asyncrat | ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7

Analysis

max time kernel
20s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2025 03:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Size

405KB
MD5

c03047a965d5cc81d1500f5c622aa015
SHA1

146c251cc7e95cc077968adb2fa2f0609c2c2bbd
SHA256

ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7
SHA512

49f8e1ca0df995a0d34b7387240ec9f25b31c30d09b162c82320c86890fd872eb5897877376d2f192c83321e9ffd8848a90c93efdf92a817b428ada464c81bae
SSDEEP

6144:8FReki7IuH/8hYvKgT69KepKdAD47lUwscIFAhhGphFd39yoJDi/a2SealG:8FRil/ti3pKd17nsjJj1yoti/qeR

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.6E

Botnet

Default

mendey.duckdns.org:2333

Mutex

nfabbudcyb

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Checks computer location settings 2 TTPs 37 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe

Suspicious use of SetThreadContext 38 IoCs

description	pid	Process	procid_target
PID 1556 set thread context of 2152	1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	84
PID 4032 set thread context of 636	4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	87
PID 664 set thread context of 1552	664	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	89
PID 4808 set thread context of 5084	4808	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	91
PID 4800 set thread context of 5060	4800	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	93
PID 3296 set thread context of 1988	3296	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	95
PID 212 set thread context of 2416	212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	98
PID 3976 set thread context of 5020	3976	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	100
PID 2720 set thread context of 4324	2720	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	102
PID 2112 set thread context of 1356	2112	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	104
PID 4724 set thread context of 4896	4724	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	106
PID 4584 set thread context of 4860	4584	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	239
PID 4876 set thread context of 1216	4876	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	110
PID 1536 set thread context of 648	1536	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	112
PID 4444 set thread context of 1528	4444	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	114
PID 4452 set thread context of 556	4452	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	215
PID 4016 set thread context of 3696	4016	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	118
PID 4980 set thread context of 4588	4980	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	174
PID 3096 set thread context of 1512	3096	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	218
PID 4292 set thread context of 4700	4292	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	125
PID 2428 set thread context of 1244	2428	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	244
PID 728 set thread context of 4108	728	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	129
PID 3856 set thread context of 4844	3856	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	390
PID 1928 set thread context of 3324	1928	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	133
PID 1784 set thread context of 3316	1784	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	365
PID 2252 set thread context of 3116	2252	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	267
PID 5044 set thread context of 5080	5044	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	143
PID 4124 set thread context of 8	4124	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	324
PID 5096 set thread context of 4608	5096	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	270
PID 2112 set thread context of 892	2112	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	306
PID 2432 set thread context of 1976	2432	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	153
PID 3156 set thread context of 1696	3156	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	434
PID 2388 set thread context of 4604	2388	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	350
PID 2412 set thread context of 3412	2412	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	162
PID 4648 set thread context of 4452	4648	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	164
PID 3364 set thread context of 4880	3364	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	248
PID 4036 set thread context of 1800	4036	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	433
PID 1112 set thread context of 4588	1112	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	440

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe

Suspicious behavior: MapViewOfSection 52 IoCs

pid	Process
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
664	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4808	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4800	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
3296	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
3976	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2720	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2112	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4724	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4584	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4876	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1536	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4444	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4452	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4016	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4980	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
3096	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4292	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4292	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2428	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
728	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
3856	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1928	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1784	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2252	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2252	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2252	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
5044	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
5044	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
5044	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4124	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4124	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
5096	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2112	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2112	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2432	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
3156	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
3156	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2388	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
2412	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4648	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
3364	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
3364	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
3364	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
3364	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
4036	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
1112	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe

Suspicious use of AdjustPrivilegeToken 39 IoCs

description	pid	Process
Token: SeDebugPrivilege	1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	664	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4808	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	636	RegAsm.exe
Token: SeDebugPrivilege	4800	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	3296	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	3976	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2720	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2112	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4724	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4584	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4876	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1536	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4444	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4452	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4016	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4980	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	3096	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4292	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2428	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	728	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	3856	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1928	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1784	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2252	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	5044	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4124	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	5096	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2112	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2432	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	3156	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2388	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	2412	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4648	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	3364	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	4036	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
Token: SeDebugPrivilege	1112	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 2612	1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	83
PID 1556 wrote to memory of 2612	1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	83
PID 1556 wrote to memory of 2612	1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	83
PID 1556 wrote to memory of 2152	1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	84
PID 1556 wrote to memory of 2152	1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	84
PID 1556 wrote to memory of 2152	1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	84
PID 1556 wrote to memory of 2152	1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	84
PID 1556 wrote to memory of 4032	1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	85
PID 1556 wrote to memory of 4032	1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	85
PID 1556 wrote to memory of 4032	1556	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	85
PID 4032 wrote to memory of 632	4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	86
PID 4032 wrote to memory of 632	4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	86
PID 4032 wrote to memory of 632	4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	86
PID 4032 wrote to memory of 636	4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	87
PID 4032 wrote to memory of 636	4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	87
PID 4032 wrote to memory of 636	4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	87
PID 4032 wrote to memory of 636	4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	87
PID 4032 wrote to memory of 664	4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	88
PID 4032 wrote to memory of 664	4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	88
PID 4032 wrote to memory of 664	4032	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	88
PID 664 wrote to memory of 1552	664	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	89
PID 664 wrote to memory of 1552	664	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	89
PID 664 wrote to memory of 1552	664	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	89
PID 664 wrote to memory of 1552	664	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	89
PID 664 wrote to memory of 4808	664	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	90
PID 664 wrote to memory of 4808	664	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	90
PID 664 wrote to memory of 4808	664	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	90
PID 4808 wrote to memory of 5084	4808	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	91
PID 4808 wrote to memory of 5084	4808	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	91
PID 4808 wrote to memory of 5084	4808	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	91
PID 4808 wrote to memory of 5084	4808	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	91
PID 4808 wrote to memory of 4800	4808	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	92
PID 4808 wrote to memory of 4800	4808	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	92
PID 4808 wrote to memory of 4800	4808	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	92
PID 4800 wrote to memory of 5060	4800	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	93
PID 4800 wrote to memory of 5060	4800	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	93
PID 4800 wrote to memory of 5060	4800	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	93
PID 4800 wrote to memory of 5060	4800	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	93
PID 4800 wrote to memory of 3296	4800	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	94
PID 4800 wrote to memory of 3296	4800	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	94
PID 4800 wrote to memory of 3296	4800	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	94
PID 3296 wrote to memory of 1988	3296	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	95
PID 3296 wrote to memory of 1988	3296	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	95
PID 3296 wrote to memory of 1988	3296	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	95
PID 3296 wrote to memory of 1988	3296	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	95
PID 3296 wrote to memory of 212	3296	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	141
PID 3296 wrote to memory of 212	3296	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	141
PID 3296 wrote to memory of 212	3296	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	141
PID 212 wrote to memory of 2252	212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	136
PID 212 wrote to memory of 2252	212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	136
PID 212 wrote to memory of 2252	212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	136
PID 212 wrote to memory of 2416	212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	98
PID 212 wrote to memory of 2416	212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	98
PID 212 wrote to memory of 2416	212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	98
PID 212 wrote to memory of 2416	212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	98
PID 212 wrote to memory of 3976	212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	99
PID 212 wrote to memory of 3976	212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	99
PID 212 wrote to memory of 3976	212	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	99
PID 3976 wrote to memory of 5020	3976	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	100
PID 3976 wrote to memory of 5020	3976	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	100
PID 3976 wrote to memory of 5020	3976	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	100
PID 3976 wrote to memory of 5020	3976	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	100
PID 3976 wrote to memory of 2720	3976	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	192
PID 3976 wrote to memory of 2720	3976	ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe	192

C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
"C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:2612
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2152
- C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
  "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
  2⤵
  - Checks computer location settings
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4032
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:632
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:636
- - C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
    "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
    3⤵
    - Checks computer location settings
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:664
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
      "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
      4⤵
      Checks computer location settings
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious behavior: MapViewOfSection
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:4808
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        5⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4800
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        6⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3296
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        7⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        8⤵
        
        PID:2252
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        8⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3976
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        9⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        10⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2112
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        11⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        11⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4724
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        12⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4584
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        13⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4876
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        14⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        15⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4444
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        16⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4452
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        17⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4016
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        18⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        19⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        19⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3096
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        20⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4292
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        21⤵
        
        PID:3448
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        21⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2428
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        22⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:728
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        23⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        23⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3856
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        24⤵
        System Location Discovery: System Language Discovery
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        24⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1928
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        25⤵
        System Location Discovery: System Language Discovery
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        25⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1784
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        26⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        26⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2252
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        27⤵
        
        PID:1204
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        27⤵
        
        PID:2448
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        27⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        27⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:5044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        28⤵
        
        PID:212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        28⤵
        
        PID:1920
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        28⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        28⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4124
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        29⤵
        
        PID:5088
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        29⤵
        System Location Discovery: System Language Discovery
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        29⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:5096
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        30⤵
        System Location Discovery: System Language Discovery
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        30⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2112
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        31⤵
        
        PID:3704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        31⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        31⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2432
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        32⤵
        System Location Discovery: System Language Discovery
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        32⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3156
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        33⤵
        
        PID:1636
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        33⤵
        System Location Discovery: System Language Discovery
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        33⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2388
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        34⤵
        System Location Discovery: System Language Discovery
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        34⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:2412
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        35⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        35⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4648
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        36⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        36⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:3364
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        37⤵
        
        PID:2476
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        37⤵
        
        PID:1808
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        37⤵
        
        PID:4976
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        37⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        37⤵
        Checks computer location settings
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:4036
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        38⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        38⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious behavior: MapViewOfSection
        Suspicious use of AdjustPrivilegeToken
        
        PID:1112
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        39⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        39⤵
        
        PID:1556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        40⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        40⤵
        
        PID:1196
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        41⤵
        
        PID:2472
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        41⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        41⤵
        
        PID:4676
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        42⤵
        
        PID:1204
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        42⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        42⤵
        
        PID:2932
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        43⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        43⤵
        
        PID:2836
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        44⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        44⤵
        
        PID:1348
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        45⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        45⤵
        
        PID:2180
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        46⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        46⤵
        
        PID:1840
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        47⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        47⤵
        
        PID:1924
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        48⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        48⤵
        
        PID:3484
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        49⤵
        
        PID:2404
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        49⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        49⤵
        
        PID:4728
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        50⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        50⤵
        
        PID:5048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        51⤵
        
        PID:2872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        51⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        51⤵
        
        PID:4636
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        52⤵
        
        PID:3980
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        52⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        52⤵
        
        PID:1952
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        53⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        53⤵
        
        PID:460
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        54⤵
        
        PID:116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        54⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        54⤵
        
        PID:556
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        55⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        55⤵
        
        PID:4536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        56⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        56⤵
        
        PID:1380
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        57⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        57⤵
        
        PID:5060
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        58⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        58⤵
        
        PID:212
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        59⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        59⤵
        
        PID:5044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        60⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        60⤵
        
        PID:2588
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        61⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        61⤵
        
        PID:2516
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        62⤵
        
        PID:5020
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        62⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        62⤵
        
        PID:1628
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        63⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        63⤵
        
        PID:1408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        64⤵
        
        PID:4320
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        64⤵
        
        PID:416
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        64⤵
        
        PID:412
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        65⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        65⤵
        
        PID:3872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        66⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        66⤵
        
        PID:1120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        67⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        67⤵
        
        PID:1244
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        68⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        68⤵
        
        PID:380
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        69⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        69⤵
        
        PID:4880
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        70⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        70⤵
        
        PID:1524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        71⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        71⤵
        
        PID:5096
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        72⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        72⤵
        
        PID:2448
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        73⤵
        
        PID:4200
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        73⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        73⤵
        
        PID:1640
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        74⤵
        
        PID:3704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        74⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        74⤵
        
        PID:5044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        75⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        75⤵
        
        PID:2308
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        76⤵
        
        PID:4904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        76⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        76⤵
        
        PID:2460
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        77⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        77⤵
        
        PID:4360
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        78⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        78⤵
        
        PID:4608
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        79⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        79⤵
        
        PID:1956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        80⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        80⤵
        
        PID:1596
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        81⤵
        
        PID:4724
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        81⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        81⤵
        
        PID:1788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        82⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        82⤵
        
        PID:4932
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        83⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        83⤵
        
        PID:3368
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        84⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        84⤵
        
        PID:2168
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        85⤵
        
        PID:728
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        85⤵
        
        PID:4916
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        86⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        86⤵
        
        PID:2368
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        87⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        87⤵
        
        PID:2248
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        88⤵
        
        PID:4776
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        88⤵
        
        PID:3896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        88⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        88⤵
        
        PID:5088
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        89⤵
        
        PID:1656
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        89⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        89⤵
        
        PID:1560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        90⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        90⤵
        
        PID:1204
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        91⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        91⤵
        
        PID:1224
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        92⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        92⤵
        
        PID:440
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        93⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        93⤵
        
        PID:3460
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        94⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        94⤵
        
        PID:892
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        95⤵
        
        PID:648
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        95⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        95⤵
        
        PID:4088
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        96⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        96⤵
        
        PID:2216
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        97⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        97⤵
        
        PID:2960
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        98⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        98⤵
        
        PID:4408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        99⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        99⤵
        
        PID:4488
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        100⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        100⤵
        
        PID:1384
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        101⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        101⤵
        
        PID:2272
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        102⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        102⤵
        
        PID:3480
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        103⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        103⤵
        
        PID:2436
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        104⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        104⤵
        
        PID:2248
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        105⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        105⤵
        
        PID:2816
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        106⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        106⤵
        
        PID:4904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        107⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        107⤵
        
        PID:1784
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        108⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        108⤵
        
        PID:3512
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        109⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        109⤵
        
        PID:2568
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        110⤵
        
        PID:2460
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        110⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        110⤵
        
        PID:4724
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        111⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        111⤵
        
        PID:1408
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        112⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        112⤵
        
        PID:1780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        113⤵
        
        PID:1596
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        113⤵
        
        PID:1124
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        113⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        113⤵
        
        PID:1120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        114⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        114⤵
        
        PID:4604
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        115⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        115⤵
        
        PID:3096
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        116⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        116⤵
        
        PID:4704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        117⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        117⤵
        
        PID:928
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        118⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        118⤵
        
        PID:5096
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        119⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        119⤵
        
        PID:2512
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        120⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        120⤵
        
        PID:3976
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        121⤵
        
        PID:2248
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        121⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        121⤵
        
        PID:3316
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        122⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        122⤵
        
        PID:4032
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        123⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        123⤵
        
        PID:3564
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        124⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        124⤵
        
        PID:3136
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        125⤵
        
        PID:2460
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        125⤵
        
        PID:4176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        125⤵
        
        PID:896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        125⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        125⤵
        
        PID:4484
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        126⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        126⤵
        
        PID:4352
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        127⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        127⤵
        
        PID:2772
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        128⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        128⤵
        
        PID:1780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        129⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        129⤵
        
        PID:1948
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        130⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        130⤵
        
        PID:3552
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        131⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        131⤵
        
        PID:1380
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        132⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        132⤵
        
        PID:4844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        133⤵
        
        PID:4468
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        133⤵
        
        PID:3040
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        133⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        133⤵
        
        PID:2780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        134⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        134⤵
        
        PID:3692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        135⤵
        
        PID:4920
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        135⤵
        
        PID:1584
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        135⤵
        
        PID:3988
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        135⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        135⤵
        
        PID:3508
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        136⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        136⤵
        
        PID:2896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        137⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        137⤵
        
        PID:1560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        138⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        138⤵
        
        PID:2588
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        139⤵
        
        PID:4080
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        139⤵
        
        PID:3452
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        139⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        139⤵
        
        PID:4176
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        140⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        140⤵
        
        PID:2208
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        141⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        141⤵
        
        PID:2112
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        142⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        142⤵
        
        PID:4284
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        143⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        143⤵
        
        PID:1316
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        144⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        144⤵
        
        PID:3856
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        145⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        145⤵
        
        PID:4832
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        146⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        146⤵
        
        PID:5016
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        147⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        147⤵
        
        PID:3296
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        148⤵
        
        PID:4008
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        148⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        148⤵
        
        PID:4708
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        149⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        149⤵
        
        PID:3448
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        150⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        150⤵
        
        PID:1696
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        151⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        151⤵
        
        PID:2780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        152⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        152⤵
        
        PID:1860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        153⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        153⤵
        
        PID:4588
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        154⤵
        
        PID:4528
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        154⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        154⤵
        
        PID:3976
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        155⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        155⤵
        
        PID:228
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        156⤵
        
        PID:2216
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        156⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        156⤵
        
        PID:4440
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        157⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        157⤵
        
        PID:400
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        158⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        158⤵
        
        PID:4480
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        159⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        159⤵
        
        PID:2916
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        160⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        160⤵
        
        PID:3520
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        161⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        161⤵
        
        PID:2552
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        162⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        162⤵
        
        PID:5048
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        163⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        163⤵
        
        PID:1788
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        164⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        164⤵
        
        PID:4672
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        165⤵
        
        PID:4636
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        165⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        165⤵
        
        PID:404
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        166⤵
        
        PID:1476
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        166⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        166⤵
        
        PID:4844
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        167⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        167⤵
        
        PID:1216
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        168⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        168⤵
        
        PID:1144
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        169⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        169⤵
        
        PID:4936
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        170⤵
        
        PID:1512
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        170⤵
        
        PID:3260
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        170⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        170⤵
        
        PID:4536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        171⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        171⤵
        
        PID:1336
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        172⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        172⤵
        
        PID:2136
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        173⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        173⤵
        
        PID:1808
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        174⤵
        
        PID:2424
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        174⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        174⤵
        
        PID:4624
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        175⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        175⤵
        
        PID:4860
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        176⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        176⤵
        
        PID:3544
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        177⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        177⤵
        
        PID:4888
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        178⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        178⤵
        
        PID:756
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        179⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        179⤵
        
        PID:3108
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        180⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        180⤵
        
        PID:3420
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        181⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        181⤵
        
        PID:116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        182⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        182⤵
        
        PID:3128
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        183⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        183⤵
        
        PID:728
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        184⤵
        
        PID:2272
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        184⤵
        
        PID:1244
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        184⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        184⤵
        
        PID:4920
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        185⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        185⤵
        
        PID:1572
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        186⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        186⤵
        
        PID:1144
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        187⤵
        
        PID:3324
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        187⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        187⤵
        
        PID:3896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        188⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        188⤵
        
        PID:4456
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        189⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        189⤵
        
        PID:5044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        190⤵
        
        PID:2448
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        190⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        190⤵
        
        PID:2816
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        191⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        191⤵
        
        PID:4692
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        192⤵
        
        PID:3992
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        192⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        192⤵
        
        PID:1596
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        193⤵
        
        PID:60
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        193⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        193⤵
        
        PID:1604
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        194⤵
        
        PID:3264
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        194⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        194⤵
        
        PID:2208
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        195⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        195⤵
        
        PID:4832
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        196⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        196⤵
        
        PID:1124
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        197⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        197⤵
        
        PID:872
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        198⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        198⤵
        
        PID:3904
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        199⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        199⤵
        
        PID:4116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        200⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        200⤵
        
        PID:4948
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        201⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        201⤵
        
        PID:684
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        202⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        202⤵
        
        PID:3708
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        203⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        203⤵
        
        PID:776
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        204⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        204⤵
        
        PID:2292
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        205⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        205⤵
        
        PID:3964
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        206⤵
        
        PID:5068
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        206⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        206⤵
        
        PID:3524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        207⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        207⤵
        
        PID:1528
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        208⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        208⤵
        
        PID:3120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        209⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        209⤵
        
        PID:624
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        210⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        210⤵
        
        PID:1744
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        211⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        211⤵
        
        PID:5076
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        212⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        212⤵
        
        PID:1604
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        213⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        213⤵
        
        PID:2932
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        214⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        214⤵
        
        PID:2312
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        215⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        215⤵
        
        PID:4888
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        216⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        216⤵
        
        PID:2568
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        217⤵
        
        PID:3116
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        217⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        217⤵
        
        PID:1628
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        218⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        218⤵
        
        PID:3552
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        219⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        219⤵
        
        PID:5016
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        220⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        220⤵
        
        PID:388
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        221⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        221⤵
        
        PID:1216
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        222⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        222⤵
        
        PID:4388
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        223⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        223⤵
        
        PID:1720
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        224⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        224⤵
        
        PID:3040
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        225⤵
        
        PID:4524
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        225⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        225⤵
        
        PID:2140
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        226⤵
        
        PID:780
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        226⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        226⤵
        
        PID:4024
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        227⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        227⤵
        
        PID:4108
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        228⤵
        
        PID:3120
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        228⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        228⤵
        
        PID:3180
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        229⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        229⤵
        
        PID:3136
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        230⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        230⤵
        
        PID:3412
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        231⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        231⤵
        
        PID:2180
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        232⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        232⤵
        
        PID:1896
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        233⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        233⤵
        
        PID:3440
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        234⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        234⤵
        
        PID:1392
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        235⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        235⤵
        
        PID:4560
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        236⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        236⤵
        
        PID:1356
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        237⤵
        
        PID:2444
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        237⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        237⤵
        
        PID:3704
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        238⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        238⤵
        
        PID:5016
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        239⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        239⤵
        
        PID:388
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        240⤵
        
        PID:2044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        240⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        240⤵
        
        PID:4072
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        241⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        241⤵
        
        PID:3088
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        242⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        242⤵
        
        PID:1536
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        243⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        243⤵
        
        PID:5056
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        244⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        244⤵
        
        PID:5040
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        245⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        245⤵
        
        PID:4484
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        246⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        246⤵
        
        PID:3956
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        247⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        247⤵
        
        PID:5044
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        248⤵
        
        PID:3648
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        248⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ec6bc12cc93f848b344fd0d9fce037178904fb98a66ced81dcc9ffb2a1e83ba7.exe"
        248⤵
        
        PID:1744
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        249⤵
        
        PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log

Filesize
425B

MD5
4eaca4566b22b01cd3bc115b9b0b2196

SHA1
e743e0792c19f71740416e7b3c061d9f1336bf94

SHA256
34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

SHA512
bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

Download Submit
memory/1556-0-0x00000000747DE000-0x00000000747DF000-memory.dmp

Filesize
4KB

Download
memory/1556-1-0x0000000000D30000-0x0000000000D9C000-memory.dmp

Filesize
432KB

Download
memory/1556-2-0x0000000003120000-0x000000000313A000-memory.dmp

Filesize
104KB

Download
memory/1556-5-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/1556-10-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/2152-4-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2152-6-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/2152-14-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/4032-7-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/4032-9-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/4032-12-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download