EEB7365000.00000004.00000800.00020000.00000000.sdmp, xddtyli.exe, 00000009.00000002.2709105744.000001EEBF780000.00000004.08000000.00040000.00000000.sdmp, xddtyli.exe, 00000009.00000002.2371258222.000001EEB753D000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: 2.TaskScheduler.pdb source: xddtyli.exe, 00000009.00000002.2371258222.000001EEB7975000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: e2kLb2J2Y7.exe, 00000000.00000002.2115249580.0000000014061000.00000004.00000800.00020000.00000000.sdmp, e2kLb2J2Y7.exe, 00000000.00000002.2115249580.000000001411F000.00000004.00000800.00020000.00000000.sdmp, e2kLb2J2Y7.exe, 00000000.00000002.2119559913.000000001D5D0000.00000004.08000000.00040000.00000000.sdmp, Key.exe, 00000004.00000002.2152846444.00000000042BC000.00000004.00000800.00020000.00000000.sdmp, Values.exe, 0000000C.00000002.2630079192.0000023277D83000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: 2.TaskScheduler.pdbSHA256e source: xddtyli.exe, 00000009.00000002.2371258222.000001EEB7975000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: e2kLb2J2Y7.exe, 00000000.00000002.2115249580.0000000014061000.00000004.00000800.00020000.00000000.sdmp, e2kLb2J2Y7.exe, 00000000.00000002.2115249580.000000001411F000.00000004.00000800.00020000.00000000.sdmp, e2kLb2J2Y7.exe, 00000000.00000002.2119559913.000000001D5D0000.00000004.08000000.00040000.00000000.sdmp, Key.exe, 00000004.00000002.2152846444.00000000042BC000.00000004.00000800.00020000.00000000.sdmp, Values.exe, 0000000C.00000002.2630079192.0000023277D83000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdbSHA256}Lq source: e2kLb2J2Y7.exe, 00000000.00000002.2118028441.000000001C660000.00000004.08000000.00040000.00000000.sdmp, e2kLb2J2Y7.exe, 00000000.00000002.2115249580.0000000014061000.00000004.00000800.00020000.00000000.sdmp, e2kLb2J2Y7.exe, 00000000.00000002.2115249580.0000000013EB9000.00000004.00000800.00020000.00000000.sdmp, xddtyli.exe, 00000009.00000002.2371258222.000001EEB7893000.00000004.00000800.00020000.00000000.sdmp, xddtyli.exe, 00000009.00000002.2371258222.000001EEB7845000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: protobuf-net.pdb source: e2kLb2J2Y7.exe, 00000000.00000002.2118028441.000000001C660000.00000004.08000000.00040000.00000000.sdmp, e2kLb2J2Y7.exe, 00000000.00000002.2115249580.0000000014061000.00000004.00000800.00020000.00000000.sdmp, e2kLb2J2Y7.exe, 00000000.00000002.2115249580.0000000013EB9000.00000004.00000800.00020000.00000000.sdmp, xddtyli.exe, 00000009.00000002.2371258222.000001EEB7893000.00000004.00000800.00020000.00000000.sdmp, xddtyli.exe, 00000009.00000002.2371258222.000001EEB7845000.00000004.00000800.00020000.00000000.sdmp |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\Desktop\e2kLb2J2Y7.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\IsInvalid\koeogrk\Key.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\xddtyli.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32 |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Users\user\AppData\Roaming\RevisionNumber\Values.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|