560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e

Analysis

max time kernel
149s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 12:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
Size

1.4MB
MD5

c7fc0cee8ca35d709ed276e9f88ddbed
SHA1

ceea9d76bf0429872f4d7420addd0abdb5e8f4dc
SHA256

560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e
SHA512

a1b93c9cb87993f77f2decf0e4ee33277567651d7fb664b579f3e293f97c6b198ce701c02cffd9d295b3e40f62cd6500f55bc252212c5ec81ac9e257831273da
SSDEEP

24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8aIHo9Hi9Yc1St1R1M9p09oMMhDIGL0:2TvC/MTQYxsWR7aIHEC+coJ1OpwoMMhv

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegAsymX.vbs	RegAsymX.exe

Executes dropped EXE 64 IoCs

pid	Process
2780	RegAsymX.exe
2852	RegAsymX.exe
1744	RegAsymX.exe
3032	RegAsymX.exe
576	RegAsymX.exe
3004	RegAsymX.exe
2540	RegAsymX.exe
544	RegAsymX.exe
2348	RegAsymX.exe
960	RegAsymX.exe
1956	RegAsymX.exe
2736	RegAsymX.exe
2416	RegAsymX.exe
1932	RegAsymX.exe
1896	RegAsymX.exe
696	RegAsymX.exe
2952	RegAsymX.exe
1312	RegAsymX.exe
2324	RegAsymX.exe
1000	RegAsymX.exe
2172	RegAsymX.exe
2312	RegAsymX.exe
580	RegAsymX.exe
2776	RegAsymX.exe
2680	RegAsymX.exe
2600	RegAsymX.exe
2572	RegAsymX.exe
3036	RegAsymX.exe
2904	RegAsymX.exe
1736	RegAsymX.exe
1796	RegAsymX.exe
2620	RegAsymX.exe
2872	RegAsymX.exe
1484	RegAsymX.exe
2812	RegAsymX.exe
1012	RegAsymX.exe
2264	RegAsymX.exe
2236	RegAsymX.exe
840	RegAsymX.exe
1088	RegAsymX.exe
1812	RegAsymX.exe
776	RegAsymX.exe
352	RegAsymX.exe
844	RegAsymX.exe
996	RegAsymX.exe
2180	RegAsymX.exe
2456	RegAsymX.exe
2700	RegAsymX.exe
2856	RegAsymX.exe
2720	RegAsymX.exe
1560	RegAsymX.exe
1360	RegAsymX.exe
3020	RegAsymX.exe
2256	RegAsymX.exe
328	RegAsymX.exe
680	RegAsymX.exe
2072	RegAsymX.exe
2972	RegAsymX.exe
2252	RegAsymX.exe
2044	RegAsymX.exe
2164	RegAsymX.exe
2040	RegAsymX.exe
920	RegAsymX.exe
2460	RegAsymX.exe

Loads dropped DLL 2 IoCs

pid	Process
2424	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2780	RegAsymX.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0007000000016c89-13.dat	autoit_exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2424	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2424	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2780	RegAsymX.exe
2780	RegAsymX.exe
2852	RegAsymX.exe
2852	RegAsymX.exe
1744	RegAsymX.exe
1744	RegAsymX.exe
3032	RegAsymX.exe
3032	RegAsymX.exe
576	RegAsymX.exe
576	RegAsymX.exe
3004	RegAsymX.exe
3004	RegAsymX.exe
2540	RegAsymX.exe
2540	RegAsymX.exe
544	RegAsymX.exe
544	RegAsymX.exe
2348	RegAsymX.exe
2348	RegAsymX.exe
960	RegAsymX.exe
960	RegAsymX.exe
1956	RegAsymX.exe
1956	RegAsymX.exe
2736	RegAsymX.exe
2736	RegAsymX.exe
2416	RegAsymX.exe
2416	RegAsymX.exe
1932	RegAsymX.exe
1932	RegAsymX.exe
1896	RegAsymX.exe
1896	RegAsymX.exe
696	RegAsymX.exe
696	RegAsymX.exe
2952	RegAsymX.exe
2952	RegAsymX.exe
1312	RegAsymX.exe
1312	RegAsymX.exe
2324	RegAsymX.exe
2324	RegAsymX.exe
1000	RegAsymX.exe
1000	RegAsymX.exe
2172	RegAsymX.exe
2172	RegAsymX.exe
2312	RegAsymX.exe
2312	RegAsymX.exe
580	RegAsymX.exe
580	RegAsymX.exe
2776	RegAsymX.exe
2776	RegAsymX.exe
2680	RegAsymX.exe
2680	RegAsymX.exe
2600	RegAsymX.exe
2600	RegAsymX.exe
2572	RegAsymX.exe
2572	RegAsymX.exe
3036	RegAsymX.exe
3036	RegAsymX.exe
2904	RegAsymX.exe
2904	RegAsymX.exe
1736	RegAsymX.exe
1736	RegAsymX.exe
1796	RegAsymX.exe
1796	RegAsymX.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2424	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2424	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2780	RegAsymX.exe
2780	RegAsymX.exe
2852	RegAsymX.exe
2852	RegAsymX.exe
1744	RegAsymX.exe
1744	RegAsymX.exe
3032	RegAsymX.exe
3032	RegAsymX.exe
576	RegAsymX.exe
576	RegAsymX.exe
3004	RegAsymX.exe
3004	RegAsymX.exe
2540	RegAsymX.exe
2540	RegAsymX.exe
544	RegAsymX.exe
544	RegAsymX.exe
2348	RegAsymX.exe
2348	RegAsymX.exe
960	RegAsymX.exe
960	RegAsymX.exe
1956	RegAsymX.exe
1956	RegAsymX.exe
2736	RegAsymX.exe
2736	RegAsymX.exe
2416	RegAsymX.exe
2416	RegAsymX.exe
1932	RegAsymX.exe
1932	RegAsymX.exe
1896	RegAsymX.exe
1896	RegAsymX.exe
696	RegAsymX.exe
696	RegAsymX.exe
2952	RegAsymX.exe
2952	RegAsymX.exe
1312	RegAsymX.exe
1312	RegAsymX.exe
2324	RegAsymX.exe
2324	RegAsymX.exe
1000	RegAsymX.exe
1000	RegAsymX.exe
2172	RegAsymX.exe
2172	RegAsymX.exe
2312	RegAsymX.exe
2312	RegAsymX.exe
580	RegAsymX.exe
580	RegAsymX.exe
2776	RegAsymX.exe
2776	RegAsymX.exe
2680	RegAsymX.exe
2680	RegAsymX.exe
2600	RegAsymX.exe
2600	RegAsymX.exe
2572	RegAsymX.exe
2572	RegAsymX.exe
3036	RegAsymX.exe
3036	RegAsymX.exe
2904	RegAsymX.exe
2904	RegAsymX.exe
1736	RegAsymX.exe
1736	RegAsymX.exe
1796	RegAsymX.exe
1796	RegAsymX.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 2780	2424	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe	30
PID 2424 wrote to memory of 2780	2424	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe	30
PID 2424 wrote to memory of 2780	2424	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe	30
PID 2424 wrote to memory of 2780	2424	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe	30
PID 2780 wrote to memory of 2852	2780	RegAsymX.exe	31
PID 2780 wrote to memory of 2852	2780	RegAsymX.exe	31
PID 2780 wrote to memory of 2852	2780	RegAsymX.exe	31
PID 2780 wrote to memory of 2852	2780	RegAsymX.exe	31
PID 2852 wrote to memory of 1744	2852	RegAsymX.exe	32
PID 2852 wrote to memory of 1744	2852	RegAsymX.exe	32
PID 2852 wrote to memory of 1744	2852	RegAsymX.exe	32
PID 2852 wrote to memory of 1744	2852	RegAsymX.exe	32
PID 1744 wrote to memory of 3032	1744	RegAsymX.exe	33
PID 1744 wrote to memory of 3032	1744	RegAsymX.exe	33
PID 1744 wrote to memory of 3032	1744	RegAsymX.exe	33
PID 1744 wrote to memory of 3032	1744	RegAsymX.exe	33
PID 3032 wrote to memory of 576	3032	RegAsymX.exe	34
PID 3032 wrote to memory of 576	3032	RegAsymX.exe	34
PID 3032 wrote to memory of 576	3032	RegAsymX.exe	34
PID 3032 wrote to memory of 576	3032	RegAsymX.exe	34
PID 576 wrote to memory of 3004	576	RegAsymX.exe	35
PID 576 wrote to memory of 3004	576	RegAsymX.exe	35
PID 576 wrote to memory of 3004	576	RegAsymX.exe	35
PID 576 wrote to memory of 3004	576	RegAsymX.exe	35
PID 3004 wrote to memory of 2540	3004	RegAsymX.exe	36
PID 3004 wrote to memory of 2540	3004	RegAsymX.exe	36
PID 3004 wrote to memory of 2540	3004	RegAsymX.exe	36
PID 3004 wrote to memory of 2540	3004	RegAsymX.exe	36
PID 2540 wrote to memory of 544	2540	RegAsymX.exe	37
PID 2540 wrote to memory of 544	2540	RegAsymX.exe	37
PID 2540 wrote to memory of 544	2540	RegAsymX.exe	37
PID 2540 wrote to memory of 544	2540	RegAsymX.exe	37
PID 544 wrote to memory of 2348	544	RegAsymX.exe	38
PID 544 wrote to memory of 2348	544	RegAsymX.exe	38
PID 544 wrote to memory of 2348	544	RegAsymX.exe	38
PID 544 wrote to memory of 2348	544	RegAsymX.exe	38
PID 2348 wrote to memory of 960	2348	RegAsymX.exe	39
PID 2348 wrote to memory of 960	2348	RegAsymX.exe	39
PID 2348 wrote to memory of 960	2348	RegAsymX.exe	39
PID 2348 wrote to memory of 960	2348	RegAsymX.exe	39
PID 960 wrote to memory of 1956	960	RegAsymX.exe	40
PID 960 wrote to memory of 1956	960	RegAsymX.exe	40
PID 960 wrote to memory of 1956	960	RegAsymX.exe	40
PID 960 wrote to memory of 1956	960	RegAsymX.exe	40
PID 1956 wrote to memory of 2736	1956	RegAsymX.exe	41
PID 1956 wrote to memory of 2736	1956	RegAsymX.exe	41
PID 1956 wrote to memory of 2736	1956	RegAsymX.exe	41
PID 1956 wrote to memory of 2736	1956	RegAsymX.exe	41
PID 2736 wrote to memory of 2416	2736	RegAsymX.exe	42
PID 2736 wrote to memory of 2416	2736	RegAsymX.exe	42
PID 2736 wrote to memory of 2416	2736	RegAsymX.exe	42
PID 2736 wrote to memory of 2416	2736	RegAsymX.exe	42
PID 2416 wrote to memory of 1932	2416	RegAsymX.exe	43
PID 2416 wrote to memory of 1932	2416	RegAsymX.exe	43
PID 2416 wrote to memory of 1932	2416	RegAsymX.exe	43
PID 2416 wrote to memory of 1932	2416	RegAsymX.exe	43
PID 1932 wrote to memory of 1896	1932	RegAsymX.exe	44
PID 1932 wrote to memory of 1896	1932	RegAsymX.exe	44
PID 1932 wrote to memory of 1896	1932	RegAsymX.exe	44
PID 1932 wrote to memory of 1896	1932	RegAsymX.exe	44
PID 1896 wrote to memory of 696	1896	RegAsymX.exe	45
PID 1896 wrote to memory of 696	1896	RegAsymX.exe	45
PID 1896 wrote to memory of 696	1896	RegAsymX.exe	45
PID 1896 wrote to memory of 696	1896	RegAsymX.exe	45

C:\Users\Admin\AppData\Local\Temp\560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
"C:\Users\Admin\AppData\Local\Temp\560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
  "C:\Users\Admin\AppData\Local\Temp\560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
    "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
      "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1744
    - - C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3032
      - C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:576
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:544
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        10⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        11⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:960
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        14⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        16⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:696
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:580
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        25⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        33⤵
        Executes dropped EXE
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        34⤵
        Executes dropped EXE
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        35⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        36⤵
        Executes dropped EXE
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        37⤵
        Executes dropped EXE
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        38⤵
        Executes dropped EXE
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        39⤵
        Executes dropped EXE
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        40⤵
        Executes dropped EXE
        
        PID:840
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        41⤵
        Executes dropped EXE
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        42⤵
        Executes dropped EXE
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        43⤵
        Executes dropped EXE
        
        PID:776
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        44⤵
        Executes dropped EXE
        
        PID:352
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        45⤵
        Executes dropped EXE
        
        PID:844
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        46⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:996
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        47⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        48⤵
        Executes dropped EXE
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        49⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        50⤵
        Executes dropped EXE
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        51⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        52⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        53⤵
        Executes dropped EXE
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        54⤵
        Executes dropped EXE
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        55⤵
        Executes dropped EXE
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        56⤵
        Executes dropped EXE
        
        PID:328
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        57⤵
        Executes dropped EXE
        
        PID:680
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        58⤵
        Executes dropped EXE
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        59⤵
        Executes dropped EXE
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        60⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        61⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        62⤵
        Executes dropped EXE
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        63⤵
        Executes dropped EXE
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        64⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:920
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        65⤵
        Executes dropped EXE
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        68⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        70⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        71⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        72⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        74⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        76⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        77⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        78⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        79⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        80⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:956
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        83⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        84⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        85⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        87⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        89⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        90⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        91⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        92⤵
        System Location Discovery: System Language Discovery
        
        PID:288
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        93⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        94⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        97⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        98⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        99⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        101⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        102⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        104⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        106⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        107⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        108⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        110⤵
        System Location Discovery: System Language Discovery
        
        PID:856
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        111⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        113⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        114⤵
        System Location Discovery: System Language Discovery
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        115⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        116⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        117⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        118⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        120⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        121⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        122⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        123⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        124⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        125⤵
        System Location Discovery: System Language Discovery
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        126⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        127⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        128⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        129⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        130⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        131⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        132⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        133⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        134⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        135⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        136⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        138⤵
        System Location Discovery: System Language Discovery
        
        PID:900
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        139⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        142⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        143⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        144⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        145⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        146⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        147⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        148⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        149⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        150⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        151⤵
        System Location Discovery: System Language Discovery
        
        PID:572
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        153⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        154⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        155⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        156⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        157⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        158⤵
        System Location Discovery: System Language Discovery
        
        PID:264
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        159⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        160⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        161⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        162⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        163⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        164⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        165⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        166⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        167⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        168⤵
        System Location Discovery: System Language Discovery
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        169⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        170⤵
        System Location Discovery: System Language Discovery
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        171⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        172⤵
        System Location Discovery: System Language Discovery
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        173⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        174⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        175⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        176⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        177⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        178⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        179⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        180⤵
        System Location Discovery: System Language Discovery
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        181⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        182⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        183⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:816
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        185⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        186⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        187⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        188⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        189⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        190⤵
        System Location Discovery: System Language Discovery
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        191⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        192⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        193⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        194⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        195⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        196⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        197⤵
        System Location Discovery: System Language Discovery
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        198⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        199⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        200⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        201⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        202⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        203⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        205⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        206⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        207⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        208⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        209⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        210⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        211⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        212⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        213⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        214⤵
        System Location Discovery: System Language Discovery
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        215⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        216⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        217⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        218⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        219⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        220⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        221⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        222⤵
        
        PID:3432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Lymnaeidae

Filesize
84KB

MD5
e9d80ff6fcd8ceeb2f0c63b6d84354fd

SHA1
9e697f748635834b3b88f33fbb77323261b325b0

SHA256
91f5f7478ffcd500ad50e86ada1faffc60979b449af4d56b3bf1f71bb7da0a3d

SHA512
aba78fb40aae7238b20ba9fbe9d975481da595896a651962c41b89f6bea323a7040afaf35a33f0608a4f2d0aaf899537a5e1cc37887afc6ece0e468f9916b343

Download Submit
C:\Users\Admin\AppData\Local\Temp\autF853.tmp

Filesize
408KB

MD5
ce86f406e025ab6c2d4619b42b06a10f

SHA1
910ec8a487315a88f37d98e65c61886bfb6e5a8d

SHA256
c74e9a1bc00368e1cce005364c3b8ec3822241d895febc6f018491ea368e6464

SHA512
6b999d9b150eb8b6ecbb37a4b0f3e0a0246a97bce310044bdd90926945a4fd6942bfece1b0f64c57108834efc63a60feb48497db2d4a1a7ded076dc1fe162665

Download Submit
C:\Users\Admin\AppData\Local\Temp\autF873.tmp

Filesize
42KB

MD5
82867b0c21d8c24cf50c4408d8f9821b

SHA1
08cdc310e08ae5e72502e4077134bb6de08f3739

SHA256
900638a4da24c03753d210ea0c53ff6d729c04563c67b533c5e4f5271f4a3fd5

SHA512
f416f2e257caa70d47f152958c95f3f71443afbdd1e641b37ae0ca5d15954f19d8f0461fe035dd3a23afcb6d5e8c62577ae33aa192e35da3af3922bd868f2e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ophiolatrous

Filesize
483KB

MD5
89669f54c2cf58a12e6eb05f0b0c8b45

SHA1
9dd08035fb240b2d8c284c31786f20c04e4d871a

SHA256
7367a34c0b9d0c68678b8bd5bd02a54c94d7a60000aabc0525079b641c0f5e03

SHA512
000188de8af2c2886ab5085890835e29cf0e65f6c9fc01a52f47a709650d8c9f411bb8931e545c27edc132ee14fa685ec063d5681bffd9ece56a52473e9f2686

Download Submit
\Users\Admin\AppData\Local\directory\RegAsymX.exe

Filesize
1.4MB

MD5
c7fc0cee8ca35d709ed276e9f88ddbed

SHA1
ceea9d76bf0429872f4d7420addd0abdb5e8f4dc

SHA256
560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e

SHA512
a1b93c9cb87993f77f2decf0e4ee33277567651d7fb664b579f3e293f97c6b198ce701c02cffd9d295b3e40f62cd6500f55bc252212c5ec81ac9e257831273da

Download Submit
memory/2424-11-0x00000000005A0000-0x00000000005A4000-memory.dmp

Filesize
16KB

Download