netwire | 3a216b9390f1c46b8e49d43c63211a76e236510ef545eda83ddd8084f605f956

Analysis

max time kernel
300s
max time network
295s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
16/01/2024, 13:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OInstall.exe
Size

15.2MB
MD5

38be94769e4f59d9a90e551e505c2e07
SHA1

cac71ca2dd32cbe99614870ef01851e0d54bff84
SHA256

3a216b9390f1c46b8e49d43c63211a76e236510ef545eda83ddd8084f605f956
SHA512

47ef669a5be744235e10ba65d7deb8bdd46544cd6dc4532fa4b43fdc3b5d9b6b49febbef8906870b321281c47ca45f9b679e65eabfeffbf6deffc96fa27e24a5
SSDEEP

393216:J8/uxLqG0/kfQslis6SAVDfINRPcji3Zhtnh0:Bv0/kr8s6SA5QUji3ZhtnK

Score

10^/10

netwire botnet rat stealer

Malware Config

Extracted

Family

netwire

qayshaija.ddns.net:1515

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
%AppData%\Logs\
lock_executable
false
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
false

Signatures

NetWire RAT payload 3 IoCs

rat

resource	yara_rule
behavioral1/memory/4596-52-0x0000000000400000-0x000000000042B000-memory.dmp	netwire
behavioral1/memory/4596-59-0x0000000000400000-0x000000000042B000-memory.dmp	netwire
behavioral1/memory/4596-61-0x0000000000400000-0x000000000042B000-memory.dmp	netwire

Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
botnet stealer netwire

Checks BIOS information in registry 2 TTPs 64 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	install.exe

Executes dropped EXE 64 IoCs

pid	Process
3648	install.exe
4012	install.exe
916	install.exe
4220	install.exe
2120	install.exe
1632	install.exe
396	install.exe
2244	install.exe
3912	WerFault.exe
2820	install.exe
3840	install.exe
3336	install.exe
4564	install.exe
3904	install.exe
5028	install.exe
1848	install.exe
4664	install.exe
1496	install.exe
520	install.exe
3524	install.exe
5008	install.exe
2304	install.exe
2288	install.exe
5080	install.exe
2548	RegAsm.exe
1056	install.exe
2820	RegAsm.exe
4816	install.exe
1200	install.exe
2120	install.exe
4352	install.exe
2040	install.exe
3532	install.exe
2248	install.exe
1460	install.exe
5068	install.exe
3524	install.exe
4164	install.exe
4608	install.exe
2572	install.exe
204	install.exe
1328	install.exe
3836	install.exe
4132	install.exe
4608	install.exe
4400	install.exe
4660	install.exe
2868	install.exe
4992	install.exe
1192	install.exe
2148	install.exe
4140	install.exe
712	install.exe
2152	install.exe
4040	install.exe
5112	install.exe
4132	install.exe
1632	install.exe
1508	install.exe
1852	install.exe
1020	install.exe
4212	install.exe
4084	install.exe
4168	install.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 3648 set thread context of 4596	3648	install.exe	101
PID 4012 set thread context of 2560	4012	install.exe	102
PID 4564 set thread context of 4128	4564	install.exe	106
PID 916 set thread context of 2868	916	install.exe	108
PID 3904 set thread context of 1604	3904	install.exe	112
PID 4220 set thread context of 4400	4220	install.exe	113
PID 2120 set thread context of 3644	2120	install.exe	117
PID 1632 set thread context of 2040	1632	install.exe	173
PID 396 set thread context of 200	396	install.exe	122
PID 2244 set thread context of 4384	2244	install.exe	128
PID 3912 set thread context of 3556	3912	WerFault.exe	129
PID 520 set thread context of 220	520	install.exe	132
PID 2820 set thread context of 712	2820	RegAsm.exe	135
PID 3524 set thread context of 3992	3524	install.exe	214
PID 3840 set thread context of 1348	3840	install.exe	139
PID 5008 set thread context of 4712	5008	install.exe	142
PID 3336 set thread context of 2324	3336	install.exe	144
PID 2304 set thread context of 3532	2304	install.exe	174
PID 5028 set thread context of 4808	5028	install.exe	155
PID 1848 set thread context of 4584	1848	install.exe	159
PID 4664 set thread context of 1456	4664	install.exe	164
PID 1496 set thread context of 4568	1496	install.exe	192
PID 2288 set thread context of 4440	2288	install.exe	178
PID 1460 set thread context of 3708	1460	install.exe	181
PID 5080 set thread context of 2960	5080	install.exe	209
PID 5068 set thread context of 1328	5068	install.exe	211
PID 2548 set thread context of 4084	2548	RegAsm.exe	189
PID 3524 set thread context of 4228	3524	install.exe	187
PID 1056 set thread context of 4104	1056	install.exe	190
PID 4164 set thread context of 4948	4164	install.exe	193
PID 2820 set thread context of 4192	2820	RegAsm.exe	194
PID 4608 set thread context of 2968	4608	install.exe	197
PID 4816 set thread context of 1108	4816	install.exe	198
PID 2572 set thread context of 2564	2572	install.exe	202
PID 1200 set thread context of 3572	1200	install.exe	204
PID 204 set thread context of 4032	204	install.exe	207
PID 2120 set thread context of 2960	2120	install.exe	209
PID 4352 set thread context of 2364	4352	install.exe	213
PID 1328 set thread context of 2548	1328	install.exe	212
PID 2040 set thread context of 3992	2040	install.exe	214
PID 3836 set thread context of 3540	3836	install.exe	217
PID 3532 set thread context of 364	3532	install.exe	219
PID 4132 set thread context of 2072	4132	install.exe	222
PID 2248 set thread context of 2820	2248	install.exe	223
PID 4608 set thread context of 644	4608	install.exe	245
PID 4400 set thread context of 3560	4400	install.exe	249
PID 4660 set thread context of 1080	4660	install.exe	252
PID 2868 set thread context of 2608	2868	install.exe	257
PID 4992 set thread context of 1108	4992	install.exe	260
PID 1192 set thread context of 5080	1192	install.exe	263
PID 2148 set thread context of 596	2148	install.exe	267
PID 4140 set thread context of 2556	4140	install.exe	270
PID 712 set thread context of 3604	712	install.exe	273
PID 2152 set thread context of 4364	2152	install.exe	277
PID 4040 set thread context of 4164	4040	install.exe	283
PID 5112 set thread context of 2608	5112	install.exe	284
PID 4132 set thread context of 1108	4132	install.exe	287
PID 1632 set thread context of 2596	1632	install.exe	292
PID 1508 set thread context of 5088	1508	install.exe	295
PID 1852 set thread context of 1876	1852	install.exe	300
PID 1020 set thread context of 4580	1020	install.exe	303
PID 4212 set thread context of 4500	4212	install.exe	306
PID 4084 set thread context of 4948	4084	install.exe	309
PID 4168 set thread context of 2340	4168	install.exe	313

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 6 IoCs

pid	pid_target	Process	procid_target
4380	4596	WerFault.exe
1312	2560	WerFault.exe	102
4732	4128	WerFault.exe	106
3572	2868	WerFault.exe	108
1788	3556	WerFault.exe	129
3912	4808	WerFault.exe	155

Enumerates system info in registry 2 TTPs 64 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	WerFault.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	RegAsm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	RegAsm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	install.exe

Suspicious behavior: MapViewOfSection 64 IoCs

pid	Process
3648	install.exe
4012	install.exe
4564	install.exe
916	install.exe
916	install.exe
3904	install.exe
4220	install.exe
2120	install.exe
1632	install.exe
396	install.exe
396	install.exe
396	install.exe
2244	install.exe
3912	WerFault.exe
3912	WerFault.exe
520	install.exe
2820	RegAsm.exe
3524	install.exe
3840	install.exe
3840	install.exe
5008	install.exe
3336	install.exe
3336	install.exe
2304	install.exe
5028	install.exe
1848	install.exe
4664	install.exe
1496	install.exe
2288	install.exe
1460	install.exe
5080	install.exe
5068	install.exe
2548	RegAsm.exe
3524	install.exe
1056	install.exe
4164	install.exe
2820	RegAsm.exe
4608	install.exe
4816	install.exe
4816	install.exe
2572	install.exe
1200	install.exe
1200	install.exe
204	install.exe
204	install.exe
2120	install.exe
4352	install.exe
1328	install.exe
2040	install.exe
3836	install.exe
3532	install.exe
3532	install.exe
4132	install.exe
2248	install.exe
4608	install.exe
4608	install.exe
4400	install.exe
4400	install.exe
4660	install.exe
2868	install.exe
4992	install.exe
1192	install.exe
1192	install.exe
2148	install.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3572	OInstall.exe
3572	OInstall.exe
3572	OInstall.exe
1200	OInstall.exe
1200	OInstall.exe
1200	OInstall.exe
3524	OInstall.exe
3524	OInstall.exe
3524	OInstall.exe
4400	OInstall.exe
4400	OInstall.exe
4400	OInstall.exe
3876	OInstall.exe
3876	OInstall.exe
3876	OInstall.exe
4252	OInstall.exe
4252	OInstall.exe
4252	OInstall.exe
4148	OInstall.exe
4148	OInstall.exe
4148	OInstall.exe
3408	OInstall.exe
3408	OInstall.exe
3408	OInstall.exe
3208	RegAsm.exe
3208	RegAsm.exe
3208	RegAsm.exe
4440	RegAsm.exe
4440	RegAsm.exe
4440	RegAsm.exe
2968	RegAsm.exe
2968	RegAsm.exe
2968	RegAsm.exe
3136	OInstall.exe
3136	OInstall.exe
3136	OInstall.exe
4160	OInstall.exe
4160	OInstall.exe
4160	OInstall.exe
700	OInstall.exe
700	OInstall.exe
700	OInstall.exe
3240	OInstall.exe
3240	OInstall.exe
3240	OInstall.exe
4428	OInstall.exe
4428	OInstall.exe
4428	OInstall.exe
3092	OInstall.exe
3092	OInstall.exe
3092	OInstall.exe
4440	RegAsm.exe
4440	RegAsm.exe
4440	RegAsm.exe
3732	OInstall.exe
3732	OInstall.exe
3732	OInstall.exe
4832	OInstall.exe
4832	OInstall.exe
4832	OInstall.exe
1444	OInstall.exe
1444	OInstall.exe
1444	OInstall.exe
992	OInstall.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3572	OInstall.exe
3572	OInstall.exe
3572	OInstall.exe
1200	OInstall.exe
1200	OInstall.exe
1200	OInstall.exe
3524	OInstall.exe
3524	OInstall.exe
3524	OInstall.exe
4400	OInstall.exe
4400	OInstall.exe
4400	OInstall.exe
3876	OInstall.exe
3876	OInstall.exe
3876	OInstall.exe
4252	OInstall.exe
4252	OInstall.exe
4252	OInstall.exe
4148	OInstall.exe
4148	OInstall.exe
4148	OInstall.exe
3408	OInstall.exe
3408	OInstall.exe
3408	OInstall.exe
3208	RegAsm.exe
3208	RegAsm.exe
3208	RegAsm.exe
4440	RegAsm.exe
4440	RegAsm.exe
4440	RegAsm.exe
2968	RegAsm.exe
2968	RegAsm.exe
2968	RegAsm.exe
3136	OInstall.exe
3136	OInstall.exe
3136	OInstall.exe
4160	OInstall.exe
4160	OInstall.exe
4160	OInstall.exe
700	OInstall.exe
700	OInstall.exe
700	OInstall.exe
3240	OInstall.exe
3240	OInstall.exe
3240	OInstall.exe
4428	OInstall.exe
4428	OInstall.exe
4428	OInstall.exe
3092	OInstall.exe
3092	OInstall.exe
3092	OInstall.exe
4440	RegAsm.exe
4440	RegAsm.exe
4440	RegAsm.exe
3732	OInstall.exe
3732	OInstall.exe
3732	OInstall.exe
4832	OInstall.exe
4832	OInstall.exe
4832	OInstall.exe
1444	OInstall.exe
1444	OInstall.exe
1444	OInstall.exe
992	OInstall.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 1200	3572	OInstall.exe	74
PID 3572 wrote to memory of 1200	3572	OInstall.exe	74
PID 3572 wrote to memory of 1200	3572	OInstall.exe	74
PID 3572 wrote to memory of 3648	3572	OInstall.exe	76
PID 3572 wrote to memory of 3648	3572	OInstall.exe	76
PID 3572 wrote to memory of 3648	3572	OInstall.exe	76
PID 1200 wrote to memory of 3524	1200	OInstall.exe	77
PID 1200 wrote to memory of 3524	1200	OInstall.exe	77
PID 1200 wrote to memory of 3524	1200	OInstall.exe	77
PID 1200 wrote to memory of 4012	1200	OInstall.exe	78
PID 1200 wrote to memory of 4012	1200	OInstall.exe	78
PID 1200 wrote to memory of 4012	1200	OInstall.exe	78
PID 3524 wrote to memory of 4400	3524	OInstall.exe	79
PID 3524 wrote to memory of 4400	3524	OInstall.exe	79
PID 3524 wrote to memory of 4400	3524	OInstall.exe	79
PID 3524 wrote to memory of 916	3524	OInstall.exe	80
PID 3524 wrote to memory of 916	3524	OInstall.exe	80
PID 3524 wrote to memory of 916	3524	OInstall.exe	80
PID 4400 wrote to memory of 3876	4400	OInstall.exe	81
PID 4400 wrote to memory of 3876	4400	OInstall.exe	81
PID 4400 wrote to memory of 3876	4400	OInstall.exe	81
PID 4400 wrote to memory of 4220	4400	OInstall.exe	82
PID 4400 wrote to memory of 4220	4400	OInstall.exe	82
PID 4400 wrote to memory of 4220	4400	OInstall.exe	82
PID 3876 wrote to memory of 4252	3876	OInstall.exe	83
PID 3876 wrote to memory of 4252	3876	OInstall.exe	83
PID 3876 wrote to memory of 4252	3876	OInstall.exe	83
PID 3876 wrote to memory of 2120	3876	OInstall.exe	84
PID 3876 wrote to memory of 2120	3876	OInstall.exe	84
PID 3876 wrote to memory of 2120	3876	OInstall.exe	84
PID 4252 wrote to memory of 4148	4252	OInstall.exe	85
PID 4252 wrote to memory of 4148	4252	OInstall.exe	85
PID 4252 wrote to memory of 4148	4252	OInstall.exe	85
PID 4252 wrote to memory of 1632	4252	OInstall.exe	86
PID 4252 wrote to memory of 1632	4252	OInstall.exe	86
PID 4252 wrote to memory of 1632	4252	OInstall.exe	86
PID 4148 wrote to memory of 3408	4148	OInstall.exe	87
PID 4148 wrote to memory of 3408	4148	OInstall.exe	87
PID 4148 wrote to memory of 3408	4148	OInstall.exe	87
PID 4148 wrote to memory of 396	4148	OInstall.exe	88
PID 4148 wrote to memory of 396	4148	OInstall.exe	88
PID 4148 wrote to memory of 396	4148	OInstall.exe	88
PID 3408 wrote to memory of 3208	3408	OInstall.exe	89
PID 3408 wrote to memory of 3208	3408	OInstall.exe	89
PID 3408 wrote to memory of 3208	3408	OInstall.exe	89
PID 3408 wrote to memory of 2244	3408	OInstall.exe	90
PID 3408 wrote to memory of 2244	3408	OInstall.exe	90
PID 3408 wrote to memory of 2244	3408	OInstall.exe	90
PID 3208 wrote to memory of 4440	3208	RegAsm.exe	178
PID 3208 wrote to memory of 4440	3208	RegAsm.exe	178
PID 3208 wrote to memory of 4440	3208	RegAsm.exe	178
PID 3208 wrote to memory of 3912	3208	RegAsm.exe	156
PID 3208 wrote to memory of 3912	3208	RegAsm.exe	156
PID 3208 wrote to memory of 3912	3208	RegAsm.exe	156
PID 4440 wrote to memory of 2968	4440	RegAsm.exe	197
PID 4440 wrote to memory of 2968	4440	RegAsm.exe	197
PID 4440 wrote to memory of 2968	4440	RegAsm.exe	197
PID 4440 wrote to memory of 2820	4440	RegAsm.exe	160
PID 4440 wrote to memory of 2820	4440	RegAsm.exe	160
PID 4440 wrote to memory of 2820	4440	RegAsm.exe	160
PID 2968 wrote to memory of 3136	2968	RegAsm.exe	95
PID 2968 wrote to memory of 3136	2968	RegAsm.exe	95
PID 2968 wrote to memory of 3136	2968	RegAsm.exe	95
PID 2968 wrote to memory of 3840	2968	RegAsm.exe	96

C:\Users\Admin\AppData\Local\Temp\OInstall.exe
"C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Users\Admin\AppData\Local\Temp\OInstall.exe
  "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1200
- - C:\Users\Admin\AppData\Local\Temp\OInstall.exe
    "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\OInstall.exe
      "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
      4⤵
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        5⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        6⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        7⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        8⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        11⤵
        
        PID:2820
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        12⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        11⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        12⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:3336
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        14⤵
        
        PID:2324
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        14⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        13⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        14⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:3904
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        16⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        15⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:5028
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        17⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 568
        18⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Program crash
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        16⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:1848
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        18⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        17⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        18⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:1496
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        20⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        19⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        20⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        21⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:5008
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        23⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        22⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        23⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:2288
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        25⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        24⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        25⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:5080
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        26⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        25⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        26⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:1056
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        28⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        27⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        28⤵
        Executes dropped EXE
        
        PID:2820
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        29⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        28⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        29⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:4816
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        30⤵
        
        PID:1108
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        30⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        29⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:1200
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        31⤵
        
        PID:4252
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        31⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        30⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:2120
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        32⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        31⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:4352
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        33⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        32⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        33⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        34⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:3532
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        35⤵
        
        PID:5112
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        35⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        34⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        35⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        36⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        37⤵
        
        PID:96
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        38⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:3524
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        39⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        38⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        39⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:4164
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        40⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        39⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        40⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        41⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:2572
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        42⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        41⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        42⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        43⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        44⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        45⤵
        
        PID:68
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        46⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        47⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        48⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        49⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        50⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        51⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        52⤵
        
        PID:204
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        53⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        54⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        55⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        56⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        57⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        58⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        59⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        60⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        61⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        62⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        63⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        64⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        65⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        66⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        67⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        68⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        69⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        70⤵
        
        PID:204
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        71⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        72⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        73⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        74⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        75⤵
        
        PID:68
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        76⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        77⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        78⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        79⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        80⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        81⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        82⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        83⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        84⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        85⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        86⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        87⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        88⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        89⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        90⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        91⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        92⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        93⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        94⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        95⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        96⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        97⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        98⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        99⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        100⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        101⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        102⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        103⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        104⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        105⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        106⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        107⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        108⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        109⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        110⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        111⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        112⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        113⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        114⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        115⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        116⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        117⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        118⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        119⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        120⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        121⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        122⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        123⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        124⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        125⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        126⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        127⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        128⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        129⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        130⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        131⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        132⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        133⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        134⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        135⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        136⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        137⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        138⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        139⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        140⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        141⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        142⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        143⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        144⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        145⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        146⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        147⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        148⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        149⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        150⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        151⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        152⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        153⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        154⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        155⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        156⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        157⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        158⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        159⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        160⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        161⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        162⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        163⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        164⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        165⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        166⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        167⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        168⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        169⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        170⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        171⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        172⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        173⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        174⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        175⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        176⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        177⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        178⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        179⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        180⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        181⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        182⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        183⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        184⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        185⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        186⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        187⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        188⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        189⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        190⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        191⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        192⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        193⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        194⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        195⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        196⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        197⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        198⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        199⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        200⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        201⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        202⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        203⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        204⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        205⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        206⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        207⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        208⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        209⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        210⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        211⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        212⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        213⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        214⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        215⤵
        
        PID:164
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        216⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        217⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        218⤵
        
        PID:500
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        219⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        220⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        221⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        222⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        223⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        224⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        225⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        226⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        227⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        228⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        229⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        230⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        231⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        232⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        233⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        234⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        235⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        236⤵
        
        PID:196
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        237⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        238⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        239⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        240⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        241⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        242⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        243⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        244⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        245⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        246⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        247⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        248⤵
        
        PID:196
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        249⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        250⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        251⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        252⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        253⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        254⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        255⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        256⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        257⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        258⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        259⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\OInstall.exe
        
        "C:\Users\Admin\AppData\Local\Temp\OInstall.exe"
        260⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        260⤵
        Checks BIOS information in registry
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        259⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        258⤵
        Enumerates system info in registry
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        257⤵
        Enumerates system info in registry
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        256⤵
        Checks BIOS information in registry
        Enumerates system info in registry
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        255⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        254⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        253⤵
        Checks BIOS information in registry
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        252⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        251⤵
        Checks BIOS information in registry
        Enumerates system info in registry
        
        PID:2436
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        252⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        250⤵
        
        PID:704
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        251⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        249⤵
        
        PID:1780
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        250⤵
        
        PID:680
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        250⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        248⤵
        Enumerates system info in registry
        
        PID:4404
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        249⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        247⤵
        
        PID:876
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        248⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        246⤵
        
        PID:400
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        247⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        245⤵
        Enumerates system info in registry
        
        PID:3280
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        246⤵
        
        PID:1200
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        246⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        244⤵
        
        PID:1460
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        245⤵
        
        PID:508
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        243⤵
        Enumerates system info in registry
        
        PID:1984
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        244⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        242⤵
        
        PID:372
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        243⤵
        
        PID:2060
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        243⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        241⤵
        
        PID:5028
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        242⤵
        
        PID:4568
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        242⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        240⤵
        
        PID:2364
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        241⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        239⤵
        Checks BIOS information in registry
        
        PID:596
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        240⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        238⤵
        
        PID:5112
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        239⤵
        
        PID:5040
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        239⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        237⤵
        Enumerates system info in registry
        
        PID:3336
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        238⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        236⤵
        
        PID:1668
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        237⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        235⤵
        
        PID:644
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        236⤵
        
        PID:4424
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        236⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        234⤵
        
        PID:1384
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        235⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        233⤵
        Checks BIOS information in registry
        
        PID:5068
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        234⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        232⤵
        
        PID:2136
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        233⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        231⤵
        
        PID:3864
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        232⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        230⤵
        
        PID:396
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        231⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        229⤵
        Enumerates system info in registry
        
        PID:1728
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        230⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        228⤵
        
        PID:4788
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        229⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        227⤵
        Checks BIOS information in registry
        Enumerates system info in registry
        
        PID:3236
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        228⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        226⤵
        
        PID:4372
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        227⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        225⤵
        
        PID:400
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        226⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        224⤵
        
        PID:4116
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        225⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        223⤵
        Checks BIOS information in registry
        Enumerates system info in registry
        
        PID:4244
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        224⤵
        
        PID:3544
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        224⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        222⤵
        Checks BIOS information in registry
        
        PID:4532
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        223⤵
        
        PID:2248
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        223⤵
        
        PID:2156
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        223⤵
        
        PID:3452
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        223⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        221⤵
        
        PID:3124
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        222⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        220⤵
        
        PID:4872
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        221⤵
        
        PID:1596
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        221⤵
        
        PID:2532
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        221⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        219⤵
        Checks BIOS information in registry
        
        PID:3208
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        220⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        218⤵
        
        PID:3588
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        219⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        217⤵
        
        PID:2388
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        218⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        216⤵
        
        PID:4420
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        217⤵
        
        PID:2096
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        217⤵
        
        PID:2868
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        217⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        215⤵
        Checks BIOS information in registry
        
        PID:4176
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        216⤵
        
        PID:1060
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        216⤵
        
        PID:4752
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        216⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        214⤵
        Checks BIOS information in registry
        
        PID:4608
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        215⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        213⤵
        
        PID:1080
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        214⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        212⤵
        Checks BIOS information in registry
        
        PID:4384
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        213⤵
        
        PID:1604
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        213⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        211⤵
        
        PID:2596
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        212⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        210⤵
        Enumerates system info in registry
        
        PID:1936
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        211⤵
        
        PID:4784
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        211⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        209⤵
        
        PID:3580
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        210⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        208⤵
        Checks BIOS information in registry
        
        PID:4336
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        209⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        207⤵
        
        PID:2356
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        208⤵
        
        PID:1784
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        208⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        206⤵
        
        PID:1308
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        207⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        205⤵
        
        PID:5092
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        206⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        204⤵
        
        PID:4032
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        205⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        203⤵
        Checks BIOS information in registry
        
        PID:4452
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        204⤵
        
        PID:3028
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        204⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        202⤵
        
        PID:1792
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        203⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        201⤵
        
        PID:2136
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        202⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        200⤵
        
        PID:2232
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        201⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        199⤵
        Enumerates system info in registry
        
        PID:3540
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        200⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        198⤵
        
        PID:4664
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        199⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        197⤵
        
        PID:744
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        198⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        196⤵
        
        PID:4680
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        197⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        195⤵
        Checks BIOS information in registry
        
        PID:1432
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        196⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        194⤵
        Checks BIOS information in registry
        Enumerates system info in registry
        
        PID:676
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        195⤵
        
        PID:2804
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        195⤵
        
        PID:4752
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        195⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        193⤵
        
        PID:1044
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        194⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        192⤵
        
        PID:2168
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        193⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        191⤵
        Checks BIOS information in registry
        
        PID:4540
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        192⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        190⤵
        
        PID:1984
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        191⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        189⤵
        
        PID:4784
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        190⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        188⤵
        
        PID:3552
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        189⤵
        
        PID:200
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        187⤵
        Checks BIOS information in registry
        
        PID:4328
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        188⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        186⤵
        
        PID:2388
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        187⤵
        
        PID:4368
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        187⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        185⤵
        
        PID:4780
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        186⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        184⤵
        Enumerates system info in registry
        
        PID:4632
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        185⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        183⤵
        
        PID:1220
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        184⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        182⤵
        Enumerates system info in registry
        
        PID:4136
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        183⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        181⤵
        
        PID:1384
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        182⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        180⤵
        
        PID:1444
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        181⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        179⤵
        Enumerates system info in registry
        
        PID:3172
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        180⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        178⤵
        
        PID:3900
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        179⤵
        
        PID:4872
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        179⤵
        
        PID:2364
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        179⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        177⤵
        
        PID:3208
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        178⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        176⤵
        Enumerates system info in registry
        
        PID:240
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        177⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        175⤵
        Checks BIOS information in registry
        
        PID:2324
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        176⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        174⤵
        
        PID:3200
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        175⤵
        
        PID:3184
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        175⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        173⤵
        Checks BIOS information in registry
        
        PID:196
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        174⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        172⤵
        Checks BIOS information in registry
        
        PID:4828
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        173⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        171⤵
        
        PID:3916
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        172⤵
        
        PID:4176
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        172⤵
        
        PID:4424
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        172⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        170⤵
        
        PID:1604
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        171⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        169⤵
        
        PID:1540
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        170⤵
        
        PID:4636
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        170⤵
        
        PID:1376
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        170⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        168⤵
        
        PID:4872
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        169⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        167⤵
        
        PID:3356
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        168⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        166⤵
        Enumerates system info in registry
        
        PID:2516
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        167⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        165⤵
        Checks BIOS information in registry
        
        PID:1784
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        166⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        164⤵
        Enumerates system info in registry
        
        PID:3220
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        165⤵
        
        PID:4160
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        165⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        163⤵
        
        PID:3896
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        164⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        162⤵
        Checks BIOS information in registry
        
        PID:2604
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        163⤵
        
        PID:2168
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        163⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        161⤵
        
        PID:3860
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        162⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        160⤵
        
        PID:4108
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        161⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        159⤵
        Enumerates system info in registry
        
        PID:4784
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        160⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        158⤵
        Checks BIOS information in registry
        
        PID:3044
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        159⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        157⤵
        
        PID:4832
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        158⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        156⤵
        Enumerates system info in registry
        
        PID:4240
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        157⤵
        
        PID:744
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        157⤵
        
        PID:924
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        157⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        155⤵
        Enumerates system info in registry
        
        PID:4724
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        156⤵
        
        PID:3532
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        156⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        154⤵
        Enumerates system info in registry
        
        PID:2356
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        155⤵
        
        PID:3524
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        155⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        153⤵
        Checks BIOS information in registry
        Enumerates system info in registry
        
        PID:4264
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        154⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        152⤵
        
        PID:5084
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        153⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        151⤵
        
        PID:1848
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        152⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        150⤵
        Enumerates system info in registry
        
        PID:4400
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        151⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        149⤵
        
        PID:3172
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        150⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        148⤵
        
        PID:2124
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        149⤵
        
        PID:2360
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        149⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        147⤵
        
        PID:2340
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        148⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        146⤵
        
        PID:1456
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        147⤵
        
        PID:3208
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        147⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        145⤵
        Checks BIOS information in registry
        
        PID:4352
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        146⤵
        
        PID:808
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        146⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        144⤵
        Checks BIOS information in registry
        
        PID:1192
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        145⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        143⤵
        Checks BIOS information in registry
        
        PID:4580
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        144⤵
        
        PID:3904
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        144⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        142⤵
        
        PID:1016
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        143⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        141⤵
        
        PID:1460
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        142⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        140⤵
        Checks BIOS information in registry
        
        PID:1384
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        141⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        139⤵
        Checks BIOS information in registry
        
        PID:4164
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        140⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        138⤵
        Checks BIOS information in registry
        
        PID:352
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        139⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        137⤵
        
        PID:3452
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        138⤵
        
        PID:3592
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        138⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        136⤵
        Checks BIOS information in registry
        
        PID:3876
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        137⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        135⤵
        
        PID:1328
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        136⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        134⤵
        Enumerates system info in registry
        
        PID:2868
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        135⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        133⤵
        
        PID:4168
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        134⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        132⤵
        
        PID:1200
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        133⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        131⤵
        
        PID:4252
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        132⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        130⤵
        Checks BIOS information in registry
        Enumerates system info in registry
        
        PID:2248
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        131⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        129⤵
        
        PID:5068
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        130⤵
        
        PID:4204
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        130⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        128⤵
        
        PID:1540
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        129⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        127⤵
        Checks BIOS information in registry
        
        PID:68
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        128⤵
        
        PID:712
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        128⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        126⤵
        
        PID:1040
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        127⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        125⤵
        
        PID:592
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        126⤵
        
        PID:4780
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        126⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        124⤵
        
        PID:424
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        125⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        123⤵
        
        PID:3184
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        124⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        122⤵
        
        PID:3372
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        123⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        121⤵
        Enumerates system info in registry
        
        PID:2604
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        122⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        120⤵
        Checks BIOS information in registry
        
        PID:4560
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        121⤵
        
        PID:4540
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        121⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        119⤵
        
        PID:1096
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        120⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        118⤵
        
        PID:1664
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        119⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        117⤵
        
        PID:712
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        118⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        116⤵
        
        PID:1804
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        117⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        115⤵
        
        PID:5040
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        116⤵
        
        PID:1488
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        116⤵
        
        PID:1052
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        116⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        114⤵
        Checks BIOS information in registry
        
        PID:2808
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        115⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        113⤵
        
        PID:4580
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        114⤵
        
        PID:992
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        114⤵
        
        PID:212
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        114⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        112⤵
        
        PID:4220
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        113⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        111⤵
        
        PID:3916
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        112⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        110⤵
        
        PID:2248
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        111⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        109⤵
        
        PID:1604
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        110⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        108⤵
        Enumerates system info in registry
        
        PID:1636
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        109⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        107⤵
        Enumerates system info in registry
        
        PID:4872
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        108⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        106⤵
        Checks BIOS information in registry
        
        PID:4804
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        107⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        105⤵
        
        PID:3468
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        106⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        104⤵
        Checks BIOS information in registry
        
        PID:3372
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        105⤵
        
        PID:3888
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        105⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        103⤵
        
        PID:5084
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        104⤵
        
        PID:3708
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        104⤵
        
        PID:4660
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        104⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        102⤵
        
        PID:5080
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        103⤵
        
        PID:1256
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        103⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        101⤵
        
        PID:2060
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        102⤵
        
        PID:4076
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        102⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        100⤵
        Checks BIOS information in registry
        
        PID:2364
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        101⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        99⤵
        
        PID:712
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        100⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        98⤵
        
        PID:808
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        99⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        97⤵
        Enumerates system info in registry
        
        PID:5008
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        98⤵
        
        PID:872
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        98⤵
        
        PID:992
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        98⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        96⤵
        
        PID:4252
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        97⤵
        
        PID:4768
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        97⤵
        
        PID:3028
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        97⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        95⤵
        
        PID:4540
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        96⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        94⤵
        
        PID:2232
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        95⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        93⤵
        Checks BIOS information in registry
        
        PID:3164
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        94⤵
        
        PID:1096
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        94⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        92⤵
        
        PID:3560
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        93⤵
        
        PID:4036
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        93⤵
        
        PID:2368
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        93⤵
        
        PID:3684
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        93⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        91⤵
        
        PID:4572
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        92⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        90⤵
        Enumerates system info in registry
        
        PID:164
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        91⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        89⤵
        
        PID:420
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        90⤵
        
        PID:992
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        90⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        88⤵
        Enumerates system info in registry
        
        PID:2176
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        89⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        87⤵
        
        PID:1220
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        88⤵
        
        PID:4664
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        88⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        86⤵
        
        PID:740
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        87⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        85⤵
        Enumerates system info in registry
        
        PID:1160
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        86⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        84⤵
        
        PID:352
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        85⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        83⤵
        Checks BIOS information in registry
        
        PID:1788
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        84⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        82⤵
        
        PID:4780
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        83⤵
        
        PID:4448
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        83⤵
        
        PID:2288
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        83⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        81⤵
        Checks BIOS information in registry
        
        PID:5040
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        82⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        80⤵
        
        PID:4752
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        81⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        79⤵
        
        PID:1044
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        80⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        78⤵
        Enumerates system info in registry
        
        PID:3252
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        79⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        77⤵
        Checks BIOS information in registry
        
        PID:2820
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        78⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        76⤵
        Checks BIOS information in registry
        
        PID:4644
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        77⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        75⤵
        
        PID:4164
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        76⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        74⤵
        
        PID:2060
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        75⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        73⤵
        
        PID:212
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        74⤵
        
        PID:1376
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        74⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        72⤵
        
        PID:3728
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        73⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        71⤵
        
        PID:3892
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        72⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        70⤵
        
        PID:5100
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        71⤵
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        69⤵
        Enumerates system info in registry
        
        PID:2776
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        70⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        68⤵
        Checks BIOS information in registry
        
        PID:1844
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        69⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        67⤵
        
        PID:4312
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        68⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        66⤵
        Enumerates system info in registry
        
        PID:1224
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        67⤵
        
        PID:524
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        67⤵
        
        PID:1920
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        67⤵
        
        PID:2572
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        67⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        65⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        
        PID:4168
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        66⤵
        
        PID:2072
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        66⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        64⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4084
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        65⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        63⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4212
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        64⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        62⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1020
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        63⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        61⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        
        PID:1852
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        62⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        60⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        
        PID:1508
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        61⤵
        
        PID:5088
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        61⤵
        
        PID:4340
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        61⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        59⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        
        PID:1632
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        60⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        58⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4132
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        59⤵
        
        PID:1108
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        59⤵
        
        PID:2156
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        59⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        57⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:5112
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        58⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        56⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4040
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        57⤵
        
        PID:2304
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        57⤵
        
        PID:4160
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        57⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        55⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        
        PID:2152
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        56⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        54⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:712
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        55⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        53⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4140
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        54⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        52⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:2148
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        53⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        51⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:1192
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        52⤵
        
        PID:5080
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        52⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        50⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:4992
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        51⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        49⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:2868
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        50⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        48⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:4660
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        49⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        47⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:4400
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        48⤵
        
        PID:3220
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        48⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        46⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:4608
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        47⤵
        
        PID:4988
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        47⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        45⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:4132
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        46⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        44⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:3836
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        45⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        43⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:1328
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        44⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        42⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:204
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        43⤵
        
        PID:4032
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        43⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        40⤵
        
        PID:4608
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        41⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        37⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:5068
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        38⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        36⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:1460
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        37⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        35⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:2248
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        36⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        33⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:2040
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        34⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        26⤵
        
        PID:2548
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        27⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        21⤵
        
        PID:3524
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        22⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        20⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:4664
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        19⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        14⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:4564
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        15⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 576
        16⤵
        Program crash
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:3840
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        13⤵
        
        PID:1348
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        13⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        10⤵
        
        PID:3912
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        11⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 572
        12⤵
        Program crash
        
        PID:1788
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        11⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:2244
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        10⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        8⤵
        Checks BIOS information in registry
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Enumerates system info in registry
        Suspicious behavior: MapViewOfSection
        
        PID:396
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        9⤵
        
        PID:200
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        9⤵
        
        PID:2996
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        9⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:1632
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        8⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        6⤵
        Executes dropped EXE
        Enumerates system info in registry
        
        PID:2120
        
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        7⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\install.exe
        
        "C:\Users\Admin\AppData\Local\Temp\install.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        
        PID:4220
      - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        6⤵
        
        PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\install.exe
      "C:\Users\Admin\AppData\Local\Temp\install.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious behavior: MapViewOfSection
      PID:916
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        5⤵
        
        PID:2868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 576
        6⤵
        Program crash
        
        PID:3572
    - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
        
        "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
        5⤵
        
        PID:872
- - C:\Users\Admin\AppData\Local\Temp\install.exe
    "C:\Users\Admin\AppData\Local\Temp\install.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious behavior: MapViewOfSection
    PID:4012
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
      "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
      4⤵
      PID:2560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 576
        5⤵
        Program crash
        
        PID:1312
- C:\Users\Admin\AppData\Local\Temp\install.exe
  "C:\Users\Admin\AppData\Local\Temp\install.exe"
  2⤵
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: MapViewOfSection
  PID:3648
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
    "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
    3⤵
    PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 204
1⤵
- Program crash
PID:4380

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
1⤵
PID:220

C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\RegAsm.exe"
1⤵
PID:3532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\install.exe.log

Filesize
520B

MD5
18022b7cd1603ece10baa97556fb4d19

SHA1
d734b6bb96cdbd696afbf3a15878042fd16888b1

SHA256
9da3c2a21ed80d0bf5ded8e0671bbe26945de77fdee90c546f209e29cfff81ae

SHA512
a06a8e201743603b648c012dfbeea10167ba8be4a1dc14640aaf5cdc8c4ddced548b2843a5122da2ee2fbbc6f2fac0c19289b22a714a9c9faef95097c5e69db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
227KB

MD5
7b5810e75ef7c9c6cd0e3e923b86285e

SHA1
83a3bba7fe24a9094d0580a2873a13ece2293b1d

SHA256
9e83e65207e26be20148401a7e2f84b813cba00d6761ab6a72a70d939c8c207b

SHA512
12728c352773c5f61ac5356122013ee0f444772580deb33249493fc35b46fe7b1fb786862a22823d85202e67e70b6ed138cefff1ea6f3f5af98fb980ce5e9b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
275KB

MD5
8abcc6b8c3daa5974408fe790842ae76

SHA1
661d8ef4cc07d691167864d299144aedf023492d

SHA256
6ce2aa751e630cdbad6502f7c1e6bdb9f6fc4b10ba964662acb8c34c135b144f

SHA512
ad2107e38d6e4c5aa8cb7b02cfb471e0c5729083032acf93c2f9c05b99ae4a9a6490bca620c9b6f3c2ea824bf5556af05b7c43473e1f4bc451655882bd09b61c

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
214KB

MD5
325126dc86019713c586a0adb6f3f54d

SHA1
93724344d012dbd0965680c1632dbe0421246fae

SHA256
90b75dcfa57b1ee20b8217843683a9b97247fcdc610530b86f0bffc65afd27c9

SHA512
d2dea992bf5f341648f5ef97f45a0dc42925cdb6304e14e51f430600495b9a47f7c293f8715404a7fb44381dbd782c348a122abb701560fb7abef9a195f2cde7

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
277KB

MD5
3143bb8d37fa9e7ee47344485986fe8a

SHA1
289ffc01e68bc7930b0e8195a09c6b0dc22f8c3b

SHA256
5b8a2e6a4798016d09bbc3f623bfc131adbea1b7db5bef2ec5378a99d0fc1d76

SHA512
a5998dbc06c05f6d356f39eceee7793ef4c125a3117a040121aed141273b892077d3be4a17231c3c770cc70d7aa471cebe2e8b7df4c1a8ab7276511fc26a85f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
180KB

MD5
4e80d9798bc7640fa938d9cb1ec465ff

SHA1
2f60bce107fdc8c8667a3a928e3628d5a0d3b946

SHA256
fdc4d09e082247ed42f7741bea7a8e4e8d00aa34fcfc2c9ce369c504c29f0091

SHA512
732acf96f94c343ede051ab475f162df0ecddfcea5d3da9c2ef5f28894eb4768d56c423c0519d4a91687cefbcdc1fc6d0fafd81d4861529caea73c38ae08c22a

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
181KB

MD5
65d2722b8e865af4a26cafb6d828daff

SHA1
864a195fe4cba1e3aac02afa853e71d5180d8c5f

SHA256
5633ee0c73e21104a6d64ed5bded206b0a85acbc84f336d78ceca7be3110c9b6

SHA512
18220440862681d790df63bb3ca4c8a4a0b9a5c0a24af07c9e593a955864493ce16e3b275b2d7ad64f43cc65de1bd5234fd713cc642046f3aeef2e6d217da958

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
157KB

MD5
4bda8b4856c8a546141af5f6dd33111c

SHA1
580ebdb6f7fdad69e2b1e206683b722037639d24

SHA256
e1ac04c6f106b485549d8413c58701c64dfe780d5c61d34671456032a90354ef

SHA512
dd6c0a58f17d9984404ca517569fded3296d79a54d98878a2c77c698cafbdafc76f5b3eff6f440f21164f65958ea095c37c1cdef85610a21f987aa224b469c08

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
252KB

MD5
e76d09c9e76737df2a2f819bd5c14c06

SHA1
f0e6d871ce9adf46ac0ebefec89b37d19014c2cc

SHA256
6990acda038958456b99bfaa0d56b06b162aae87790476e4b0a0957821192ca2

SHA512
49622ca56bede73c7ae1dfb399aeb09332be6c323db810149b3e130febe9f4116667568a87788e137dce77e033116da8426e1a4d3495e652252230bad670fd1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
27KB

MD5
a3beeae4ba56a3bf53f6eeef0cf72641

SHA1
726fd523d89dec0bda9ffd98d1a87a3af79dd998

SHA256
26dcfc221bb483a044f80caff2bea6f7b64c7108844181047b3f224bc8e08591

SHA512
6d20c9e65b1e45f1c6184097ae5ad66d3644a2e141dda3c91af01c0c4ba7bf2d2fc84a651a078d58b56e4164761722412fc0324dd037ff58d00b3a8c89cf3e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
156KB

MD5
f500b34ed11a94b6ebe36a22fe50f406

SHA1
c1706c5a53f91b9d53c4a615ab1574cc38a7b612

SHA256
42eeb520e5f0649cc46ac85a3b340dcd587762fc78408be39e58a29342b75e5b

SHA512
586ff892525122adc4483bf0b4362e6b83ce151c9a9969e208245863160e050446d84badd921e1d5c360dc125e6e39c9cfd7346a06f06dc57b6cd498f92be192

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
149KB

MD5
e03b45b3c59f5cd9cfba4c7f95ce00fd

SHA1
c7bfc5829c2d7b20c4388a0d1c6ac19fac5079fb

SHA256
dd50833f5b50fd135fc6e280264e8c1f17a860db35d10c74d7f684bdd0300990

SHA512
b65ea95a725901f8e5a5304aa5ea0d0c673ad8e3ca792efd4bf7e19e23f3e2e7e31d92556a8fcf530ec83e68f1f3b85f4f1a3675cac5c529ddf4bece7d5cf471

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
304KB

MD5
6037361243f8c390326debbea5b85ac2

SHA1
654fca850890949bbbd41a7e4c481ab89e10839a

SHA256
b8cc287a79c750e6deb6452c0c22e00972eee2790b4ab2c9f73180e21bc1cea5

SHA512
434dda1e5ed77bc436208ba252c0d32dbc47a4aefbc3536558f35a99b776ca4a7ea2c9b602913a1193945b834e990827885afddf779c5aaaddb3ea81c6fb1929

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
9KB

MD5
24488dbbcf84101c46998ef9e08cb011

SHA1
0189b704293b6aff6c9e2ab186b3a7d2c9f5d129

SHA256
ec92141d0b07fb8690d8b9054a7f696197cd852474c739f11bfbb7ddf3d0f259

SHA512
ab43038a842bb19bc3a5af1eb7ef609e69bb74acd52e4070af4d7fae153e6a081b81f9ce37de024f99a48a4057c2eb7663af3e9ffe5f51fea790c464ca6f26e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
194KB

MD5
c8696bbaac1ec2358b909a4c7f5149c1

SHA1
a9dff809763aad929fe609ab0ea97e78dff3b2ff

SHA256
0ce884673854e058603b2dbd89e3ffff1568cf02b3a43ea3fcecebba281105b7

SHA512
75ba47aa158c6439191a9998ff22e49dba89add70072356efa325d365805b33717e53cdac56d010122117442f2fc745b309de00d73ca756cc720e12d7495f1f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
13KB

MD5
6b8f96eb4a2238f527a34178c5c7fcf1

SHA1
aafd2b9642064129ff37a5e97c1fd15303d7ebc7

SHA256
a307ed015c435996cd47bb1709d0b5e0938b154a86953bb2c7130b4eabbecba3

SHA512
6070de58b1caf0b1c3e11fd288d31846220277873478ca6b19abebd04367347ff2b92000fe2346ca06b2065620ea4cafce63cfacafabb0539a68a465d83a6553

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
228KB

MD5
91ea5d93fe30d745a6e5f2027d659cdd

SHA1
d377458dd0c65971b69098c1cf8db950900a9bb7

SHA256
e94502c5b37f23702e1d5b934851181e5eae3cf15c96fa76c6de946a0a1e878f

SHA512
a396428bd2f5a42fe21133e15e01d132c4a37aff8c50a1283d098299f26c1278d93a6f54d040b76a72b92af74f48bdb3b35392f62713e45a03df474b3d272ef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\install.exe

Filesize
268KB

MD5
ecc82c5aefb6fc4350f464e897c6d8ba

SHA1
9ac5a10cf4a03ac4dd4bbc3dd25f76ebd78ef8ad

SHA256
19eabc3278f9b1040c837ce0059b77a9cf35c8348606ec26f7c2cd4b7ae12776

SHA512
fb5c92aa532f9033b7ab33afbcba339a89b157d7250854b6022a0308106202f7355336c40b3a0d1cc92989eb7bb72a659d62a058d9af42563eebee8b6e21a073

Download Submit
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

Filesize
232KB

MD5
235e16acb18a85224df7cc24f0543e97

SHA1
60b10fc1e1bffe9d10d227398605d43d03daf674

SHA256
4603cfa580ce6c8e62e6cdf57e4e75fb2d40cecefb8268afa0e89691a2145c70

SHA512
26ac9f5eff33ba94789aae979be2bb76367fa66c33769201e460bfdd08f6ee3a9300d74b24211582ee6496ae32a33ecdcff3214dc760c8ac82feaf589ad98696

Download Submit
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

Filesize
89KB

MD5
4f3f225f9bc0cdff01050afd85c774cc

SHA1
4843721e0b5798fe89b19bd03b352bf1f2d6171c

SHA256
8830843301fc5c2b34c23054945a212f9e133911f86492a8f8cb77922d98df9a

SHA512
7b4e9ba8e4290b0f1bb4914df9356378c13bb4a8534d6952b8ba9df965e15882799ff2ffdb54b4b7cf6e0bd36b75611fc6cef8d58ba6c367e45229edd85cdceb

Download Submit
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

Filesize
56KB

MD5
def01ec207b405be66a1b773dec67f99

SHA1
dc286feb26a9634ce44e2de31687b86d4dfb6b3f

SHA256
835410cd6c0dac887be0ce8cc58816e2c2a797afcccaf4d3b2092e6f6dd24068

SHA512
07f8b936fb7682ba89326fc500961c90c78961b469a635dcf4fec676a878f0e629b848191e57b060ea70277a46d1273d5c9fe2e8e8904e5ef561d0cf2e81008f

Download Submit
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

Filesize
5KB

MD5
cad38e75f24eec41ea8da20b23c0eec3

SHA1
a97b779efb6746eebce4bc60b060e8710e4a4f6f

SHA256
816c9c76fee8af7d8d3db82235bb9b3cdd2e2835b3c8ad44f9b830cf8c34da5f

SHA512
233067e4352a53db0e33903da262cda013e91b6d0b4379d5168cf4cf8bd4435aa68d75a7f5a5a993f456d9eddb5b7c1f17efc765c4ce25a2d10e70d6b3ebf17f

Download Submit
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

Filesize
1KB

MD5
864ab50a239815fadf9579d09aaf5416

SHA1
772f31fa6a148d65899243ab29e50dc0ff383067

SHA256
348cf8275c35dd91c84ba81dec9b4abd0a064a89ebb7a9e27310a930fea5cb4c

SHA512
9f699aefe56554f0ddac0ffb29840a8361aaaf5464c1fd085042d1a76f95be230e10d53bdcdfe84044153f8c9c03c89f5a20d407be4055b36081eb179245b873

Download Submit
C:\Users\Admin\AppData\Roaming\apppatch\mtstocom.exe

Filesize
160KB

MD5
df67f1ff9e2157d9dcd5af44b09de864

SHA1
32042af7b24b8033a7d83852401457e8b6b50fc9

SHA256
71d2a8ec7ea5157f47c14d857d0bb6f9db0750a28ec25a915790ddf16904a8fa

SHA512
8c351302b7aad06cf71713ef62f5921bec197b3a04c1bcb4198bd8584e4ea70227fe8b46f74a1138bd4cfccc9eb654a4f65213c5da8db4bc45c29bccec9c8f90

Download Submit
memory/396-28-0x0000000004960000-0x0000000004970000-memory.dmp

Filesize
64KB

Download
memory/396-74-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/396-75-0x0000000004960000-0x0000000004970000-memory.dmp

Filesize
64KB

Download
memory/396-27-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/916-89-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/916-43-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/916-44-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/916-16-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/916-15-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/1632-25-0x0000000001640000-0x0000000001650000-memory.dmp

Filesize
64KB

Download
memory/1632-24-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/1632-64-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/1632-65-0x0000000001640000-0x0000000001650000-memory.dmp

Filesize
64KB

Download
memory/2120-54-0x00000000055E0000-0x00000000055F0000-memory.dmp

Filesize
64KB

Download
memory/2120-53-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/2120-21-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/2120-22-0x00000000055E0000-0x00000000055F0000-memory.dmp

Filesize
64KB

Download
memory/2244-86-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download
memory/2244-77-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/2244-30-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/2244-31-0x0000000004F10000-0x0000000004F20000-memory.dmp

Filesize
64KB

Download
memory/2820-99-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/2820-105-0x0000000004E20000-0x0000000004E30000-memory.dmp

Filesize
64KB

Download
memory/2820-40-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/2820-41-0x0000000004E20000-0x0000000004E30000-memory.dmp

Filesize
64KB

Download
memory/3336-51-0x0000000005500000-0x0000000005510000-memory.dmp

Filesize
64KB

Download
memory/3336-118-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/3336-50-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/3648-8-0x0000000001640000-0x0000000001668000-memory.dmp

Filesize
160KB

Download
memory/3648-33-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/3648-36-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/3648-58-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/3648-6-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/3648-9-0x00000000053E0000-0x00000000053FE000-memory.dmp

Filesize
120KB

Download
memory/3648-56-0x0000000005470000-0x0000000005473000-memory.dmp

Filesize
12KB

Download
memory/3648-7-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/3648-10-0x0000000005A50000-0x0000000005F4E000-memory.dmp

Filesize
5.0MB

Download
memory/3648-5-0x0000000000B90000-0x0000000000BE2000-memory.dmp

Filesize
328KB

Download
memory/3840-46-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/3840-47-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

Filesize
64KB

Download
memory/3840-115-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/3840-117-0x0000000004DD0000-0x0000000004DE0000-memory.dmp

Filesize
64KB

Download
memory/3904-102-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/3904-97-0x0000000004C60000-0x0000000004C70000-memory.dmp

Filesize
64KB

Download
memory/3904-96-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/3912-34-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/3912-35-0x00000000023D0000-0x00000000023E0000-memory.dmp

Filesize
64KB

Download
memory/3912-94-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/3912-98-0x00000000023D0000-0x00000000023E0000-memory.dmp

Filesize
64KB

Download
memory/4012-12-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/4012-13-0x00000000048C0000-0x00000000048D0000-memory.dmp

Filesize
64KB

Download
memory/4012-68-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/4012-38-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/4012-39-0x00000000048C0000-0x00000000048D0000-memory.dmp

Filesize
64KB

Download
memory/4220-109-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/4220-18-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/4220-19-0x00000000050C0000-0x00000000050D0000-memory.dmp

Filesize
64KB

Download
memory/4220-45-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/4220-49-0x00000000050C0000-0x00000000050D0000-memory.dmp

Filesize
64KB

Download
memory/4564-79-0x0000000005590000-0x00000000055A0000-memory.dmp

Filesize
64KB

Download
memory/4564-73-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/4564-81-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download
memory/4596-52-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4596-59-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4596-61-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5028-116-0x00000000030B0000-0x00000000030C0000-memory.dmp

Filesize
64KB

Download
memory/5028-114-0x0000000072F00000-0x00000000735EE000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads