560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-09-2024 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
Size

1.4MB
MD5

c7fc0cee8ca35d709ed276e9f88ddbed
SHA1

ceea9d76bf0429872f4d7420addd0abdb5e8f4dc
SHA256

560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e
SHA512

a1b93c9cb87993f77f2decf0e4ee33277567651d7fb664b579f3e293f97c6b198ce701c02cffd9d295b3e40f62cd6500f55bc252212c5ec81ac9e257831273da
SSDEEP

24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8aIHo9Hi9Yc1St1R1M9p09oMMhDIGL0:2TvC/MTQYxsWR7aIHEC+coJ1OpwoMMhv

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegAsymX.vbs	RegAsymX.exe

Executes dropped EXE 64 IoCs

pid	Process
2520	RegAsymX.exe
2896	RegAsymX.exe
2776	RegAsymX.exe
2816	RegAsymX.exe
2652	RegAsymX.exe
2700	RegAsymX.exe
1560	RegAsymX.exe
3000	RegAsymX.exe
2940	RegAsymX.exe
2984	RegAsymX.exe
1940	RegAsymX.exe
2196	RegAsymX.exe
2432	RegAsymX.exe
1084	RegAsymX.exe
1152	RegAsymX.exe
1292	RegAsymX.exe
1028	RegAsymX.exe
2144	RegAsymX.exe
3052	RegAsymX.exe
1872	RegAsymX.exe
2412	RegAsymX.exe
1616	RegAsymX.exe
2084	RegAsymX.exe
2500	RegAsymX.exe
2788	RegAsymX.exe
2468	RegAsymX.exe
2812	RegAsymX.exe
2668	RegAsymX.exe
1720	RegAsymX.exe
1168	RegAsymX.exe
2976	RegAsymX.exe
632	RegAsymX.exe
2964	RegAsymX.exe
1576	RegAsymX.exe
2356	RegAsymX.exe
1160	RegAsymX.exe
1988	RegAsymX.exe
2540	RegAsymX.exe
672	RegAsymX.exe
2284	RegAsymX.exe
880	RegAsymX.exe
2132	RegAsymX.exe
1700	RegAsymX.exe
1928	RegAsymX.exe
1748	RegAsymX.exe
1960	RegAsymX.exe
2596	RegAsymX.exe
2888	RegAsymX.exe
2800	RegAsymX.exe
2676	RegAsymX.exe
2688	RegAsymX.exe
668	RegAsymX.exe
980	RegAsymX.exe
560	RegAsymX.exe
2848	RegAsymX.exe
292	RegAsymX.exe
2148	RegAsymX.exe
2424	RegAsymX.exe
636	RegAsymX.exe
2228	RegAsymX.exe
2408	RegAsymX.exe
2292	RegAsymX.exe
2216	RegAsymX.exe
2544	RegAsymX.exe

Loads dropped DLL 2 IoCs

pid	Process
1712	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2520	RegAsymX.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000600000001933e-13.dat	autoit_exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1712	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
1712	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2520	RegAsymX.exe
2520	RegAsymX.exe
2896	RegAsymX.exe
2896	RegAsymX.exe
2776	RegAsymX.exe
2776	RegAsymX.exe
2816	RegAsymX.exe
2816	RegAsymX.exe
2652	RegAsymX.exe
2652	RegAsymX.exe
2700	RegAsymX.exe
2700	RegAsymX.exe
1560	RegAsymX.exe
1560	RegAsymX.exe
3000	RegAsymX.exe
3000	RegAsymX.exe
2940	RegAsymX.exe
2940	RegAsymX.exe
2984	RegAsymX.exe
2984	RegAsymX.exe
1940	RegAsymX.exe
1940	RegAsymX.exe
2196	RegAsymX.exe
2196	RegAsymX.exe
2432	RegAsymX.exe
2432	RegAsymX.exe
1084	RegAsymX.exe
1084	RegAsymX.exe
1152	RegAsymX.exe
1152	RegAsymX.exe
1292	RegAsymX.exe
1292	RegAsymX.exe
1028	RegAsymX.exe
1028	RegAsymX.exe
2144	RegAsymX.exe
2144	RegAsymX.exe
3052	RegAsymX.exe
3052	RegAsymX.exe
1872	RegAsymX.exe
1872	RegAsymX.exe
2412	RegAsymX.exe
2412	RegAsymX.exe
1616	RegAsymX.exe
1616	RegAsymX.exe
2084	RegAsymX.exe
2084	RegAsymX.exe
2500	RegAsymX.exe
2500	RegAsymX.exe
2788	RegAsymX.exe
2788	RegAsymX.exe
2468	RegAsymX.exe
2468	RegAsymX.exe
2812	RegAsymX.exe
2812	RegAsymX.exe
2668	RegAsymX.exe
2668	RegAsymX.exe
1720	RegAsymX.exe
1720	RegAsymX.exe
1168	RegAsymX.exe
1168	RegAsymX.exe
2976	RegAsymX.exe
2976	RegAsymX.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1712	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
1712	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2520	RegAsymX.exe
2520	RegAsymX.exe
2896	RegAsymX.exe
2896	RegAsymX.exe
2776	RegAsymX.exe
2776	RegAsymX.exe
2816	RegAsymX.exe
2816	RegAsymX.exe
2652	RegAsymX.exe
2652	RegAsymX.exe
2700	RegAsymX.exe
2700	RegAsymX.exe
1560	RegAsymX.exe
1560	RegAsymX.exe
3000	RegAsymX.exe
3000	RegAsymX.exe
2940	RegAsymX.exe
2940	RegAsymX.exe
2984	RegAsymX.exe
2984	RegAsymX.exe
1940	RegAsymX.exe
1940	RegAsymX.exe
2196	RegAsymX.exe
2196	RegAsymX.exe
2432	RegAsymX.exe
2432	RegAsymX.exe
1084	RegAsymX.exe
1084	RegAsymX.exe
1152	RegAsymX.exe
1152	RegAsymX.exe
1292	RegAsymX.exe
1292	RegAsymX.exe
1028	RegAsymX.exe
1028	RegAsymX.exe
2144	RegAsymX.exe
2144	RegAsymX.exe
3052	RegAsymX.exe
3052	RegAsymX.exe
1872	RegAsymX.exe
1872	RegAsymX.exe
2412	RegAsymX.exe
2412	RegAsymX.exe
1616	RegAsymX.exe
1616	RegAsymX.exe
2084	RegAsymX.exe
2084	RegAsymX.exe
2500	RegAsymX.exe
2500	RegAsymX.exe
2788	RegAsymX.exe
2788	RegAsymX.exe
2468	RegAsymX.exe
2468	RegAsymX.exe
2812	RegAsymX.exe
2812	RegAsymX.exe
2668	RegAsymX.exe
2668	RegAsymX.exe
1720	RegAsymX.exe
1720	RegAsymX.exe
1168	RegAsymX.exe
1168	RegAsymX.exe
2976	RegAsymX.exe
2976	RegAsymX.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2520	1712	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe	30
PID 1712 wrote to memory of 2520	1712	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe	30
PID 1712 wrote to memory of 2520	1712	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe	30
PID 1712 wrote to memory of 2520	1712	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe	30
PID 2520 wrote to memory of 2896	2520	RegAsymX.exe	31
PID 2520 wrote to memory of 2896	2520	RegAsymX.exe	31
PID 2520 wrote to memory of 2896	2520	RegAsymX.exe	31
PID 2520 wrote to memory of 2896	2520	RegAsymX.exe	31
PID 2896 wrote to memory of 2776	2896	RegAsymX.exe	32
PID 2896 wrote to memory of 2776	2896	RegAsymX.exe	32
PID 2896 wrote to memory of 2776	2896	RegAsymX.exe	32
PID 2896 wrote to memory of 2776	2896	RegAsymX.exe	32
PID 2776 wrote to memory of 2816	2776	RegAsymX.exe	33
PID 2776 wrote to memory of 2816	2776	RegAsymX.exe	33
PID 2776 wrote to memory of 2816	2776	RegAsymX.exe	33
PID 2776 wrote to memory of 2816	2776	RegAsymX.exe	33
PID 2816 wrote to memory of 2652	2816	RegAsymX.exe	34
PID 2816 wrote to memory of 2652	2816	RegAsymX.exe	34
PID 2816 wrote to memory of 2652	2816	RegAsymX.exe	34
PID 2816 wrote to memory of 2652	2816	RegAsymX.exe	34
PID 2652 wrote to memory of 2700	2652	RegAsymX.exe	35
PID 2652 wrote to memory of 2700	2652	RegAsymX.exe	35
PID 2652 wrote to memory of 2700	2652	RegAsymX.exe	35
PID 2652 wrote to memory of 2700	2652	RegAsymX.exe	35
PID 2700 wrote to memory of 1560	2700	RegAsymX.exe	36
PID 2700 wrote to memory of 1560	2700	RegAsymX.exe	36
PID 2700 wrote to memory of 1560	2700	RegAsymX.exe	36
PID 2700 wrote to memory of 1560	2700	RegAsymX.exe	36
PID 1560 wrote to memory of 3000	1560	RegAsymX.exe	37
PID 1560 wrote to memory of 3000	1560	RegAsymX.exe	37
PID 1560 wrote to memory of 3000	1560	RegAsymX.exe	37
PID 1560 wrote to memory of 3000	1560	RegAsymX.exe	37
PID 3000 wrote to memory of 2940	3000	RegAsymX.exe	38
PID 3000 wrote to memory of 2940	3000	RegAsymX.exe	38
PID 3000 wrote to memory of 2940	3000	RegAsymX.exe	38
PID 3000 wrote to memory of 2940	3000	RegAsymX.exe	38
PID 2940 wrote to memory of 2984	2940	RegAsymX.exe	39
PID 2940 wrote to memory of 2984	2940	RegAsymX.exe	39
PID 2940 wrote to memory of 2984	2940	RegAsymX.exe	39
PID 2940 wrote to memory of 2984	2940	RegAsymX.exe	39
PID 2984 wrote to memory of 1940	2984	RegAsymX.exe	40
PID 2984 wrote to memory of 1940	2984	RegAsymX.exe	40
PID 2984 wrote to memory of 1940	2984	RegAsymX.exe	40
PID 2984 wrote to memory of 1940	2984	RegAsymX.exe	40
PID 1940 wrote to memory of 2196	1940	RegAsymX.exe	41
PID 1940 wrote to memory of 2196	1940	RegAsymX.exe	41
PID 1940 wrote to memory of 2196	1940	RegAsymX.exe	41
PID 1940 wrote to memory of 2196	1940	RegAsymX.exe	41
PID 2196 wrote to memory of 2432	2196	RegAsymX.exe	43
PID 2196 wrote to memory of 2432	2196	RegAsymX.exe	43
PID 2196 wrote to memory of 2432	2196	RegAsymX.exe	43
PID 2196 wrote to memory of 2432	2196	RegAsymX.exe	43
PID 2432 wrote to memory of 1084	2432	RegAsymX.exe	44
PID 2432 wrote to memory of 1084	2432	RegAsymX.exe	44
PID 2432 wrote to memory of 1084	2432	RegAsymX.exe	44
PID 2432 wrote to memory of 1084	2432	RegAsymX.exe	44
PID 1084 wrote to memory of 1152	1084	RegAsymX.exe	45
PID 1084 wrote to memory of 1152	1084	RegAsymX.exe	45
PID 1084 wrote to memory of 1152	1084	RegAsymX.exe	45
PID 1084 wrote to memory of 1152	1084	RegAsymX.exe	45
PID 1152 wrote to memory of 1292	1152	RegAsymX.exe	46
PID 1152 wrote to memory of 1292	1152	RegAsymX.exe	46
PID 1152 wrote to memory of 1292	1152	RegAsymX.exe	46
PID 1152 wrote to memory of 1292	1152	RegAsymX.exe	46

C:\Users\Admin\AppData\Local\Temp\560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
"C:\Users\Admin\AppData\Local\Temp\560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
  "C:\Users\Admin\AppData\Local\Temp\560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
    "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2896
  - - C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
      "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2776
    - - C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2816
      - C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        14⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        27⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        33⤵
        Executes dropped EXE
        
        PID:632
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        34⤵
        Executes dropped EXE
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        35⤵
        Executes dropped EXE
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        36⤵
        Executes dropped EXE
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        37⤵
        Executes dropped EXE
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        38⤵
        Executes dropped EXE
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        39⤵
        Executes dropped EXE
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        40⤵
        Executes dropped EXE
        
        PID:672
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        41⤵
        Executes dropped EXE
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        42⤵
        Executes dropped EXE
        
        PID:880
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        43⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        44⤵
        Executes dropped EXE
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        45⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        46⤵
        Executes dropped EXE
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        47⤵
        Executes dropped EXE
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        48⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        49⤵
        Executes dropped EXE
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        50⤵
        Executes dropped EXE
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        51⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        52⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        53⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:668
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        54⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:980
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        55⤵
        Executes dropped EXE
        
        PID:560
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        56⤵
        Executes dropped EXE
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        57⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:292
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        58⤵
        Executes dropped EXE
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        59⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        60⤵
        Executes dropped EXE
        
        PID:636
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        61⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        62⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        63⤵
        Executes dropped EXE
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        64⤵
        Executes dropped EXE
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        65⤵
        Executes dropped EXE
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        66⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        67⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        68⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        69⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        70⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        72⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        73⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        74⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        75⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        77⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        78⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        79⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        80⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        81⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        82⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        83⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        86⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        89⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        91⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        92⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        93⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        94⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        95⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        97⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        98⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        101⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        102⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        104⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        105⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        106⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        107⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        108⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        109⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        110⤵
        System Location Discovery: System Language Discovery
        
        PID:404
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        111⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        112⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        113⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        114⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        115⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        117⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        118⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        119⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        120⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        121⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        122⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        123⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        124⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        125⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        126⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        127⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        128⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        129⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        130⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        131⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        132⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        133⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        134⤵
        System Location Discovery: System Language Discovery
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        135⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        136⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        138⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        139⤵
        System Location Discovery: System Language Discovery
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        142⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        143⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        144⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        145⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        146⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        148⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        149⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        150⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        151⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        153⤵
        System Location Discovery: System Language Discovery
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        154⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        155⤵
        System Location Discovery: System Language Discovery
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        156⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        157⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        158⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        159⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        160⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        161⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        162⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:684
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        164⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        165⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        166⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        167⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        168⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        169⤵
        System Location Discovery: System Language Discovery
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        170⤵
        System Location Discovery: System Language Discovery
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        171⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        172⤵
        System Location Discovery: System Language Discovery
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        173⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        174⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        175⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        176⤵
        System Location Discovery: System Language Discovery
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        177⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        178⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        179⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        180⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        181⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        182⤵
        System Location Discovery: System Language Discovery
        
        PID:872
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        183⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        184⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        185⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        186⤵
        System Location Discovery: System Language Discovery
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        187⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        188⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        189⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        190⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        191⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        192⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        193⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        194⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        195⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        196⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        197⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        198⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        199⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        200⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        201⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        202⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        203⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        205⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        206⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        207⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        208⤵
        System Location Discovery: System Language Discovery
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        209⤵
        System Location Discovery: System Language Discovery
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        210⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        212⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        213⤵
        System Location Discovery: System Language Discovery
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        214⤵
        System Location Discovery: System Language Discovery
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        215⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        216⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        217⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        218⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        219⤵
        System Location Discovery: System Language Discovery
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        220⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        221⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        222⤵
        
        PID:3560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Lymnaeidae

Filesize
84KB

MD5
e9d80ff6fcd8ceeb2f0c63b6d84354fd

SHA1
9e697f748635834b3b88f33fbb77323261b325b0

SHA256
91f5f7478ffcd500ad50e86ada1faffc60979b449af4d56b3bf1f71bb7da0a3d

SHA512
aba78fb40aae7238b20ba9fbe9d975481da595896a651962c41b89f6bea323a7040afaf35a33f0608a4f2d0aaf899537a5e1cc37887afc6ece0e468f9916b343

Download Submit
C:\Users\Admin\AppData\Local\Temp\autACF2.tmp

Filesize
408KB

MD5
ce86f406e025ab6c2d4619b42b06a10f

SHA1
910ec8a487315a88f37d98e65c61886bfb6e5a8d

SHA256
c74e9a1bc00368e1cce005364c3b8ec3822241d895febc6f018491ea368e6464

SHA512
6b999d9b150eb8b6ecbb37a4b0f3e0a0246a97bce310044bdd90926945a4fd6942bfece1b0f64c57108834efc63a60feb48497db2d4a1a7ded076dc1fe162665

Download Submit
C:\Users\Admin\AppData\Local\Temp\autAD02.tmp

Filesize
42KB

MD5
82867b0c21d8c24cf50c4408d8f9821b

SHA1
08cdc310e08ae5e72502e4077134bb6de08f3739

SHA256
900638a4da24c03753d210ea0c53ff6d729c04563c67b533c5e4f5271f4a3fd5

SHA512
f416f2e257caa70d47f152958c95f3f71443afbdd1e641b37ae0ca5d15954f19d8f0461fe035dd3a23afcb6d5e8c62577ae33aa192e35da3af3922bd868f2e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ophiolatrous

Filesize
483KB

MD5
89669f54c2cf58a12e6eb05f0b0c8b45

SHA1
9dd08035fb240b2d8c284c31786f20c04e4d871a

SHA256
7367a34c0b9d0c68678b8bd5bd02a54c94d7a60000aabc0525079b641c0f5e03

SHA512
000188de8af2c2886ab5085890835e29cf0e65f6c9fc01a52f47a709650d8c9f411bb8931e545c27edc132ee14fa685ec063d5681bffd9ece56a52473e9f2686

Download Submit
\Users\Admin\AppData\Local\directory\RegAsymX.exe

Filesize
1.4MB

MD5
c7fc0cee8ca35d709ed276e9f88ddbed

SHA1
ceea9d76bf0429872f4d7420addd0abdb5e8f4dc

SHA256
560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e

SHA512
a1b93c9cb87993f77f2decf0e4ee33277567651d7fb664b579f3e293f97c6b198ce701c02cffd9d295b3e40f62cd6500f55bc252212c5ec81ac9e257831273da

Download Submit
memory/1712-11-0x00000000001A0000-0x00000000001A4000-memory.dmp

Filesize
16KB

Download