asyncrat | ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7

Analysis

max time kernel
43s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-01-2025 03:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Size

405KB
MD5

c03047a965d5cc81d1500f5c622aa015
SHA1

146c251cc7e95cc077968adb2fa2f0609c2c2bbd
SHA256

ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7
SHA512

49f8e1ca0df995a0d34b7387240ec9f25b31c30d09b162c82320c86890fd872eb5897877376d2f192c83321e9ffd8848a90c93efdf92a817b428ada464c81bae
SSDEEP

6144:8FReki7IuH/8hYvKgT69KepKdAD47lUwscIFAhhGphFd39yoJDi/a2SealG:8FRil/ti3pKd17nsjJj1yoti/qeR

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6E

Botnet

Default

mendey.duckdns.org:2333

Mutex

nfabbudcyb

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 2804 set thread context of 2920	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	31
PID 2872 set thread context of 2580	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	34
PID 2560 set thread context of 2588	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	36
PID 3000 set thread context of 1412	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	38
PID 1236 set thread context of 1536	1236	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	40
PID 1632 set thread context of 664	1632	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	42
PID 1780 set thread context of 344	1780	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	44
PID 1148 set thread context of 2064	1148	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	46
PID 2740 set thread context of 1032	2740	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	48
PID 1884 set thread context of 2948	1884	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	50
PID 1256 set thread context of 2400	1256	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	52
PID 2344 set thread context of 1416	2344	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	54
PID 1216 set thread context of 1860	1216	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	56
PID 2512 set thread context of 2960	2512	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	103
PID 1916 set thread context of 2232	1916	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	60
PID 2124 set thread context of 1688	2124	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	62
PID 2080 set thread context of 2084	2080	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	65
PID 2968 set thread context of 1964	2968	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	150
PID 3040 set thread context of 2700	3040	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	69
PID 1560 set thread context of 2812	1560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	71
PID 2324 set thread context of 2632	2324	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	74
PID 2732 set thread context of 2872	2732	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	77
PID 2560 set thread context of 2600	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	79
PID 1544 set thread context of 1824	1544	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	81
PID 676 set thread context of 2328	676	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	204
PID 2588 set thread context of 1700	2588	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	85
PID 552 set thread context of 2760	552	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	87
PID 1148 set thread context of 2536	1148	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	90
PID 2068 set thread context of 1816	2068	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	92
PID 1468 set thread context of 764	1468	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	94
PID 2292 set thread context of 2240	2292	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	96
PID 1240 set thread context of 2948	1240	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	181
PID 1564 set thread context of 1696	1564	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	190
PID 2184 set thread context of 568	2184	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	102
PID 2960 set thread context of 1692	2960	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	104
PID 2088 set thread context of 2152	2088	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	107
PID 2708 set thread context of 2264	2708	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	109
PID 888 set thread context of 2688	888	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	111
PID 1592 set thread context of 2716	1592	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	113
PID 2556 set thread context of 2744	2556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	229
PID 2564 set thread context of 2332	2564	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	197
PID 2848 set thread context of 2604	2848	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	119
PID 1780 set thread context of 2764	1780	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	121
PID 676 set thread context of 1940	676	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	123
PID 2356 set thread context of 2784	2356	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	125
PID 2472 set thread context of 2244	2472	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	251
PID 1124 set thread context of 2104	1124	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	214
PID 1736 set thread context of 340	1736	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	179
PID 2524 set thread context of 1372	2524	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	218
PID 480 set thread context of 980	480	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	221
PID 1600 set thread context of 696	1600	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	378
PID 1788 set thread context of 2080	1788	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	401
PID 2304 set thread context of 2984	2304	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	291
PID 1804 set thread context of 2960	1804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	143
PID 2752 set thread context of 2912	2752	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	145
PID 1676 set thread context of 2224	1676	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	147
PID 2444 set thread context of 2324	2444	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	393
PID 1964 set thread context of 1588	1964	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	382
PID 2808 set thread context of 2196	2808	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	307
PID 2644 set thread context of 2564	2644	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	155
PID 1048 set thread context of 1176	1048	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	203
PID 1152 set thread context of 2360	1152	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	361
PID 1420 set thread context of 1728	1420	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	293
PID 1792 set thread context of 2696	1792	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	164

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe

Suspicious behavior: MapViewOfSection 64 IoCs

pid	Process
2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1236	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1632	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1780	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1148	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2740	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1884	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1256	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2344	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1216	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2512	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1916	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2124	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2080	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2080	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2968	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
3040	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2324	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2324	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2732	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2732	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1544	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
676	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2588	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
552	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1148	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1148	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2068	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1468	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2292	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1240	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1564	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2184	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2960	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2088	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2088	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2708	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
888	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1592	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2564	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2848	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1780	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
676	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2356	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2472	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1124	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1736	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2524	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
480	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1600	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1788	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2304	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2752	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1676	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2444	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1964	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1236	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1632	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1780	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1148	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2740	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1884	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1256	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2920	RegAsm.exe
Token: SeDebugPrivilege	2344	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1216	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2512	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1916	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2124	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2080	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2968	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	3040	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2324	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2732	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1544	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	676	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2588	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	552	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1148	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2068	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1468	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2292	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1240	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1564	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2184	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2960	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2088	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2708	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	888	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1592	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2564	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2848	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1780	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	676	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2356	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2472	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1124	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1736	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2524	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	480	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1600	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1788	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2304	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2752	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1676	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2444	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1964	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2808	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2644	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1048	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1152	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1420	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 2920	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	31
PID 2804 wrote to memory of 2920	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	31
PID 2804 wrote to memory of 2920	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	31
PID 2804 wrote to memory of 2920	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	31
PID 2804 wrote to memory of 2920	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	31
PID 2804 wrote to memory of 2920	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	31
PID 2804 wrote to memory of 2920	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	31
PID 2804 wrote to memory of 2920	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	31
PID 2804 wrote to memory of 2872	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	32
PID 2804 wrote to memory of 2872	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	32
PID 2804 wrote to memory of 2872	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	32
PID 2804 wrote to memory of 2872	2804	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	32
PID 2872 wrote to memory of 2744	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	33
PID 2872 wrote to memory of 2744	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	33
PID 2872 wrote to memory of 2744	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	33
PID 2872 wrote to memory of 2744	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	33
PID 2872 wrote to memory of 2744	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	33
PID 2872 wrote to memory of 2744	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	33
PID 2872 wrote to memory of 2744	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	33
PID 2872 wrote to memory of 2580	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	34
PID 2872 wrote to memory of 2580	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	34
PID 2872 wrote to memory of 2580	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	34
PID 2872 wrote to memory of 2580	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	34
PID 2872 wrote to memory of 2580	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	34
PID 2872 wrote to memory of 2580	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	34
PID 2872 wrote to memory of 2580	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	34
PID 2872 wrote to memory of 2580	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	34
PID 2872 wrote to memory of 2560	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	35
PID 2872 wrote to memory of 2560	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	35
PID 2872 wrote to memory of 2560	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	35
PID 2872 wrote to memory of 2560	2872	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	35
PID 2560 wrote to memory of 2588	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	36
PID 2560 wrote to memory of 2588	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	36
PID 2560 wrote to memory of 2588	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	36
PID 2560 wrote to memory of 2588	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	36
PID 2560 wrote to memory of 2588	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	36
PID 2560 wrote to memory of 2588	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	36
PID 2560 wrote to memory of 2588	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	36
PID 2560 wrote to memory of 2588	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	36
PID 2560 wrote to memory of 3000	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	37
PID 2560 wrote to memory of 3000	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	37
PID 2560 wrote to memory of 3000	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	37
PID 2560 wrote to memory of 3000	2560	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	37
PID 3000 wrote to memory of 1412	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	38
PID 3000 wrote to memory of 1412	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	38
PID 3000 wrote to memory of 1412	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	38
PID 3000 wrote to memory of 1412	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	38
PID 3000 wrote to memory of 1412	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	38
PID 3000 wrote to memory of 1412	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	38
PID 3000 wrote to memory of 1412	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	38
PID 3000 wrote to memory of 1412	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	38
PID 3000 wrote to memory of 1236	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	39
PID 3000 wrote to memory of 1236	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	39
PID 3000 wrote to memory of 1236	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	39
PID 3000 wrote to memory of 1236	3000	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	39
PID 1236 wrote to memory of 1536	1236	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	40
PID 1236 wrote to memory of 1536	1236	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	40
PID 1236 wrote to memory of 1536	1236	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	40
PID 1236 wrote to memory of 1536	1236	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	40
PID 1236 wrote to memory of 1536	1236	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	40
PID 1236 wrote to memory of 1536	1236	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	40
PID 1236 wrote to memory of 1536	1236	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	40
PID 1236 wrote to memory of 1536	1236	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	40
PID 1236 wrote to memory of 1632	1236	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	41

C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
"C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2920
- C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
  "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2872
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:2744
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:2580
- - C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
    "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
      "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
      4⤵
      Suspicious use of SetThreadContext
      Suspicious behavior: MapViewOfSection
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:3000
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        5⤵
        
        PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        5⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:1236
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        6⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1632
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        7⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        7⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        8⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        8⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1148
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        9⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2740
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        10⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1884
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        11⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1256
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        12⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        12⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2344
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        13⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        13⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1216
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        14⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        14⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2512
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        15⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        15⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1916
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        16⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2124
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        17⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        17⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2080
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        18⤵
        
        PID:1692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        18⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2968
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        19⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3040
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        20⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        21⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        21⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2324
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        22⤵
        
        PID:2620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        22⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        22⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2732
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        23⤵
        
        PID:2728
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        23⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        23⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        24⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        24⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1544
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        25⤵
        System Location Discovery: System Language Discovery
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        25⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:676
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        26⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        26⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2588
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        27⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        27⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:552
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        28⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        28⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1148
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        29⤵
        
        PID:1140
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        29⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        29⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2068
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        30⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        30⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1468
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        31⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        31⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2292
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        32⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        32⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1240
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        33⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        33⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1564
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        34⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        34⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2184
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        35⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        35⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2960
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        36⤵
        System Location Discovery: System Language Discovery
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        36⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2088
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        37⤵
        
        PID:2476
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        37⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        37⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2708
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        38⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        38⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:888
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        39⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        39⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1592
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        40⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        40⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        41⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        41⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2564
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        42⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        42⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2848
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        43⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        43⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        44⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        44⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:676
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        45⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        45⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2356
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        46⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        46⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2472
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        47⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        47⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1124
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        48⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        48⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1736
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        49⤵
        System Location Discovery: System Language Discovery
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        49⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        50⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        50⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:480
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        51⤵
        System Location Discovery: System Language Discovery
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        51⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1600
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        52⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        52⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        53⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        53⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2304
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        54⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        54⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1804
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        55⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        55⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2752
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        56⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        56⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1676
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        57⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        57⤵
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2444
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        58⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        58⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        59⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        59⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2808
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        60⤵
        System Location Discovery: System Language Discovery
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        60⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:2644
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        61⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        61⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        62⤵
        
        PID:2280
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        62⤵
        System Location Discovery: System Language Discovery
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        62⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:1152
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        63⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        63⤵
        Suspicious use of SetThreadContext
        Suspicious use of AdjustPrivilegeToken
        
        PID:1420
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        64⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        64⤵
        Suspicious use of SetThreadContext
        
        PID:1792
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        65⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        65⤵
        
        PID:2472
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        66⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        67⤵
        
        PID:1668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        67⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        67⤵
        
        PID:1204
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        68⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        68⤵
        
        PID:3060
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        69⤵
        
        PID:1564
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        69⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        70⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        70⤵
        
        PID:1372
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        71⤵
        
        PID:1664
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        71⤵
        
        PID:848
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        72⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        72⤵
        
        PID:2820
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        73⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        73⤵
        
        PID:3032
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        74⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        74⤵
        
        PID:1360
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        75⤵
        
        PID:2952
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        75⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        77⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        78⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        78⤵
        
        PID:2792
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        79⤵
        
        PID:2332
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        80⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        80⤵
        
        PID:2556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        81⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        81⤵
        
        PID:1548
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        82⤵
        
        PID:1332
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        82⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        83⤵
        
        PID:1760
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        83⤵
        
        PID:2624
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        84⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:480
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:776
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        86⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        86⤵
        
        PID:1812
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        87⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        87⤵
        
        PID:836
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        88⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        88⤵
        
        PID:1212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        89⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        89⤵
        
        PID:612
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        90⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        90⤵
        
        PID:980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        91⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        91⤵
        
        PID:2728
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        92⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        92⤵
        System Location Discovery: System Language Discovery
        
        PID:3032
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        94⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        94⤵
        
        PID:2744
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        95⤵
        
        PID:1000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:868
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        97⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        97⤵
        
        PID:2980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        98⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        98⤵
        
        PID:1864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        99⤵
        
        PID:3000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        99⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        99⤵
        
        PID:1420
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        100⤵
        
        PID:2292
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        101⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        102⤵
        System Location Discovery: System Language Discovery
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        102⤵
        
        PID:1148
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        103⤵
        
        PID:2624
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        103⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        103⤵
        
        PID:2180
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        104⤵
        
        PID:2944
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        104⤵
        
        PID:1240
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        105⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        105⤵
        
        PID:580
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        106⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        106⤵
        
        PID:1204
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        107⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        107⤵
        
        PID:2756
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        108⤵
        
        PID:2948
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        108⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        108⤵
        
        PID:1584
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        109⤵
        
        PID:1968
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        109⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        109⤵
        
        PID:1776
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        110⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        110⤵
        
        PID:1588
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        111⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        111⤵
        
        PID:2072
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        112⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        112⤵
        
        PID:2196
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        113⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        113⤵
        
        PID:3024
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        114⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        114⤵
        
        PID:1760
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        115⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        115⤵
        
        PID:2596
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        116⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        116⤵
        
        PID:2168
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        117⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        117⤵
        
        PID:2292
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        118⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        118⤵
        
        PID:2576
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        119⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        119⤵
        
        PID:1352
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        120⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        120⤵
        
        PID:1724
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        121⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        121⤵
        
        PID:3060
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        122⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        122⤵
        
        PID:2400
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        123⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        123⤵
        
        PID:480
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        124⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        124⤵
        
        PID:2536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        125⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        125⤵
        
        PID:2152
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        126⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        126⤵
        
        PID:2212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        127⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        127⤵
        
        PID:1144
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        128⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        128⤵
        
        PID:1332
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        129⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        129⤵
        
        PID:1340
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        130⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        130⤵
        
        PID:1560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        131⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        131⤵
        
        PID:1048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        132⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        132⤵
        
        PID:1864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        133⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        133⤵
        
        PID:1896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        134⤵
        
        PID:1416
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        134⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        134⤵
        
        PID:2044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        135⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        135⤵
        
        PID:2324
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        136⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        136⤵
        
        PID:1704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        137⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        137⤵
        
        PID:1916
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        138⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        138⤵
        
        PID:2340
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        139⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        139⤵
        
        PID:2232
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        140⤵
        
        PID:2176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        140⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        140⤵
        
        PID:2892
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        141⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        141⤵
        
        PID:1592
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        142⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        142⤵
        
        PID:1204
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        143⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        143⤵
        
        PID:2152
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        144⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        144⤵
        
        PID:2116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        145⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        145⤵
        
        PID:1144
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        146⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        146⤵
        
        PID:2968
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        147⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        147⤵
        
        PID:2792
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        148⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        148⤵
        
        PID:2692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        149⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        149⤵
        
        PID:1468
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        150⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        150⤵
        
        PID:2772
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        151⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        151⤵
        
        PID:1596
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        152⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        152⤵
        
        PID:1676
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        153⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        153⤵
        
        PID:1720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        154⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        154⤵
        
        PID:2336
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        155⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        155⤵
        
        PID:2256
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        156⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        156⤵
        
        PID:1736
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        157⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        157⤵
        
        PID:2852
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        158⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        158⤵
        
        PID:1944
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        159⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        159⤵
        
        PID:2568
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        160⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        160⤵
        
        PID:1188
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        161⤵
        
        PID:1568
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        161⤵
        
        PID:2828
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        161⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        161⤵
        
        PID:2760
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        162⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        162⤵
        
        PID:1908
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        163⤵
        
        PID:2976
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        163⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        163⤵
        
        PID:2120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        164⤵
        
        PID:696
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        164⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        164⤵
        
        PID:1820
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        165⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        165⤵
        
        PID:1588
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        166⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        166⤵
        
        PID:3020
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        167⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        167⤵
        
        PID:2604
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        168⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        168⤵
        
        PID:1612
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        169⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        169⤵
        
        PID:2860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        170⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        170⤵
        
        PID:1240
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        171⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        171⤵
        
        PID:2320
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        172⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        172⤵
        
        PID:1668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        173⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        173⤵
        
        PID:1988
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        174⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        174⤵
        
        PID:1980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        175⤵
        
        PID:2080
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        175⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        175⤵
        
        PID:2892
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        176⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        176⤵
        
        PID:1164
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        177⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        177⤵
        
        PID:1868
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        178⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        178⤵
        
        PID:2784
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        179⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        179⤵
        
        PID:1904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        180⤵
        
        PID:2116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        180⤵
        
        PID:1708
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        180⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        180⤵
        
        PID:560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        181⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        181⤵
        
        PID:2072
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        182⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        182⤵
        
        PID:1864
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        183⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        183⤵
        
        PID:2188
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        184⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        184⤵
        
        PID:2808
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        185⤵
        
        PID:2560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        185⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        185⤵
        
        PID:2620
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        186⤵
        
        PID:848
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        186⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        186⤵
        
        PID:1048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        187⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        187⤵
        
        PID:2628
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:2388
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        188⤵
        
        PID:880
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        189⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        189⤵
        
        PID:2428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        190⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        190⤵
        
        PID:2356
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        191⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        191⤵
        
        PID:1600
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        192⤵
        
        PID:1668
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        192⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        192⤵
        
        PID:2844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        193⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        193⤵
        
        PID:2848
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        194⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        194⤵
        
        PID:2768
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        195⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        195⤵
        
        PID:2580
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        196⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        196⤵
        
        PID:2732
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        197⤵
        
        PID:2828
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        197⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        197⤵
        
        PID:2708
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        198⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        198⤵
        
        PID:3008
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        199⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        199⤵
        
        PID:2152
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        200⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        200⤵
        
        PID:2100
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        201⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        201⤵
        
        PID:2032
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        202⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        202⤵
        
        PID:2560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        203⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        203⤵
        
        PID:2612
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        204⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        204⤵
        
        PID:2736
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        205⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        205⤵
        
        PID:2724
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        206⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        206⤵
        
        PID:1320
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        207⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        207⤵
        
        PID:2772
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        208⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        208⤵
        
        PID:608
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        209⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        209⤵
        
        PID:1956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        210⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        210⤵
        
        PID:1748
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        211⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        211⤵
        
        PID:1204
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        212⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        212⤵
        
        PID:2240
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        213⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        213⤵
        
        PID:924
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        214⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        214⤵
        
        PID:2768
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        215⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        215⤵
        
        PID:1944
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        216⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        216⤵
        
        PID:1036
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        217⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        217⤵
        
        PID:2656
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        218⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        218⤵
        
        PID:2708
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        219⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        219⤵
        
        PID:404
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        220⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        220⤵
        
        PID:2152
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        221⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        221⤵
        
        PID:1804
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        222⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        222⤵
        
        PID:296
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        223⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        223⤵
        
        PID:2872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        224⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        224⤵
        
        PID:568
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        225⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        225⤵
        
        PID:2596
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        226⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        226⤵
        
        PID:1976
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        227⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        227⤵
        
        PID:2728
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        228⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        228⤵
        
        PID:1752
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        229⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        229⤵
        
        PID:2688
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        230⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        230⤵
        
        PID:1916
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        231⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        231⤵
        
        PID:676
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        232⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        232⤵
        
        PID:2828
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        233⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        233⤵
        
        PID:1076
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        234⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        234⤵
        
        PID:3060
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        235⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        235⤵
        
        PID:1816
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        236⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        236⤵
        
        PID:2324
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        237⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        237⤵
        
        PID:696
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        238⤵
        
        PID:2972
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        238⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        238⤵
        
        PID:584
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        239⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        239⤵
        
        PID:2352
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        240⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        240⤵
        
        PID:928
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        241⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        241⤵
        
        PID:1492
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        242⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        242⤵
        
        PID:2700
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        243⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        243⤵
        
        PID:1000
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        244⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        244⤵
        
        PID:2996
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        245⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        245⤵
        
        PID:2556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        246⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        246⤵
        
        PID:608
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        247⤵
        
        PID:1528
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        247⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        247⤵
        
        PID:2428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        248⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        248⤵
        
        PID:860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        249⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        249⤵
        
        PID:2652
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        250⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        250⤵
        
        PID:2360
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        251⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        251⤵
        
        PID:1568
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        252⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        252⤵
        
        PID:2476
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        253⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        253⤵
        
        PID:2732
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        254⤵
        
        PID:1212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        254⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        254⤵
        
        PID:1636
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        255⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        255⤵
        
        PID:936
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        256⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        256⤵
        
        PID:664
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        257⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        257⤵
        
        PID:2076
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        258⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        258⤵
        
        PID:2344
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        259⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        259⤵
        
        PID:2580
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        260⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        260⤵
        
        PID:1716
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        261⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        261⤵
        
        PID:344
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        262⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        262⤵
        
        PID:2056
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        263⤵
        
        PID:2332
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        263⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        263⤵
        
        PID:2872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        264⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        264⤵
        
        PID:2600
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        265⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        265⤵
        
        PID:3024
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        266⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        266⤵
        
        PID:2688
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        267⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        267⤵
        
        PID:2176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        268⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        268⤵
        
        PID:1884
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        269⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        269⤵
        
        PID:1748
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        270⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        270⤵
        
        PID:2440
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        271⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        271⤵
        
        PID:1984
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        272⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        272⤵
        
        PID:2472
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        273⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        273⤵
        
        PID:2732
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        274⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        274⤵
        
        PID:1868
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        275⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        275⤵
        
        PID:2412
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        276⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        276⤵
        
        PID:868
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        277⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        277⤵
        
        PID:2692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        278⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        278⤵
        
        PID:1880
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        279⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        279⤵
        
        PID:2576
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        280⤵
        
        PID:2580
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        280⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        280⤵
        
        PID:956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        281⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        281⤵
        
        PID:2308
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        282⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        282⤵
        
        PID:340
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        283⤵
        
        PID:2860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        283⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        283⤵
        
        PID:1240
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        284⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        284⤵
        
        PID:2988
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        285⤵
        
        PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2804-0-0x000000007446E000-0x000000007446F000-memory.dmp

Filesize
4KB

Download
memory/2804-1-0x00000000001F0000-0x000000000025C000-memory.dmp

Filesize
432KB

Download
memory/2804-2-0x0000000000260000-0x000000000027A000-memory.dmp

Filesize
104KB

Download
memory/2804-9-0x0000000074460000-0x0000000074B4E000-memory.dmp

Filesize
6.9MB

Download
memory/2804-13-0x0000000074460000-0x0000000074B4E000-memory.dmp

Filesize
6.9MB

Download
memory/2920-4-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2920-6-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2920-8-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download