agenttesla | 322246ebcd55123f8d11816a45dde9ef1b0b041ab306fce78af896a04052e6c8

Analysis

max time kernel
152s
max time network
14s
platform
windows7_x64
resource
win7
submitted
31-07-2020 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5660db4d39e1c2a7887c2b26c2f70f9b.exe
Size

349KB
MD5

5660db4d39e1c2a7887c2b26c2f70f9b
SHA1

656e494c33580a04d6ad08749a3f90fb7d4bb131
SHA256

322246ebcd55123f8d11816a45dde9ef1b0b041ab306fce78af896a04052e6c8
SHA512

66b4d49a740ea69f7a19cebcbad81d9851e0750aff4b18da23726555bcf605082ae25edbee251ca4401049e9759ffe5997b86ad290cba1ba7a9ec2b04dd93d3a

Score

10^/10

agenttesla keylogger persistence spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
safaa.bishara@santemoraegypt.com
Password:
chimaroke2020

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla Payload 64 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1112-0-0x0000000000400000-0x000000000044A000-memory.dmp	family_agenttesla
behavioral1/memory/1112-1-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1112-2-0x0000000000400000-0x000000000044A000-memory.dmp	family_agenttesla
behavioral1/memory/1112-3-0x0000000000400000-0x000000000044A000-memory.dmp	family_agenttesla
behavioral1/memory/304-6-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1520-12-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1240-17-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1628-22-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1900-27-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/2004-32-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1488-37-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/332-42-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1816-47-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1052-52-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1868-57-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1084-62-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1948-67-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/800-72-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/684-77-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1796-82-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/2020-87-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1772-92-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1968-97-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1568-102-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1984-107-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1932-112-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1572-117-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1144-122-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/540-127-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1996-132-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1872-137-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1452-142-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1788-147-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1512-152-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1084-157-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1640-162-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1892-167-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/936-172-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1828-177-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1820-182-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1380-187-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1468-192-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/864-197-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1852-202-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1092-207-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1044-212-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1508-217-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1884-222-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1972-227-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1668-232-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1832-237-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/684-242-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/976-247-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/1636-252-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/2120-257-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/2204-262-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/2296-267-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/2380-272-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/2464-277-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/2580-282-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/2660-287-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/2752-292-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/2840-297-0x0000000000445C1E-mapping.dmp	family_agenttesla
behavioral1/memory/2924-302-0x0000000000445C1E-mapping.dmp	family_agenttesla

Drops startup file 2 IoCs

Processes:

5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HJdyTuap.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HJdyTuap.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe

Adds Run key to start application 2 TTPs 11 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

RegAsm.exeRegAsm.exeRegAsm.exeRegAsm.exeRegAsm.exeRegAsm.exeRegAsm.exeRegAsm.exeRegAsm.exeRegAsm.exeRegAsm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\HBWELB = "C:\\Users\\Admin\\AppData\\Roaming\\HBWELB\\HBWELB.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\HBWELB = "C:\\Users\\Admin\\AppData\\Roaming\\HBWELB\\HBWELB.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\HBWELB = "C:\\Users\\Admin\\AppData\\Roaming\\HBWELB\\HBWELB.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\HBWELB = "C:\\Users\\Admin\\AppData\\Roaming\\HBWELB\\HBWELB.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\HBWELB = "C:\\Users\\Admin\\AppData\\Roaming\\HBWELB\\HBWELB.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\HBWELB = "C:\\Users\\Admin\\AppData\\Roaming\\HBWELB\\HBWELB.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\HBWELB = "C:\\Users\\Admin\\AppData\\Roaming\\HBWELB\\HBWELB.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\HBWELB = "C:\\Users\\Admin\\AppData\\Roaming\\HBWELB\\HBWELB.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\HBWELB = "C:\\Users\\Admin\\AppData\\Roaming\\HBWELB\\HBWELB.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\HBWELB = "C:\\Users\\Admin\\AppData\\Roaming\\HBWELB\\HBWELB.exe"	RegAsm.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Windows\CurrentVersion\Run\HBWELB = "C:\\Users\\Admin\\AppData\\Roaming\\HBWELB\\HBWELB.exe"	RegAsm.exe

Suspicious use of SetThreadContext 64 IoCs

Processes:

5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe

description	pid	process	target process
PID 1196 set thread context of 1112	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1552 set thread context of 304	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1048 set thread context of 1520	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1356 set thread context of 1240	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1772 set thread context of 1628	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1888 set thread context of 1900	1888	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1972 set thread context of 2004	1972	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2032 set thread context of 1488	2032	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 812 set thread context of 332	812	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1500 set thread context of 1816	1500	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1808 set thread context of 1052	1808	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1224 set thread context of 1868	1224	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1604 set thread context of 1084	1604	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1968 set thread context of 1948	1968	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1196 set thread context of 800	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1144 set thread context of 684	1144	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1724 set thread context of 1796	1724	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1220 set thread context of 2020	1220	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1996 set thread context of 1772	1996	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1888 set thread context of 1968	1888	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1468 set thread context of 1568	1468	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1844 set thread context of 1984	1844	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 936 set thread context of 1932	936	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1800 set thread context of 1572	1800	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1716 set thread context of 1144	1716	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2028 set thread context of 540	2028	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 936 set thread context of 1996	936	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1660 set thread context of 1872	1660	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1576 set thread context of 1452	1576	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1632 set thread context of 1788	1632	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1380 set thread context of 1512	1380	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1884 set thread context of 1084	1884	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1636 set thread context of 1640	1636	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1060 set thread context of 1892	1060	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1508 set thread context of 936	1508	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 388 set thread context of 1828	388	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 316 set thread context of 1820	316	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 704 set thread context of 1380	704	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1796 set thread context of 1468	1796	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1924 set thread context of 864	1924	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1548 set thread context of 1852	1548	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2016 set thread context of 1092	2016	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1668 set thread context of 1044	1668	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1564 set thread context of 1508	1564	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1144 set thread context of 1884	1144	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1476 set thread context of 1972	1476	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1560 set thread context of 1668	1560	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1636 set thread context of 1832	1636	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1632 set thread context of 684	1632	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2032 set thread context of 976	2032	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1552 set thread context of 1636	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2092 set thread context of 2120	2092	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2176 set thread context of 2204	2176	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2256 set thread context of 2296	2256	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2352 set thread context of 2380	2352	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2436 set thread context of 2464	2436	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2516 set thread context of 2580	2516	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2632 set thread context of 2660	2632	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2708 set thread context of 2752	2708	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2804 set thread context of 2840	2804	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2896 set thread context of 2924	2896	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2976 set thread context of 3004	2976	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 3052 set thread context of 1812	3052	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 2132 set thread context of 1724	2132	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

5660db4d39e1c2a7887c2b26c2f70f9b.exe

pid	process
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe

Suspicious behavior: MapViewOfSection 64 IoCs

Processes:

pid	process
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1888	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1972	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2032	5660db4d39e1c2a7887c2b26c2f70f9b.exe
812	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1500	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1808	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1224	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1604	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1968	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1144	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1724	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1220	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1996	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1888	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1468	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1844	5660db4d39e1c2a7887c2b26c2f70f9b.exe
936	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1800	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1716	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1716	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2028	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2028	5660db4d39e1c2a7887c2b26c2f70f9b.exe
936	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1660	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1576	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1632	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1380	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1884	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1636	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1060	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1508	5660db4d39e1c2a7887c2b26c2f70f9b.exe
388	5660db4d39e1c2a7887c2b26c2f70f9b.exe
388	5660db4d39e1c2a7887c2b26c2f70f9b.exe
316	5660db4d39e1c2a7887c2b26c2f70f9b.exe
704	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1796	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1924	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1548	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2016	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1668	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1668	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1564	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1144	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1476	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1560	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1636	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1632	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2032	5660db4d39e1c2a7887c2b26c2f70f9b.exe
1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2092	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2176	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2256	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2256	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2352	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2436	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2516	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2632	5660db4d39e1c2a7887c2b26c2f70f9b.exe
2708	5660db4d39e1c2a7887c2b26c2f70f9b.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exeRegAsm.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exeRegAsm.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe5660db4d39e1c2a7887c2b26c2f70f9b.exe

description	pid	process
Token: SeDebugPrivilege	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1888	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1972	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2032	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	812	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1500	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1808	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1224	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1604	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1968	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1144	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1724	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1220	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1996	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1888	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1468	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1844	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	936	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1800	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1716	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2028	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1112	RegAsm.exe
Token: SeDebugPrivilege	936	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1660	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1576	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1632	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1380	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1884	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1636	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1060	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1508	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	388	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	316	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	704	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1796	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1924	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1548	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2016	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1668	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1564	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1144	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1476	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1560	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1636	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1632	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2032	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2092	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2176	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2256	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2352	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2436	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	1996	RegAsm.exe
Token: SeDebugPrivilege	2516	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2632	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2708	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2804	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2896	5660db4d39e1c2a7887c2b26c2f70f9b.exe
Token: SeDebugPrivilege	2976	5660db4d39e1c2a7887c2b26c2f70f9b.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 1196 wrote to memory of 1112	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1196 wrote to memory of 1112	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1196 wrote to memory of 1112	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1196 wrote to memory of 1112	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1196 wrote to memory of 1112	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1196 wrote to memory of 1112	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1196 wrote to memory of 1112	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1196 wrote to memory of 1112	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1196 wrote to memory of 1552	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1196 wrote to memory of 1552	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1196 wrote to memory of 1552	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1196 wrote to memory of 1552	1196	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1552 wrote to memory of 304	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1552 wrote to memory of 304	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1552 wrote to memory of 304	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1552 wrote to memory of 304	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1552 wrote to memory of 304	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1552 wrote to memory of 304	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1552 wrote to memory of 304	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1552 wrote to memory of 304	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1552 wrote to memory of 1048	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1552 wrote to memory of 1048	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1552 wrote to memory of 1048	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1552 wrote to memory of 1048	1552	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1048 wrote to memory of 1520	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1048 wrote to memory of 1520	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1048 wrote to memory of 1520	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1048 wrote to memory of 1520	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1048 wrote to memory of 1520	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1048 wrote to memory of 1520	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1048 wrote to memory of 1520	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1048 wrote to memory of 1520	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1048 wrote to memory of 1356	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1048 wrote to memory of 1356	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1048 wrote to memory of 1356	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1048 wrote to memory of 1356	1048	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1356 wrote to memory of 1240	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1356 wrote to memory of 1240	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1356 wrote to memory of 1240	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1356 wrote to memory of 1240	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1356 wrote to memory of 1240	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1356 wrote to memory of 1240	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1356 wrote to memory of 1240	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1356 wrote to memory of 1240	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1356 wrote to memory of 1772	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1356 wrote to memory of 1772	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1356 wrote to memory of 1772	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1356 wrote to memory of 1772	1356	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1772 wrote to memory of 1628	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1772 wrote to memory of 1628	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1772 wrote to memory of 1628	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1772 wrote to memory of 1628	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1772 wrote to memory of 1628	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1772 wrote to memory of 1628	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1772 wrote to memory of 1628	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1772 wrote to memory of 1628	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1772 wrote to memory of 1888	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1772 wrote to memory of 1888	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1772 wrote to memory of 1888	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1772 wrote to memory of 1888	1772	5660db4d39e1c2a7887c2b26c2f70f9b.exe	5660db4d39e1c2a7887c2b26c2f70f9b.exe
PID 1888 wrote to memory of 1900	1888	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1888 wrote to memory of 1900	1888	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1888 wrote to memory of 1900	1888	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe
PID 1888 wrote to memory of 1900	1888	5660db4d39e1c2a7887c2b26c2f70f9b.exe	RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1196

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:1112

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
2⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
3⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
3⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1048

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
4⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
4⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1356

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
5⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
5⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
6⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
6⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1888

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
7⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
7⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1972

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
8⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
8⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
9⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
9⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:812

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
10⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
10⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1500

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
11⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
11⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1808

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
12⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
12⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1224

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
13⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
13⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
14⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
14⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1968

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
15⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
15⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1196

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
16⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
16⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1144

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
17⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
17⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1724

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
18⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
18⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1220

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
19⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
19⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1996

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
20⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
20⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1888

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
21⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
21⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
22⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
22⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
23⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
23⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:936

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
24⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
24⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
25⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
25⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1716

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
26⤵
PID:1876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
26⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
26⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
27⤵
PID:1844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
27⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
27⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:936

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
28⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:1996

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
28⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1660

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
29⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
29⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1576

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
30⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
30⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
31⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
31⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1380

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
32⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
32⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1884

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
33⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
33⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
34⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
34⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
35⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
35⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1508

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
36⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
36⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
37⤵
PID:1552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
37⤵
PID:1828

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
37⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
38⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
38⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:704

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
39⤵
PID:1380

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
39⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1796

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
40⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
40⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
41⤵
PID:864

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
41⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1548

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
42⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
42⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
43⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
43⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
44⤵
PID:1360

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
44⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
44⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
45⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
45⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1144

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
46⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
46⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1476

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
47⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
47⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1560

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
48⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
48⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
49⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
49⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
50⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
50⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
51⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
51⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:1552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
52⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
52⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2092

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
53⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
53⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2176

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
54⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
54⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
55⤵
PID:2288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
55⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
55⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2352

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
56⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
56⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
57⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
57⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2516

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
58⤵
- Adds Run key to start application
PID:2580

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
58⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2632

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
59⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
59⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
PID:2708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
60⤵
PID:2744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
60⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
60⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2804

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
61⤵
PID:2832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
61⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
61⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
62⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
62⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2976

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
63⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
63⤵
- Suspicious use of SetThreadContext
PID:3052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
64⤵
PID:1648

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
64⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
64⤵
- Suspicious use of SetThreadContext
PID:2132

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
65⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
65⤵
PID:1552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
66⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
66⤵
PID:2228

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
67⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
67⤵
PID:2444

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
68⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
68⤵
PID:540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
69⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
69⤵
PID:2044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
70⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
70⤵
PID:1860

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
71⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
71⤵
PID:1984

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
72⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
72⤵
PID:1900

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
73⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
73⤵
PID:1848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
74⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
74⤵
PID:1508

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
75⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
75⤵
PID:2296

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
76⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
76⤵
PID:2488

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
77⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
77⤵
PID:2688

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
78⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
78⤵
PID:2636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
79⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
79⤵
PID:2728

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
80⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
80⤵
PID:3020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
81⤵
PID:2052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
81⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
81⤵
PID:2160

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
82⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
82⤵
PID:812

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
83⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
83⤵
PID:2088

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
84⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
84⤵
PID:2480

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
85⤵
PID:2228

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
85⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
85⤵
PID:1088

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
86⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
86⤵
PID:2028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
87⤵
- Adds Run key to start application
PID:872

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
87⤵
PID:2016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
88⤵
PID:1604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
88⤵
PID:1376

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
88⤵
PID:2384

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
89⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
89⤵
PID:2464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
90⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
90⤵
PID:1636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
91⤵
PID:2452

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
91⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
91⤵
PID:2504

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
92⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
92⤵
PID:2816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
93⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
93⤵
PID:2656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
94⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
94⤵
PID:2708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
95⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
95⤵
PID:2224

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
96⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
96⤵
PID:3052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
97⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
97⤵
PID:2824

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
98⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
98⤵
PID:2924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
99⤵
PID:684

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
99⤵
PID:3000

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
100⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
100⤵
PID:1144

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
101⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
101⤵
PID:1580

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
102⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
102⤵
PID:2280

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
103⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
103⤵
PID:2132

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
104⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
104⤵
PID:2552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
105⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
105⤵
PID:108

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
106⤵
PID:332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
106⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
106⤵
PID:1604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
107⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
107⤵
PID:2412

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
108⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
108⤵
PID:2384

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
109⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
109⤵
PID:2672

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
110⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
110⤵
PID:2868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
111⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
111⤵
PID:2816

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
112⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
112⤵
PID:2268

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
113⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
113⤵
PID:2988

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
114⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
114⤵
PID:2756

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
115⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
115⤵
PID:1572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
116⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
116⤵
PID:2128

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
117⤵
- Adds Run key to start application
PID:1476

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
117⤵
PID:2236

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
118⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
118⤵
PID:304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
119⤵
PID:2124

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
119⤵
PID:2396

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
119⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
119⤵
PID:1056

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
120⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
120⤵
PID:2208

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
121⤵
PID:1416

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
121⤵
PID:1028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
122⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
122⤵
PID:1044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
123⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
123⤵
PID:2384

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
124⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
124⤵
PID:2736

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
125⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
125⤵
PID:1520

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
126⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
126⤵
PID:2268

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
127⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
127⤵
PID:2372

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
128⤵
PID:524

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
128⤵
PID:2192

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
129⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
129⤵
PID:388

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
130⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
130⤵
PID:2312

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
131⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
131⤵
PID:1340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
132⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
132⤵
PID:932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
133⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
133⤵
PID:2436

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
134⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
134⤵
PID:2780

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
135⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
135⤵
PID:1564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
136⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
136⤵
PID:2348

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
137⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
137⤵
PID:2332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
138⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
138⤵
PID:2592

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
139⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
139⤵
PID:288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
140⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
140⤵
PID:1552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
141⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
141⤵
PID:2736

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
142⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
142⤵
PID:2448

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
143⤵
- Adds Run key to start application
PID:2240

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
143⤵
PID:2372

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
144⤵
PID:796

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
144⤵
PID:1700

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
145⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
145⤵
PID:1924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
146⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
146⤵
PID:1592

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
147⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
147⤵
PID:1516

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
148⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
148⤵
PID:2556

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
149⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
149⤵
PID:2032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
150⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
150⤵
PID:1820

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
151⤵
PID:1112

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
151⤵
PID:1640

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
152⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
152⤵
PID:288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
153⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
153⤵
PID:2328

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
154⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
154⤵
PID:1872

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
155⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
155⤵
PID:1240

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
156⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
156⤵
PID:2052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
157⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
157⤵
PID:908

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
158⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
158⤵
PID:2868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
159⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
159⤵
PID:2708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
160⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
160⤵
PID:2776

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
161⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
161⤵
PID:2968

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
162⤵
PID:1936

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
162⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
162⤵
PID:2484

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
163⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
163⤵
PID:2160

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
164⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
164⤵
PID:2532

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
165⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
165⤵
PID:2528

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
166⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
166⤵
PID:1844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
167⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
167⤵
PID:1104

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
168⤵
PID:1184

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
168⤵
PID:1824

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
169⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
169⤵
PID:2292

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
170⤵
- Adds Run key to start application
PID:1508

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
170⤵
PID:3044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
171⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
171⤵
PID:1852

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
172⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
172⤵
PID:1528

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
173⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
173⤵
PID:1920

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
174⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
174⤵
PID:2652

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
175⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
175⤵
PID:1840

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
176⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
176⤵
PID:2692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
177⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
177⤵
PID:1716

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
178⤵
PID:1332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
178⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
178⤵
PID:1356

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
179⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
179⤵
PID:2092

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
180⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
180⤵
PID:2540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
181⤵
PID:2516

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
181⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
181⤵
PID:2340

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
182⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
182⤵
PID:2140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
183⤵
PID:796

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
183⤵
PID:1576

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
184⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
184⤵
PID:2064

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
185⤵
PID:2276

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
185⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
185⤵
PID:3056

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
186⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
186⤵
PID:2732

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
187⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
187⤵
PID:2152

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
188⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
188⤵
PID:1468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
189⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
189⤵
PID:2136

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
190⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
190⤵
PID:2836

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
191⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
191⤵
PID:2256

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
192⤵
PID:3020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
192⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
192⤵
PID:1592

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
193⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
193⤵
PID:2376

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
194⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
194⤵
PID:1060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
195⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
195⤵
PID:2384

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
196⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
196⤵
PID:792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
197⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
197⤵
PID:1584

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
198⤵
PID:616

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
198⤵
PID:2760

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
199⤵
- Adds Run key to start application
PID:2348

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
199⤵
PID:1576

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
200⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
200⤵
PID:2492

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
201⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
201⤵
PID:1464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
202⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
202⤵
PID:1540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
203⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
203⤵
PID:656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
204⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
204⤵
PID:1648

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
205⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
205⤵
PID:1072

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
206⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
206⤵
PID:872

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
207⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
207⤵
PID:288

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
208⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
208⤵
PID:2524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
209⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
209⤵
PID:1896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
210⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
210⤵
PID:2848

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
211⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
211⤵
PID:1140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
212⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
212⤵
PID:1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
213⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
213⤵
PID:3060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
214⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
214⤵
PID:1604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
215⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
215⤵
PID:1932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
216⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
216⤵
PID:792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
217⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
217⤵
PID:1796

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
218⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
218⤵
PID:1044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
219⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
219⤵
PID:1104

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
220⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
220⤵
PID:3004

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
221⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
221⤵
PID:524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
222⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
222⤵
PID:1648

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
223⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
223⤵
PID:1144

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
224⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
224⤵
PID:932

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
225⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
225⤵
PID:1800

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
226⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
226⤵
PID:1940

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
227⤵
- Adds Run key to start application
PID:2564

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
227⤵
PID:1684

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
228⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
228⤵
PID:2692

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
229⤵
PID:2620

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
229⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
229⤵
PID:2396

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
230⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
230⤵
PID:2432

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
231⤵
PID:2132

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
231⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
231⤵
PID:1640

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
232⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
232⤵
PID:2316

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
233⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
233⤵
PID:1524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
234⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
234⤵
PID:1332

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
235⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
235⤵
PID:656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
236⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
236⤵
PID:2676

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
237⤵
PID:2304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
237⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
237⤵
PID:3036

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
238⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
238⤵
PID:2428

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
239⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
239⤵
PID:2172

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
240⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
240⤵
PID:1328

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
241⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
241⤵
PID:1804

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
242⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
242⤵
PID:2736

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
243⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
243⤵
PID:980

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
244⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
244⤵
PID:2580

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
245⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
245⤵
PID:2688

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
246⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
246⤵
PID:1512

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
247⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
247⤵
PID:1556

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
248⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
248⤵
PID:2132

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
249⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
249⤵
PID:2668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
250⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
250⤵
PID:1236

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
251⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
251⤵
PID:1840

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
252⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
252⤵
PID:2312

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
253⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
253⤵
PID:1572

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
254⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
254⤵
PID:304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
255⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
255⤵
PID:3012

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
256⤵
- Adds Run key to start application
PID:2296

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
256⤵
PID:2440

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
257⤵
PID:2696

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
257⤵
PID:2020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
257⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
257⤵
PID:1516

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
258⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
258⤵
PID:2084

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
259⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
259⤵
PID:1140

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
260⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
260⤵
PID:1552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
261⤵
PID:2840

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
261⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
261⤵
PID:2396

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
262⤵
PID:2460

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
262⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
262⤵
PID:3044

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
263⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
263⤵
PID:812

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
264⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
264⤵
PID:3032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
265⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
265⤵
PID:2444

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
266⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
266⤵
PID:2876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
267⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
267⤵
PID:2092

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
268⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
268⤵
PID:1052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
269⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
269⤵
PID:2656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
270⤵
PID:2896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
270⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
270⤵
PID:1084

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
271⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
271⤵
PID:2176

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
272⤵
PID:1844

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
272⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
272⤵
PID:2640

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
273⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
273⤵
PID:656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
274⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
274⤵
PID:2512

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
275⤵
PID:2020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
275⤵
PID:740

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
275⤵
PID:2500

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
276⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
276⤵
PID:1544

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
277⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
277⤵
PID:1480

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
278⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
278⤵
PID:1708

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
279⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
279⤵
PID:1104

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
280⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
280⤵
PID:1828

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
281⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
281⤵
PID:2360

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
282⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
282⤵
PID:1776

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
283⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
283⤵
PID:1164

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
284⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
284⤵
PID:1060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
285⤵
- Adds Run key to start application
PID:1640

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
285⤵
PID:1644

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
286⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
286⤵
PID:872

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
287⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
287⤵
PID:2148

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
288⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
288⤵
PID:1948

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
289⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
289⤵
PID:1540

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
290⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
290⤵
PID:1208

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
291⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
291⤵
PID:2740

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
292⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
292⤵
PID:1824

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
293⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
293⤵
PID:3032

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
294⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
294⤵
PID:1968

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
295⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
295⤵
PID:2088

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
296⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
296⤵
PID:2196

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
297⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
297⤵
PID:1664

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
298⤵
PID:2608

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
298⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
298⤵
PID:1620

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
299⤵
PID:1140

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
299⤵
PID:1552

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
300⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
300⤵
PID:2736

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
301⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
301⤵
PID:740

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
302⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
302⤵
PID:1488

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
303⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
303⤵
PID:2320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
304⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
304⤵
PID:2108

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
305⤵
PID:832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
305⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
305⤵
PID:1668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
306⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
306⤵
PID:2884

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
307⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
307⤵
PID:1948

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
308⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
308⤵
PID:2468

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
309⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
309⤵
PID:1480

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
310⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
310⤵
PID:1464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
311⤵
PID:1040

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
311⤵
PID:2832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
312⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
312⤵
PID:1636

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
313⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
313⤵
PID:2496

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
314⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
314⤵
PID:608

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
315⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
315⤵
PID:2024

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
316⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
316⤵
PID:1052

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
317⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
317⤵
PID:2956

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
318⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
318⤵
PID:1768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
319⤵
PID:1164

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
319⤵
PID:1804

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
320⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
320⤵
PID:1896

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
321⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
321⤵
PID:2660

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
322⤵
PID:1600

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
322⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
322⤵
PID:2132

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
323⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
323⤵
PID:1480

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
324⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
324⤵
PID:1536

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
325⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
325⤵
PID:2392

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
326⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
326⤵
PID:2084

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
327⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
327⤵
PID:2060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
328⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
328⤵
PID:2448

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
329⤵
PID:1656

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
329⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
329⤵
PID:1028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
330⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
330⤵
PID:3020

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
331⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
331⤵
PID:2408

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
332⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
332⤵
PID:2832

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
333⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
333⤵
PID:3064

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
334⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
334⤵
PID:1772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
335⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
335⤵
PID:2268

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
336⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
336⤵
PID:2968

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
337⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
337⤵
PID:268

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
338⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
338⤵
PID:1084

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
339⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
339⤵
PID:344

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
340⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
340⤵
PID:1580

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
341⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
341⤵
PID:2796

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
342⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
342⤵
PID:2240

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
343⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
343⤵
PID:684

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
344⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
344⤵
PID:1040

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
345⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
345⤵
PID:2080

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
346⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
346⤵
PID:1028

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
347⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
347⤵
PID:1064

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
348⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
348⤵
PID:2192

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
349⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
349⤵
PID:2444

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
350⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
350⤵
PID:2920

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
351⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
351⤵
PID:868

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
352⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
352⤵
PID:2252

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
353⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
353⤵
PID:2772

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
354⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
354⤵
PID:1464

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
355⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
355⤵
PID:2188

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
356⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
356⤵
PID:3060

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
357⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
357⤵
PID:2424

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
358⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
358⤵
PID:2828

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
359⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
359⤵
PID:1684

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
360⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
360⤵
PID:2100

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
361⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
361⤵
PID:2768

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
362⤵
PID:288

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
362⤵
PID:2620

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
363⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
363⤵
PID:744

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
364⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
364⤵
PID:304

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
365⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
365⤵
PID:2476

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
366⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
366⤵
PID:1424

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
367⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe
"C:\Users\Admin\AppData\Local\Temp\5660db4d39e1c2a7887c2b26c2f70f9b.exe"
367⤵
PID:3004

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
368⤵
PID:2780

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\HBWELB\HBWELB.exe
MD5
b58b926c3574d28d5b7fdd2ca3ec30d5

SHA1
d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

SHA256
6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

SHA512
b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

Download Submit
C:\Users\Admin\AppData\Roaming\HBWELB\HBWELB.exe
MD5
b58b926c3574d28d5b7fdd2ca3ec30d5

SHA1
d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

SHA256
6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

SHA512
b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

Download Submit
C:\Users\Admin\AppData\Roaming\HBWELB\HBWELB.exe
MD5
b58b926c3574d28d5b7fdd2ca3ec30d5

SHA1
d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

SHA256
6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

SHA512
b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

Download Submit
C:\Users\Admin\AppData\Roaming\HBWELB\HBWELB.exe
MD5
b58b926c3574d28d5b7fdd2ca3ec30d5

SHA1
d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

SHA256
6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

SHA512
b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

Download Submit
C:\Users\Admin\AppData\Roaming\HBWELB\HBWELB.exe
MD5
b58b926c3574d28d5b7fdd2ca3ec30d5

SHA1
d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

SHA256
6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

SHA512
b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HJdyTuap.exe
MD5
b8df682398f191102fd61a53c5fa350a

SHA1
8743f511998153de674bfbab9e23301411470076

SHA256
62d6192543381696165a638b33ccaae8ae4d19442df61138b536f26ceaa7e17c

SHA512
697e486c03e622866171edd7ccb9331602b20a4b40fb56c16d3eeccacdc9aa1715170b50fc19308152349c0fa3b7da3f432439f11c51dad9aa0ef68ce0c3e7d6

Download Submit
memory/108-521-0x0000000000000000-mapping.dmp

Download
memory/108-894-0x0000000000445C1E-mapping.dmp

Download
memory/268-1684-0x0000000000000000-mapping.dmp

Download
memory/288-692-0x0000000000000000-mapping.dmp

Download
memory/288-1033-0x0000000000000000-mapping.dmp

Download
memory/288-1806-0x0000000000445C1E-mapping.dmp

Download
memory/288-757-0x0000000000000000-mapping.dmp

Download
memory/304-586-0x0000000000000000-mapping.dmp

Download
memory/304-6-0x0000000000445C1E-mapping.dmp

Download
memory/304-1269-0x0000000000000000-mapping.dmp

Download
memory/304-1819-0x0000000000000000-mapping.dmp

Download
memory/316-473-0x0000000000445C1E-mapping.dmp

Download
memory/316-180-0x0000000000000000-mapping.dmp

Download
memory/316-879-0x0000000000445C1E-mapping.dmp

Download
memory/332-1295-0x0000000000445C1E-mapping.dmp

Download
memory/332-42-0x0000000000445C1E-mapping.dmp

Download
memory/340-1631-0x0000000000445C1E-mapping.dmp

Download
memory/344-734-0x0000000000445C1E-mapping.dmp

Download
memory/344-1694-0x0000000000000000-mapping.dmp

Download
memory/388-175-0x0000000000000000-mapping.dmp

Download
memory/388-641-0x0000000000000000-mapping.dmp

Download
memory/524-633-0x0000000000445C1E-mapping.dmp

Download
memory/524-1103-0x0000000000000000-mapping.dmp

Download
memory/540-127-0x0000000000445C1E-mapping.dmp

Download
memory/540-1716-0x0000000000445C1E-mapping.dmp

Download
memory/540-335-0x0000000000000000-mapping.dmp

Download
memory/560-719-0x0000000000445C1E-mapping.dmp

Download
memory/608-1569-0x0000000000000000-mapping.dmp

Download
memory/616-985-0x0000000000445C1E-mapping.dmp

Download
memory/656-1363-0x0000000000000000-mapping.dmp

Download
memory/656-1173-0x0000000000000000-mapping.dmp

Download
memory/656-1013-0x0000000000000000-mapping.dmp

Download
memory/684-242-0x0000000000445C1E-mapping.dmp

Download
memory/684-1714-0x0000000000000000-mapping.dmp

Download
memory/684-77-0x0000000000445C1E-mapping.dmp

Download
memory/684-488-0x0000000000445C1E-mapping.dmp

Download
memory/704-185-0x0000000000000000-mapping.dmp

Download
memory/740-1503-0x0000000000000000-mapping.dmp

Download
memory/740-1370-0x0000000000445C1E-mapping.dmp

Download
memory/744-1814-0x0000000000000000-mapping.dmp

Download
memory/792-978-0x0000000000000000-mapping.dmp

Download
memory/792-1078-0x0000000000000000-mapping.dmp

Download
memory/796-714-0x0000000000445C1E-mapping.dmp

Download
memory/796-909-0x0000000000445C1E-mapping.dmp

Download
memory/800-72-0x0000000000445C1E-mapping.dmp

Download
memory/812-1313-0x0000000000000000-mapping.dmp

Download
memory/812-406-0x0000000000000000-mapping.dmp

Download
memory/812-40-0x0000000000000000-mapping.dmp

Download
memory/824-1470-0x0000000000445C1E-mapping.dmp

Download
memory/864-197-0x0000000000445C1E-mapping.dmp

Download
memory/868-1754-0x0000000000000000-mapping.dmp

Download
memory/872-1028-0x0000000000000000-mapping.dmp

Download
memory/872-1706-0x0000000000445C1E-mapping.dmp

Download
memory/872-428-0x0000000000445C1E-mapping.dmp

Download
memory/872-1428-0x0000000000000000-mapping.dmp

Download
memory/908-782-0x0000000000000000-mapping.dmp

Download
memory/908-673-0x0000000000445C1E-mapping.dmp

Download
memory/932-1118-0x0000000000000000-mapping.dmp

Download
memory/932-656-0x0000000000000000-mapping.dmp

Download
memory/936-110-0x0000000000000000-mapping.dmp

Download
memory/936-172-0x0000000000445C1E-mapping.dmp

Download
memory/936-130-0x0000000000000000-mapping.dmp

Download
memory/936-704-0x0000000000445C1E-mapping.dmp

Download
memory/936-1261-0x0000000000445C1E-mapping.dmp

Download
memory/976-247-0x0000000000445C1E-mapping.dmp

Download
memory/980-1213-0x0000000000000000-mapping.dmp

Download
memory/1028-1485-0x0000000000445C1E-mapping.dmp

Download
memory/1028-1644-0x0000000000000000-mapping.dmp

Download
memory/1028-1115-0x0000000000445C1E-mapping.dmp

Download
memory/1028-1729-0x0000000000000000-mapping.dmp

Download
memory/1028-601-0x0000000000000000-mapping.dmp

Download
memory/1040-1719-0x0000000000000000-mapping.dmp

Download
memory/1040-1551-0x0000000000445C1E-mapping.dmp

Download
memory/1044-1088-0x0000000000000000-mapping.dmp

Download
memory/1044-606-0x0000000000000000-mapping.dmp

Download
memory/1044-1395-0x0000000000445C1E-mapping.dmp

Download
memory/1044-212-0x0000000000445C1E-mapping.dmp

Download
memory/1048-9-0x0000000000000000-mapping.dmp

Download
memory/1052-1338-0x0000000000000000-mapping.dmp

Download
memory/1052-593-0x0000000000445C1E-mapping.dmp

Download
memory/1052-1579-0x0000000000000000-mapping.dmp

Download
memory/1052-1095-0x0000000000445C1E-mapping.dmp

Download
memory/1052-52-0x0000000000445C1E-mapping.dmp

Download
memory/1056-689-0x0000000000445C1E-mapping.dmp

Download
memory/1056-591-0x0000000000000000-mapping.dmp

Download
memory/1060-165-0x0000000000000000-mapping.dmp

Download
memory/1060-1418-0x0000000000000000-mapping.dmp

Download
memory/1060-968-0x0000000000000000-mapping.dmp

Download
memory/1064-1734-0x0000000000000000-mapping.dmp

Download
memory/1064-934-0x0000000000445C1E-mapping.dmp

Download
memory/1072-1023-0x0000000000000000-mapping.dmp

Download
memory/1084-1241-0x0000000000445C1E-mapping.dmp

Download
memory/1084-157-0x0000000000445C1E-mapping.dmp

Download
memory/1084-1348-0x0000000000000000-mapping.dmp

Download
memory/1084-1689-0x0000000000000000-mapping.dmp

Download
memory/1084-62-0x0000000000445C1E-mapping.dmp

Download
memory/1088-421-0x0000000000000000-mapping.dmp

Download
memory/1092-207-0x0000000000445C1E-mapping.dmp

Download
memory/1104-832-0x0000000000000000-mapping.dmp

Download
memory/1104-1636-0x0000000000445C1E-mapping.dmp

Download
memory/1104-1393-0x0000000000000000-mapping.dmp

Download
memory/1104-1093-0x0000000000000000-mapping.dmp

Download
memory/1112-3-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1112-0-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1112-749-0x0000000000445C1E-mapping.dmp

Download
memory/1112-1-0x0000000000445C1E-mapping.dmp

Download
memory/1112-2-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1140-1293-0x0000000000000000-mapping.dmp

Download
memory/1140-1490-0x0000000000445C1E-mapping.dmp

Download
memory/1140-1053-0x0000000000000000-mapping.dmp

Download
memory/1144-1215-0x0000000000445C1E-mapping.dmp

Download
memory/1144-1113-0x0000000000000000-mapping.dmp

Download
memory/1144-122-0x0000000000445C1E-mapping.dmp

Download
memory/1144-1330-0x0000000000445C1E-mapping.dmp

Download
memory/1144-75-0x0000000000000000-mapping.dmp

Download
memory/1144-496-0x0000000000000000-mapping.dmp

Download
memory/1144-220-0x0000000000000000-mapping.dmp

Download
memory/1164-1413-0x0000000000000000-mapping.dmp

Download
memory/1164-1591-0x0000000000445C1E-mapping.dmp

Download
memory/1184-834-0x0000000000445C1E-mapping.dmp

Download
memory/1196-70-0x0000000000000000-mapping.dmp

Download
memory/1208-1541-0x0000000000445C1E-mapping.dmp

Download
memory/1208-1448-0x0000000000000000-mapping.dmp

Download
memory/1220-85-0x0000000000000000-mapping.dmp

Download
memory/1224-638-0x0000000000445C1E-mapping.dmp

Download
memory/1224-55-0x0000000000000000-mapping.dmp

Download
memory/1236-1249-0x0000000000000000-mapping.dmp

Download
memory/1240-17-0x0000000000445C1E-mapping.dmp

Download
memory/1240-772-0x0000000000000000-mapping.dmp

Download
memory/1240-1355-0x0000000000445C1E-mapping.dmp

Download
memory/1328-1198-0x0000000000000000-mapping.dmp

Download
memory/1328-1280-0x0000000000445C1E-mapping.dmp

Download
memory/1332-1168-0x0000000000000000-mapping.dmp

Download
memory/1340-523-0x0000000000445C1E-mapping.dmp

Download
memory/1340-651-0x0000000000000000-mapping.dmp

Download
memory/1356-887-0x0000000000000000-mapping.dmp

Download
memory/1356-15-0x0000000000000000-mapping.dmp

Download
memory/1376-433-0x0000000000445C1E-mapping.dmp

Download
memory/1380-150-0x0000000000000000-mapping.dmp

Download
memory/1380-187-0x0000000000445C1E-mapping.dmp

Download
memory/1416-598-0x0000000000445C1E-mapping.dmp

Download
memory/1420-418-0x0000000000445C1E-mapping.dmp

Download
memory/1424-1829-0x0000000000000000-mapping.dmp

Download
memory/1452-142-0x0000000000445C1E-mapping.dmp

Download
memory/1464-1003-0x0000000000000000-mapping.dmp

Download
memory/1464-839-0x0000000000445C1E-mapping.dmp

Download
memory/1464-1251-0x0000000000445C1E-mapping.dmp

Download
memory/1464-1549-0x0000000000000000-mapping.dmp

Download
memory/1464-1769-0x0000000000000000-mapping.dmp

Download
memory/1468-192-0x0000000000445C1E-mapping.dmp

Download
memory/1468-937-0x0000000000000000-mapping.dmp

Download
memory/1468-100-0x0000000000000000-mapping.dmp

Download
memory/1476-578-0x0000000000445C1E-mapping.dmp

Download
memory/1476-225-0x0000000000000000-mapping.dmp

Download
memory/1480-1383-0x0000000000000000-mapping.dmp

Download
memory/1480-929-0x0000000000445C1E-mapping.dmp

Download
memory/1480-1614-0x0000000000000000-mapping.dmp

Download
memory/1480-1544-0x0000000000000000-mapping.dmp

Download
memory/1484-1686-0x0000000000445C1E-mapping.dmp

Download
memory/1488-1508-0x0000000000000000-mapping.dmp

Download
memory/1488-37-0x0000000000445C1E-mapping.dmp

Download
memory/1488-1235-0x0000000000445C1E-mapping.dmp

Download
memory/1488-1415-0x0000000000445C1E-mapping.dmp

Download
memory/1492-1140-0x0000000000445C1E-mapping.dmp

Download
memory/1500-45-0x0000000000000000-mapping.dmp

Download
memory/1508-217-0x0000000000445C1E-mapping.dmp

Download
memory/1508-170-0x0000000000000000-mapping.dmp

Download
memory/1508-365-0x0000000000000000-mapping.dmp

Download
memory/1508-844-0x0000000000445C1E-mapping.dmp

Download
memory/1512-152-0x0000000000445C1E-mapping.dmp

Download
memory/1512-1228-0x0000000000000000-mapping.dmp

Download
memory/1516-732-0x0000000000000000-mapping.dmp

Download
memory/1516-1283-0x0000000000000000-mapping.dmp

Download
memory/1520-12-0x0000000000445C1E-mapping.dmp

Download
memory/1520-621-0x0000000000000000-mapping.dmp

Download
memory/1524-1163-0x0000000000000000-mapping.dmp

Download
memory/1524-1256-0x0000000000445C1E-mapping.dmp

Download
memory/1528-857-0x0000000000000000-mapping.dmp

Download
memory/1528-1435-0x0000000000445C1E-mapping.dmp

Download
memory/1536-1619-0x0000000000000000-mapping.dmp

Download
memory/1540-1008-0x0000000000000000-mapping.dmp

Download
memory/1540-1443-0x0000000000000000-mapping.dmp

Download
memory/1544-362-0x0000000000445C1E-mapping.dmp

Download
memory/1544-1378-0x0000000000000000-mapping.dmp

Download
memory/1548-1030-0x0000000000445C1E-mapping.dmp

Download
memory/1548-200-0x0000000000000000-mapping.dmp

Download
memory/1552-1746-0x0000000000445C1E-mapping.dmp

Download
memory/1552-697-0x0000000000000000-mapping.dmp

Download
memory/1552-4-0x0000000000000000-mapping.dmp

Download
memory/1552-320-0x0000000000000000-mapping.dmp

Download
memory/1552-250-0x0000000000000000-mapping.dmp

Download
memory/1552-1298-0x0000000000000000-mapping.dmp

Download
memory/1552-1493-0x0000000000000000-mapping.dmp

Download
memory/1556-1233-0x0000000000000000-mapping.dmp

Download
memory/1556-965-0x0000000000445C1E-mapping.dmp

Download
memory/1560-230-0x0000000000000000-mapping.dmp

Download
memory/1564-215-0x0000000000000000-mapping.dmp

Download
memory/1564-671-0x0000000000000000-mapping.dmp

Download
memory/1568-102-0x0000000000445C1E-mapping.dmp

Download
memory/1572-571-0x0000000000000000-mapping.dmp

Download
memory/1572-1264-0x0000000000000000-mapping.dmp

Download
memory/1572-1776-0x0000000000445C1E-mapping.dmp

Download
memory/1572-117-0x0000000000445C1E-mapping.dmp

Download
memory/1576-993-0x0000000000000000-mapping.dmp

Download
memory/1576-912-0x0000000000000000-mapping.dmp

Download
memory/1576-140-0x0000000000000000-mapping.dmp

Download
memory/1576-1325-0x0000000000445C1E-mapping.dmp

Download
memory/1580-1699-0x0000000000000000-mapping.dmp

Download
memory/1580-501-0x0000000000000000-mapping.dmp

Download
memory/1584-983-0x0000000000000000-mapping.dmp

Download
memory/1592-727-0x0000000000000000-mapping.dmp

Download
memory/1592-958-0x0000000000000000-mapping.dmp

Download
memory/1604-526-0x0000000000000000-mapping.dmp

Download
memory/1604-1068-0x0000000000000000-mapping.dmp

Download
memory/1604-60-0x0000000000000000-mapping.dmp

Download
memory/1620-1571-0x0000000000445C1E-mapping.dmp

Download
memory/1620-1488-0x0000000000000000-mapping.dmp

Download
memory/1628-22-0x0000000000445C1E-mapping.dmp

Download
memory/1632-145-0x0000000000000000-mapping.dmp

Download
memory/1632-240-0x0000000000000000-mapping.dmp

Download
memory/1636-446-0x0000000000000000-mapping.dmp

Download
memory/1636-252-0x0000000000445C1E-mapping.dmp

Download
memory/1636-1559-0x0000000000000000-mapping.dmp

Download
memory/1636-235-0x0000000000000000-mapping.dmp

Download
memory/1636-160-0x0000000000000000-mapping.dmp

Download
memory/1640-752-0x0000000000000000-mapping.dmp

Download
memory/1640-1153-0x0000000000000000-mapping.dmp

Download
memory/1640-1420-0x0000000000445C1E-mapping.dmp

Download
memory/1640-162-0x0000000000445C1E-mapping.dmp

Download
memory/1644-924-0x0000000000445C1E-mapping.dmp

Download
memory/1644-1626-0x0000000000445C1E-mapping.dmp

Download
memory/1644-423-0x0000000000445C1E-mapping.dmp

Download
memory/1644-1423-0x0000000000000000-mapping.dmp

Download
memory/1644-1225-0x0000000000445C1E-mapping.dmp

Download
memory/1648-1108-0x0000000000000000-mapping.dmp

Download
memory/1648-463-0x0000000000445C1E-mapping.dmp

Download
memory/1648-1018-0x0000000000000000-mapping.dmp

Download
memory/1656-658-0x0000000000445C1E-mapping.dmp

Download
memory/1660-135-0x0000000000000000-mapping.dmp

Download
memory/1664-1483-0x0000000000000000-mapping.dmp

Download
memory/1664-603-0x0000000000445C1E-mapping.dmp

Download
memory/1668-1523-0x0000000000000000-mapping.dmp

Download
memory/1668-210-0x0000000000000000-mapping.dmp

Download
memory/1668-232-0x0000000000445C1E-mapping.dmp

Download
memory/1676-1495-0x0000000000445C1E-mapping.dmp

Download
memory/1684-1794-0x0000000000000000-mapping.dmp

Download
memory/1684-1133-0x0000000000000000-mapping.dmp

Download
memory/1700-717-0x0000000000000000-mapping.dmp

Download
memory/1700-478-0x0000000000445C1E-mapping.dmp

Download
memory/1708-1388-0x0000000000000000-mapping.dmp

Download
memory/1708-408-0x0000000000445C1E-mapping.dmp

Download
memory/1716-120-0x0000000000000000-mapping.dmp

Download
memory/1716-1475-0x0000000000445C1E-mapping.dmp

Download
memory/1716-882-0x0000000000000000-mapping.dmp

Download
memory/1724-80-0x0000000000000000-mapping.dmp

Download
memory/1724-317-0x0000000000445C1E-mapping.dmp

Download
memory/1768-1058-0x0000000000000000-mapping.dmp

Download
memory/1768-1589-0x0000000000000000-mapping.dmp

Download
memory/1772-92-0x0000000000445C1E-mapping.dmp

Download
memory/1772-20-0x0000000000000000-mapping.dmp

Download
memory/1772-1669-0x0000000000000000-mapping.dmp

Download
memory/1776-1408-0x0000000000000000-mapping.dmp

Download
memory/1776-1510-0x0000000000445C1E-mapping.dmp

Download
memory/1788-372-0x0000000000445C1E-mapping.dmp

Download
memory/1788-147-0x0000000000445C1E-mapping.dmp

Download
memory/1796-1083-0x0000000000000000-mapping.dmp

Download
memory/1796-769-0x0000000000445C1E-mapping.dmp

Download
memory/1796-82-0x0000000000445C1E-mapping.dmp

Download
memory/1796-190-0x0000000000000000-mapping.dmp

Download
memory/1800-115-0x0000000000000000-mapping.dmp

Download
memory/1800-1123-0x0000000000000000-mapping.dmp

Download
memory/1804-1203-0x0000000000000000-mapping.dmp

Download
memory/1804-1594-0x0000000000000000-mapping.dmp

Download
memory/1808-50-0x0000000000000000-mapping.dmp

Download
memory/1812-312-0x0000000000445C1E-mapping.dmp

Download
memory/1812-809-0x0000000000445C1E-mapping.dmp

Download
memory/1812-1525-0x0000000000445C1E-mapping.dmp

Download
memory/1816-47-0x0000000000445C1E-mapping.dmp

Download
memory/1816-528-0x0000000000445C1E-mapping.dmp

Download
memory/1816-1195-0x0000000000445C1E-mapping.dmp

Download
memory/1816-1701-0x0000000000445C1E-mapping.dmp

Download
memory/1816-874-0x0000000000445C1E-mapping.dmp

Download
memory/1820-182-0x0000000000445C1E-mapping.dmp

Download
memory/1820-747-0x0000000000000000-mapping.dmp

Download
memory/1824-837-0x0000000000000000-mapping.dmp

Download
memory/1824-1458-0x0000000000000000-mapping.dmp

Download
memory/1828-1398-0x0000000000000000-mapping.dmp

Download
memory/1828-177-0x0000000000445C1E-mapping.dmp

Download
memory/1832-237-0x0000000000445C1E-mapping.dmp

Download
memory/1832-1536-0x0000000000445C1E-mapping.dmp

Download
memory/1840-1254-0x0000000000000000-mapping.dmp

Download
memory/1840-872-0x0000000000000000-mapping.dmp

Download
memory/1844-827-0x0000000000000000-mapping.dmp

Download
memory/1844-1266-0x0000000000445C1E-mapping.dmp

Download
memory/1844-105-0x0000000000000000-mapping.dmp

Download
memory/1848-904-0x0000000000445C1E-mapping.dmp

Download
memory/1848-724-0x0000000000445C1E-mapping.dmp

Download
memory/1848-533-0x0000000000445C1E-mapping.dmp

Download
memory/1848-360-0x0000000000000000-mapping.dmp

Download
memory/1852-852-0x0000000000000000-mapping.dmp

Download
memory/1852-613-0x0000000000445C1E-mapping.dmp

Download
memory/1852-202-0x0000000000445C1E-mapping.dmp

Download
memory/1860-345-0x0000000000000000-mapping.dmp

Download
memory/1868-57-0x0000000000445C1E-mapping.dmp

Download
memory/1872-137-0x0000000000445C1E-mapping.dmp

Download
memory/1872-767-0x0000000000000000-mapping.dmp

Download
memory/1884-222-0x0000000000445C1E-mapping.dmp

Download
memory/1884-1055-0x0000000000445C1E-mapping.dmp

Download
memory/1884-155-0x0000000000000000-mapping.dmp

Download
memory/1884-939-0x0000000000445C1E-mapping.dmp

Download
memory/1888-95-0x0000000000000000-mapping.dmp

Download
memory/1888-25-0x0000000000000000-mapping.dmp

Download
memory/1892-1015-0x0000000000445C1E-mapping.dmp

Download
memory/1892-167-0x0000000000445C1E-mapping.dmp

Download
memory/1896-1043-0x0000000000000000-mapping.dmp

Download
memory/1896-1599-0x0000000000000000-mapping.dmp

Download
memory/1900-355-0x0000000000000000-mapping.dmp

Download
memory/1900-27-0x0000000000445C1E-mapping.dmp

Download
memory/1916-1175-0x0000000000445C1E-mapping.dmp

Download
memory/1920-862-0x0000000000000000-mapping.dmp

Download
memory/1920-583-0x0000000000445C1E-mapping.dmp

Download
memory/1924-195-0x0000000000000000-mapping.dmp

Download
memory/1924-722-0x0000000000000000-mapping.dmp

Download
memory/1924-1025-0x0000000000445C1E-mapping.dmp

Download
memory/1932-1073-0x0000000000000000-mapping.dmp

Download
memory/1932-112-0x0000000000445C1E-mapping.dmp

Download
memory/1940-1128-0x0000000000000000-mapping.dmp

Download
memory/1948-67-0x0000000000445C1E-mapping.dmp

Download
memory/1948-1534-0x0000000000000000-mapping.dmp

Download
memory/1948-1438-0x0000000000000000-mapping.dmp

Download
memory/1956-352-0x0000000000445C1E-mapping.dmp

Download
memory/1956-1455-0x0000000000445C1E-mapping.dmp

Download
memory/1960-739-0x0000000000445C1E-mapping.dmp

Download
memory/1960-1425-0x0000000000445C1E-mapping.dmp

Download
memory/1964-503-0x0000000000445C1E-mapping.dmp

Download
memory/1968-97-0x0000000000445C1E-mapping.dmp

Download
memory/1968-65-0x0000000000000000-mapping.dmp

Download
memory/1968-1468-0x0000000000000000-mapping.dmp

Download
memory/1972-227-0x0000000000445C1E-mapping.dmp

Download
memory/1972-30-0x0000000000000000-mapping.dmp

Download
memory/1980-663-0x0000000000445C1E-mapping.dmp

Download
memory/1980-949-0x0000000000445C1E-mapping.dmp

Download
memory/1980-1500-0x0000000000445C1E-mapping.dmp

Download
memory/1980-1811-0x0000000000445C1E-mapping.dmp

Download
memory/1980-1271-0x0000000000445C1E-mapping.dmp

Download
memory/1980-342-0x0000000000445C1E-mapping.dmp

Download
memory/1984-107-0x0000000000445C1E-mapping.dmp

Download
memory/1984-1666-0x0000000000445C1E-mapping.dmp

Download
memory/1984-350-0x0000000000000000-mapping.dmp

Download
memory/1996-132-0x0000000000445C1E-mapping.dmp

Download
memory/1996-90-0x0000000000000000-mapping.dmp

Download
memory/2004-32-0x0000000000445C1E-mapping.dmp

Download
memory/2004-443-0x0000000000445C1E-mapping.dmp

Download
memory/2008-1681-0x0000000000445C1E-mapping.dmp

Download
memory/2016-431-0x0000000000000000-mapping.dmp

Download
memory/2016-205-0x0000000000000000-mapping.dmp

Download
memory/2016-1771-0x0000000000445C1E-mapping.dmp

Download
memory/2020-87-0x0000000000445C1E-mapping.dmp

Download
memory/2024-1145-0x0000000000445C1E-mapping.dmp

Download
memory/2024-1574-0x0000000000000000-mapping.dmp

Download
memory/2028-426-0x0000000000000000-mapping.dmp

Download
memory/2028-125-0x0000000000000000-mapping.dmp

Download
memory/2032-35-0x0000000000000000-mapping.dmp

Download
memory/2032-245-0x0000000000000000-mapping.dmp

Download
memory/2032-742-0x0000000000000000-mapping.dmp

Download
memory/2044-340-0x0000000000000000-mapping.dmp

Download
memory/2052-1300-0x0000000000445C1E-mapping.dmp

Download
memory/2052-777-0x0000000000000000-mapping.dmp

Download
memory/2052-1505-0x0000000000445C1E-mapping.dmp

Download
memory/2060-438-0x0000000000445C1E-mapping.dmp

Download
memory/2060-1634-0x0000000000000000-mapping.dmp

Download
memory/2060-854-0x0000000000445C1E-mapping.dmp

Download
memory/2064-917-0x0000000000000000-mapping.dmp

Download
memory/2064-1155-0x0000000000445C1E-mapping.dmp

Download
memory/2080-1724-0x0000000000000000-mapping.dmp

Download
memory/2084-1629-0x0000000000000000-mapping.dmp

Download
memory/2084-1005-0x0000000000445C1E-mapping.dmp

Download
memory/2084-1288-0x0000000000000000-mapping.dmp

Download
memory/2088-513-0x0000000000445C1E-mapping.dmp

Download
memory/2088-411-0x0000000000000000-mapping.dmp

Download
memory/2088-1473-0x0000000000000000-mapping.dmp

Download
memory/2092-892-0x0000000000000000-mapping.dmp

Download
memory/2092-1333-0x0000000000000000-mapping.dmp

Download
memory/2092-255-0x0000000000000000-mapping.dmp

Download
memory/2096-1731-0x0000000000445C1E-mapping.dmp

Download
memory/2096-754-0x0000000000445C1E-mapping.dmp

Download
memory/2100-548-0x0000000000445C1E-mapping.dmp

Download
memory/2100-1799-0x0000000000000000-mapping.dmp

Download
memory/2104-1220-0x0000000000445C1E-mapping.dmp

Download
memory/2108-1518-0x0000000000000000-mapping.dmp

Download
memory/2108-1035-0x0000000000445C1E-mapping.dmp

Download
memory/2108-1596-0x0000000000445C1E-mapping.dmp

Download
memory/2120-257-0x0000000000445C1E-mapping.dmp

Download
memory/2120-1480-0x0000000000445C1E-mapping.dmp

Download
memory/2124-679-0x0000000000445C1E-mapping.dmp

Download
memory/2124-1150-0x0000000000445C1E-mapping.dmp

Download
memory/2128-576-0x0000000000000000-mapping.dmp

Download
memory/2132-315-0x0000000000000000-mapping.dmp

Download
memory/2132-1609-0x0000000000000000-mapping.dmp

Download
memory/2132-1239-0x0000000000000000-mapping.dmp

Download
memory/2132-511-0x0000000000000000-mapping.dmp

Download
memory/2136-942-0x0000000000000000-mapping.dmp

Download
memory/2140-907-0x0000000000000000-mapping.dmp

Download
memory/2144-1816-0x0000000000445C1E-mapping.dmp

Download
memory/2144-518-0x0000000000445C1E-mapping.dmp

Download
memory/2148-1756-0x0000000000445C1E-mapping.dmp

Download
memory/2148-1100-0x0000000000445C1E-mapping.dmp

Download
memory/2148-1433-0x0000000000000000-mapping.dmp

Download
memory/2148-347-0x0000000000445C1E-mapping.dmp

Download
memory/2152-932-0x0000000000000000-mapping.dmp

Download
memory/2152-413-0x0000000000445C1E-mapping.dmp

Download
memory/2160-401-0x0000000000000000-mapping.dmp

Download
memory/2160-812-0x0000000000000000-mapping.dmp

Download
memory/2172-1193-0x0000000000000000-mapping.dmp

Download
memory/2172-829-0x0000000000445C1E-mapping.dmp

Download
memory/2176-588-0x0000000000445C1E-mapping.dmp

Download
memory/2176-260-0x0000000000000000-mapping.dmp

Download
memory/2176-1353-0x0000000000000000-mapping.dmp

Download
memory/2184-1450-0x0000000000445C1E-mapping.dmp

Download
memory/2188-1774-0x0000000000000000-mapping.dmp

Download
memory/2192-1739-0x0000000000000000-mapping.dmp

Download
memory/2192-636-0x0000000000000000-mapping.dmp

Download
memory/2196-1478-0x0000000000000000-mapping.dmp

Download
memory/2204-262-0x0000000000445C1E-mapping.dmp

Download
memory/2204-367-0x0000000000445C1E-mapping.dmp

Download
memory/2208-596-0x0000000000000000-mapping.dmp

Download
memory/2216-1205-0x0000000000445C1E-mapping.dmp

Download
memory/2224-471-0x0000000000000000-mapping.dmp

Download
memory/2224-563-0x0000000000445C1E-mapping.dmp

Download
memory/2228-325-0x0000000000000000-mapping.dmp

Download
memory/2228-1801-0x0000000000445C1E-mapping.dmp

Download
memory/2232-1190-0x0000000000445C1E-mapping.dmp

Download
memory/2236-357-0x0000000000445C1E-mapping.dmp

Download
memory/2236-581-0x0000000000000000-mapping.dmp

Download
memory/2236-824-0x0000000000445C1E-mapping.dmp

Download
memory/2236-1736-0x0000000000445C1E-mapping.dmp

Download
memory/2240-1709-0x0000000000000000-mapping.dmp

Download
memory/2240-709-0x0000000000445C1E-mapping.dmp

Download
memory/2244-1090-0x0000000000445C1E-mapping.dmp

Download
memory/2244-1831-0x0000000000445C1E-mapping.dmp

Download
memory/2244-1601-0x0000000000445C1E-mapping.dmp

Download
memory/2252-1759-0x0000000000000000-mapping.dmp

Download
memory/2256-952-0x0000000000000000-mapping.dmp

Download
memory/2256-265-0x0000000000000000-mapping.dmp

Download
memory/2260-684-0x0000000000445C1E-mapping.dmp

Download
memory/2260-784-0x0000000000445C1E-mapping.dmp

Download
memory/2264-1515-0x0000000000445C1E-mapping.dmp

Download
memory/2268-1246-0x0000000000445C1E-mapping.dmp

Download
memory/2268-1674-0x0000000000000000-mapping.dmp

Download
memory/2268-556-0x0000000000000000-mapping.dmp

Download
memory/2268-626-0x0000000000000000-mapping.dmp

Download
memory/2268-1340-0x0000000000445C1E-mapping.dmp

Download
memory/2272-1656-0x0000000000445C1E-mapping.dmp

Download
memory/2272-483-0x0000000000445C1E-mapping.dmp

Download
memory/2280-779-0x0000000000445C1E-mapping.dmp

Download
memory/2280-1075-0x0000000000445C1E-mapping.dmp

Download
memory/2280-506-0x0000000000000000-mapping.dmp

Download
memory/2280-1530-0x0000000000445C1E-mapping.dmp

Download
memory/2288-498-0x0000000000445C1E-mapping.dmp

Download
memory/2292-327-0x0000000000445C1E-mapping.dmp

Download
memory/2292-842-0x0000000000000000-mapping.dmp

Download
memory/2296-267-0x0000000000445C1E-mapping.dmp

Download
memory/2296-1275-0x0000000000445C1E-mapping.dmp

Download
memory/2296-370-0x0000000000000000-mapping.dmp

Download
memory/2296-1786-0x0000000000445C1E-mapping.dmp

Download
memory/2304-975-0x0000000000445C1E-mapping.dmp

Download
memory/2304-322-0x0000000000445C1E-mapping.dmp

Download
memory/2312-1259-0x0000000000000000-mapping.dmp

Download
memory/2312-646-0x0000000000000000-mapping.dmp

Download
memory/2316-1158-0x0000000000000000-mapping.dmp

Download
memory/2320-1513-0x0000000000000000-mapping.dmp

Download
memory/2328-1766-0x0000000000445C1E-mapping.dmp

Download
memory/2328-1000-0x0000000000445C1E-mapping.dmp

Download
memory/2328-762-0x0000000000000000-mapping.dmp

Download
memory/2332-682-0x0000000000000000-mapping.dmp

Download
memory/2340-902-0x0000000000000000-mapping.dmp

Download
memory/2340-332-0x0000000000445C1E-mapping.dmp

Download
memory/2348-1360-0x0000000000445C1E-mapping.dmp

Download
memory/2348-677-0x0000000000000000-mapping.dmp

Download
memory/2348-990-0x0000000000445C1E-mapping.dmp

Download
memory/2352-270-0x0000000000000000-mapping.dmp

Download
memory/2356-1290-0x0000000000445C1E-mapping.dmp

Download
memory/2360-1651-0x0000000000445C1E-mapping.dmp

Download
memory/2360-1403-0x0000000000000000-mapping.dmp

Download
memory/2372-631-0x0000000000000000-mapping.dmp

Download
memory/2372-804-0x0000000000445C1E-mapping.dmp

Download
memory/2372-712-0x0000000000000000-mapping.dmp

Download
memory/2372-1180-0x0000000000445C1E-mapping.dmp

Download
memory/2376-963-0x0000000000000000-mapping.dmp

Download
memory/2380-272-0x0000000000445C1E-mapping.dmp

Download
memory/2384-973-0x0000000000000000-mapping.dmp

Download
memory/2384-536-0x0000000000000000-mapping.dmp

Download
memory/2384-611-0x0000000000000000-mapping.dmp

Download
memory/2384-436-0x0000000000000000-mapping.dmp

Download
memory/2392-1624-0x0000000000000000-mapping.dmp

Download
memory/2396-1303-0x0000000000000000-mapping.dmp

Download
memory/2396-1143-0x0000000000000000-mapping.dmp

Download
memory/2400-884-0x0000000000445C1E-mapping.dmp

Download
memory/2408-1654-0x0000000000000000-mapping.dmp

Download
memory/2408-1520-0x0000000000445C1E-mapping.dmp

Download
memory/2412-531-0x0000000000000000-mapping.dmp

Download
memory/2424-1784-0x0000000000000000-mapping.dmp

Download
memory/2428-1188-0x0000000000000000-mapping.dmp

Download
memory/2432-1148-0x0000000000000000-mapping.dmp

Download
memory/2432-1310-0x0000000000445C1E-mapping.dmp

Download
memory/2436-661-0x0000000000000000-mapping.dmp

Download
memory/2436-275-0x0000000000000000-mapping.dmp

Download
memory/2436-448-0x0000000000445C1E-mapping.dmp

Download
memory/2440-1105-0x0000000000445C1E-mapping.dmp

Download
memory/2440-1278-0x0000000000000000-mapping.dmp

Download
memory/2440-1711-0x0000000000445C1E-mapping.dmp

Download
memory/2444-1410-0x0000000000445C1E-mapping.dmp

Download
memory/2444-1323-0x0000000000000000-mapping.dmp

Download
memory/2444-1744-0x0000000000000000-mapping.dmp

Download
memory/2444-330-0x0000000000000000-mapping.dmp

Download
memory/2448-707-0x0000000000000000-mapping.dmp

Download
memory/2448-1639-0x0000000000000000-mapping.dmp

Download
memory/2460-543-0x0000000000445C1E-mapping.dmp

Download
memory/2460-1390-0x0000000000445C1E-mapping.dmp

Download
memory/2464-1445-0x0000000000445C1E-mapping.dmp

Download
memory/2464-1781-0x0000000000445C1E-mapping.dmp

Download
memory/2464-441-0x0000000000000000-mapping.dmp

Download
memory/2464-277-0x0000000000445C1E-mapping.dmp

Download
memory/2468-1539-0x0000000000000000-mapping.dmp

Download
memory/2468-538-0x0000000000445C1E-mapping.dmp

Download
memory/2476-1646-0x0000000000445C1E-mapping.dmp

Download
memory/2476-1824-0x0000000000000000-mapping.dmp

Download
memory/2480-416-0x0000000000000000-mapping.dmp

Download
memory/2484-807-0x0000000000000000-mapping.dmp

Download
memory/2488-375-0x0000000000000000-mapping.dmp

Download
memory/2492-998-0x0000000000000000-mapping.dmp

Download
memory/2492-1791-0x0000000000445C1E-mapping.dmp

Download
memory/2496-1564-0x0000000000000000-mapping.dmp

Download
memory/2500-1373-0x0000000000000000-mapping.dmp

Download
memory/2500-1120-0x0000000000445C1E-mapping.dmp

Download
memory/2504-451-0x0000000000000000-mapping.dmp

Download
memory/2508-1641-0x0000000000445C1E-mapping.dmp

Download
memory/2512-1606-0x0000000000445C1E-mapping.dmp

Download
memory/2512-337-0x0000000000445C1E-mapping.dmp

Download
memory/2512-1368-0x0000000000000000-mapping.dmp

Download
memory/2516-1210-0x0000000000445C1E-mapping.dmp

Download
memory/2516-280-0x0000000000000000-mapping.dmp

Download
memory/2516-1616-0x0000000000445C1E-mapping.dmp

Download
memory/2516-1110-0x0000000000445C1E-mapping.dmp

Download
memory/2524-1038-0x0000000000000000-mapping.dmp

Download
memory/2528-1721-0x0000000000445C1E-mapping.dmp

Download
memory/2528-1315-0x0000000000445C1E-mapping.dmp

Download
memory/2528-822-0x0000000000000000-mapping.dmp

Download
memory/2532-817-0x0000000000000000-mapping.dmp

Download
memory/2532-1040-0x0000000000445C1E-mapping.dmp

Download
memory/2536-382-0x0000000000445C1E-mapping.dmp

Download
memory/2540-897-0x0000000000000000-mapping.dmp

Download
memory/2544-1080-0x0000000000445C1E-mapping.dmp

Download
memory/2544-799-0x0000000000445C1E-mapping.dmp

Download
memory/2548-1671-0x0000000000445C1E-mapping.dmp

Download
memory/2552-516-0x0000000000000000-mapping.dmp

Download
memory/2556-737-0x0000000000000000-mapping.dmp

Download
memory/2560-1305-0x0000000000445C1E-mapping.dmp

Download
memory/2564-1130-0x0000000000445C1E-mapping.dmp

Download
memory/2564-889-0x0000000000445C1E-mapping.dmp

Download
memory/2568-1010-0x0000000000445C1E-mapping.dmp

Download
memory/2576-1676-0x0000000000445C1E-mapping.dmp

Download
memory/2580-1125-0x0000000000445C1E-mapping.dmp

Download
memory/2580-1218-0x0000000000000000-mapping.dmp

Download
memory/2580-1761-0x0000000000445C1E-mapping.dmp

Download
memory/2580-282-0x0000000000445C1E-mapping.dmp

Download
memory/2588-453-0x0000000000445C1E-mapping.dmp

Download
memory/2588-1561-0x0000000000445C1E-mapping.dmp

Download
memory/2592-1050-0x0000000000445C1E-mapping.dmp

Download
memory/2592-687-0x0000000000000000-mapping.dmp

Download
memory/2592-970-0x0000000000445C1E-mapping.dmp

Download
memory/2604-1405-0x0000000000445C1E-mapping.dmp

Download
memory/2604-1581-0x0000000000445C1E-mapping.dmp

Download
memory/2608-1045-0x0000000000445C1E-mapping.dmp

Download
memory/2608-1796-0x0000000000445C1E-mapping.dmp

Download
memory/2612-1556-0x0000000000445C1E-mapping.dmp

Download
memory/2612-1185-0x0000000000445C1E-mapping.dmp

Download
memory/2620-1809-0x0000000000000000-mapping.dmp

Download
memory/2624-759-0x0000000000445C1E-mapping.dmp

Download
memory/2628-1566-0x0000000000445C1E-mapping.dmp

Download
memory/2632-388-0x0000000000445C1E-mapping.dmp

Download
memory/2632-285-0x0000000000000000-mapping.dmp

Download
memory/2632-729-0x0000000000445C1E-mapping.dmp

Download
memory/2636-385-0x0000000000000000-mapping.dmp

Download
memory/2640-1358-0x0000000000000000-mapping.dmp

Download
memory/2644-1691-0x0000000000445C1E-mapping.dmp

Download
memory/2652-867-0x0000000000000000-mapping.dmp

Download
memory/2656-461-0x0000000000000000-mapping.dmp

Download
memory/2656-1343-0x0000000000000000-mapping.dmp

Download
memory/2660-1604-0x0000000000000000-mapping.dmp

Download
memory/2660-287-0x0000000000445C1E-mapping.dmp

Download
memory/2660-508-0x0000000000445C1E-mapping.dmp

Download
memory/2668-377-0x0000000000445C1E-mapping.dmp

Download
memory/2668-1244-0x0000000000000000-mapping.dmp

Download
memory/2672-541-0x0000000000000000-mapping.dmp

Download
memory/2676-1178-0x0000000000000000-mapping.dmp

Download
memory/2684-668-0x0000000000445C1E-mapping.dmp

Download
memory/2688-1223-0x0000000000000000-mapping.dmp

Download
memory/2688-380-0x0000000000000000-mapping.dmp

Download
memory/2692-1138-0x0000000000000000-mapping.dmp

Download
memory/2692-877-0x0000000000000000-mapping.dmp

Download
memory/2696-573-0x0000000000445C1E-mapping.dmp

Download
memory/2704-955-0x0000000000445C1E-mapping.dmp

Download
memory/2708-290-0x0000000000000000-mapping.dmp

Download
memory/2708-792-0x0000000000000000-mapping.dmp

Download
memory/2708-1350-0x0000000000445C1E-mapping.dmp

Download
memory/2708-466-0x0000000000000000-mapping.dmp

Download
memory/2712-794-0x0000000000445C1E-mapping.dmp

Download
memory/2720-1751-0x0000000000445C1E-mapping.dmp

Download
memory/2724-648-0x0000000000445C1E-mapping.dmp

Download
memory/2728-391-0x0000000000000000-mapping.dmp

Download
memory/2728-1285-0x0000000000445C1E-mapping.dmp

Download
memory/2732-1576-0x0000000000445C1E-mapping.dmp

Download
memory/2732-927-0x0000000000000000-mapping.dmp

Download
memory/2732-744-0x0000000000445C1E-mapping.dmp

Download
memory/2736-1498-0x0000000000000000-mapping.dmp

Download
memory/2736-1208-0x0000000000000000-mapping.dmp

Download
memory/2736-1380-0x0000000000445C1E-mapping.dmp

Download
memory/2736-616-0x0000000000000000-mapping.dmp

Download
memory/2736-702-0x0000000000000000-mapping.dmp

Download
memory/2736-1065-0x0000000000445C1E-mapping.dmp

Download
memory/2740-1453-0x0000000000000000-mapping.dmp

Download
memory/2740-919-0x0000000000445C1E-mapping.dmp

Download
memory/2748-653-0x0000000000445C1E-mapping.dmp

Download
memory/2748-1465-0x0000000000445C1E-mapping.dmp

Download
memory/2748-458-0x0000000000445C1E-mapping.dmp

Download
memory/2752-292-0x0000000000445C1E-mapping.dmp

Download
memory/2756-1586-0x0000000000445C1E-mapping.dmp

Download
memory/2756-1165-0x0000000000445C1E-mapping.dmp

Download
memory/2756-566-0x0000000000000000-mapping.dmp

Download
memory/2760-988-0x0000000000000000-mapping.dmp

Download
memory/2768-1804-0x0000000000000000-mapping.dmp

Download
memory/2772-1764-0x0000000000000000-mapping.dmp

Download
memory/2776-797-0x0000000000000000-mapping.dmp

Download
memory/2780-1836-0x0000000000445C1E-mapping.dmp

Download
memory/2780-666-0x0000000000000000-mapping.dmp

Download
memory/2784-1085-0x0000000000445C1E-mapping.dmp

Download
memory/2788-493-0x0000000000445C1E-mapping.dmp

Download
memory/2796-1704-0x0000000000000000-mapping.dmp

Download
memory/2800-899-0x0000000000445C1E-mapping.dmp

Download
memory/2804-295-0x0000000000000000-mapping.dmp

Download
memory/2816-456-0x0000000000000000-mapping.dmp

Download
memory/2816-551-0x0000000000000000-mapping.dmp

Download
memory/2820-1546-0x0000000000445C1E-mapping.dmp

Download
memory/2824-481-0x0000000000000000-mapping.dmp

Download
memory/2824-1400-0x0000000000445C1E-mapping.dmp

Download
memory/2828-1375-0x0000000000445C1E-mapping.dmp

Download
memory/2828-1789-0x0000000000000000-mapping.dmp

Download
memory/2832-1659-0x0000000000000000-mapping.dmp

Download
memory/2832-1554-0x0000000000000000-mapping.dmp

Download
memory/2836-1365-0x0000000000445C1E-mapping.dmp

Download
memory/2836-947-0x0000000000000000-mapping.dmp

Download
memory/2840-1385-0x0000000000445C1E-mapping.dmp

Download
memory/2840-297-0x0000000000445C1E-mapping.dmp

Download
memory/2844-1070-0x0000000000445C1E-mapping.dmp

Download
memory/2848-1048-0x0000000000000000-mapping.dmp

Download
memory/2848-849-0x0000000000445C1E-mapping.dmp

Download
memory/2848-694-0x0000000000445C1E-mapping.dmp

Download
memory/2856-1741-0x0000000000445C1E-mapping.dmp

Download
memory/2856-1345-0x0000000000445C1E-mapping.dmp

Download
memory/2864-393-0x0000000000445C1E-mapping.dmp

Download
memory/2868-1460-0x0000000000445C1E-mapping.dmp

Download
memory/2868-618-0x0000000000445C1E-mapping.dmp

Download
memory/2868-546-0x0000000000000000-mapping.dmp

Download
memory/2868-787-0x0000000000000000-mapping.dmp

Download
memory/2868-864-0x0000000000445C1E-mapping.dmp

Download
memory/2868-1726-0x0000000000445C1E-mapping.dmp

Download
memory/2872-869-0x0000000000445C1E-mapping.dmp

Download
memory/2876-1160-0x0000000000445C1E-mapping.dmp

Download
memory/2876-1328-0x0000000000000000-mapping.dmp

Download
memory/2880-1135-0x0000000000445C1E-mapping.dmp

Download
memory/2884-859-0x0000000000445C1E-mapping.dmp

Download
memory/2884-1528-0x0000000000000000-mapping.dmp

Download
memory/2896-300-0x0000000000000000-mapping.dmp

Download
memory/2896-643-0x0000000000445C1E-mapping.dmp

Download
memory/2904-1170-0x0000000000445C1E-mapping.dmp

Download
memory/2904-1621-0x0000000000445C1E-mapping.dmp

Download
memory/2904-1821-0x0000000000445C1E-mapping.dmp

Download
memory/2908-398-0x0000000000445C1E-mapping.dmp

Download
memory/2908-1320-0x0000000000445C1E-mapping.dmp

Download
memory/2908-914-0x0000000000445C1E-mapping.dmp

Download
memory/2920-699-0x0000000000445C1E-mapping.dmp

Download
memory/2920-1749-0x0000000000000000-mapping.dmp

Download
memory/2924-486-0x0000000000000000-mapping.dmp

Download
memory/2924-302-0x0000000000445C1E-mapping.dmp

Download
memory/2924-1430-0x0000000000445C1E-mapping.dmp

Download
memory/2928-1335-0x0000000000445C1E-mapping.dmp

Download
memory/2932-944-0x0000000000445C1E-mapping.dmp

Download
memory/2940-814-0x0000000000445C1E-mapping.dmp

Download
memory/2944-1020-0x0000000000445C1E-mapping.dmp

Download
memory/2956-623-0x0000000000445C1E-mapping.dmp

Download
memory/2956-1200-0x0000000000445C1E-mapping.dmp

Download
memory/2956-1584-0x0000000000000000-mapping.dmp

Download
memory/2960-1696-0x0000000000445C1E-mapping.dmp

Download
memory/2960-774-0x0000000000445C1E-mapping.dmp

Download
memory/2968-1679-0x0000000000000000-mapping.dmp

Download
memory/2968-802-0x0000000000000000-mapping.dmp

Download
memory/2976-305-0x0000000000000000-mapping.dmp

Download
memory/2980-553-0x0000000000445C1E-mapping.dmp

Download
memory/2980-980-0x0000000000445C1E-mapping.dmp

Download
memory/2988-1230-0x0000000000445C1E-mapping.dmp

Download
memory/2988-764-0x0000000000445C1E-mapping.dmp

Download
memory/2988-561-0x0000000000000000-mapping.dmp

Download
memory/2996-1440-0x0000000000445C1E-mapping.dmp

Download
memory/2996-995-0x0000000000445C1E-mapping.dmp

Download
memory/3000-491-0x0000000000000000-mapping.dmp

Download
memory/3000-403-0x0000000000445C1E-mapping.dmp

Download
memory/3000-789-0x0000000000445C1E-mapping.dmp

Download
memory/3004-1098-0x0000000000000000-mapping.dmp

Download
memory/3004-1834-0x0000000000000000-mapping.dmp

Download
memory/3004-307-0x0000000000445C1E-mapping.dmp

Download
memory/3012-1273-0x0000000000000000-mapping.dmp

Download
memory/3016-608-0x0000000000445C1E-mapping.dmp

Download
memory/3020-396-0x0000000000000000-mapping.dmp

Download
memory/3020-1649-0x0000000000000000-mapping.dmp

Download
memory/3032-558-0x0000000000445C1E-mapping.dmp

Download
memory/3032-1318-0x0000000000000000-mapping.dmp

Download
memory/3032-1826-0x0000000000445C1E-mapping.dmp

Download
memory/3032-1463-0x0000000000000000-mapping.dmp

Download
memory/3032-1611-0x0000000000445C1E-mapping.dmp

Download
memory/3036-819-0x0000000000445C1E-mapping.dmp

Download
memory/3036-1183-0x0000000000000000-mapping.dmp

Download
memory/3040-1060-0x0000000000445C1E-mapping.dmp

Download
memory/3040-568-0x0000000000445C1E-mapping.dmp

Download
memory/3044-1308-0x0000000000000000-mapping.dmp

Download
memory/3044-847-0x0000000000000000-mapping.dmp

Download
memory/3048-1661-0x0000000000445C1E-mapping.dmp

Download
memory/3048-960-0x0000000000445C1E-mapping.dmp

Download
memory/3052-476-0x0000000000000000-mapping.dmp

Download
memory/3052-310-0x0000000000000000-mapping.dmp

Download
memory/3056-922-0x0000000000000000-mapping.dmp

Download
memory/3060-468-0x0000000000445C1E-mapping.dmp

Download
memory/3060-1779-0x0000000000000000-mapping.dmp

Download
memory/3060-1063-0x0000000000000000-mapping.dmp

Download
memory/3064-1664-0x0000000000000000-mapping.dmp

Download
memory/3068-628-0x0000000000445C1E-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads