560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-09-2024 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
Size

1.4MB
MD5

c7fc0cee8ca35d709ed276e9f88ddbed
SHA1

ceea9d76bf0429872f4d7420addd0abdb5e8f4dc
SHA256

560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e
SHA512

a1b93c9cb87993f77f2decf0e4ee33277567651d7fb664b579f3e293f97c6b198ce701c02cffd9d295b3e40f62cd6500f55bc252212c5ec81ac9e257831273da
SSDEEP

24576:2qDEvCTbMWu7rQYlBQcBiT6rprG8aIHo9Hi9Yc1St1R1M9p09oMMhDIGL0:2TvC/MTQYxsWR7aIHEC+coJ1OpwoMMhv

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RegAsymX.vbs	RegAsymX.exe

Executes dropped EXE 64 IoCs

pid	Process
2320	RegAsymX.exe
2248	RegAsymX.exe
2828	RegAsymX.exe
2860	RegAsymX.exe
2688	RegAsymX.exe
840	RegAsymX.exe
2764	RegAsymX.exe
2912	RegAsymX.exe
2920	RegAsymX.exe
620	RegAsymX.exe
1936	RegAsymX.exe
2172	RegAsymX.exe
1776	RegAsymX.exe
1628	RegAsymX.exe
980	RegAsymX.exe
1724	RegAsymX.exe
2272	RegAsymX.exe
1812	RegAsymX.exe
2520	RegAsymX.exe
2140	RegAsymX.exe
1996	RegAsymX.exe
2480	RegAsymX.exe
2348	RegAsymX.exe
2108	RegAsymX.exe
2840	RegAsymX.exe
2820	RegAsymX.exe
2916	RegAsymX.exe
2856	RegAsymX.exe
3036	RegAsymX.exe
1248	RegAsymX.exe
2868	RegAsymX.exe
2788	RegAsymX.exe
2672	RegAsymX.exe
856	RegAsymX.exe
1704	RegAsymX.exe
2476	RegAsymX.exe
2188	RegAsymX.exe
828	RegAsymX.exe
1540	RegAsymX.exe
564	RegAsymX.exe
1572	RegAsymX.exe
1808	RegAsymX.exe
2448	RegAsymX.exe
2384	RegAsymX.exe
1500	RegAsymX.exe
2972	RegAsymX.exe
1652	RegAsymX.exe
2500	RegAsymX.exe
2844	RegAsymX.exe
2816	RegAsymX.exe
1144	RegAsymX.exe
2580	RegAsymX.exe
1656	RegAsymX.exe
292	RegAsymX.exe
2900	RegAsymX.exe
2896	RegAsymX.exe
1044	RegAsymX.exe
1208	RegAsymX.exe
3028	RegAsymX.exe
2084	RegAsymX.exe
2276	RegAsymX.exe
896	RegAsymX.exe
2924	RegAsymX.exe
348	RegAsymX.exe

Loads dropped DLL 2 IoCs

pid	Process
2360	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2320	RegAsymX.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0007000000016de4-13.dat	autoit_exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsymX.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2360	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2360	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2320	RegAsymX.exe
2320	RegAsymX.exe
2248	RegAsymX.exe
2248	RegAsymX.exe
2828	RegAsymX.exe
2828	RegAsymX.exe
2860	RegAsymX.exe
2860	RegAsymX.exe
2688	RegAsymX.exe
2688	RegAsymX.exe
840	RegAsymX.exe
840	RegAsymX.exe
2764	RegAsymX.exe
2764	RegAsymX.exe
2912	RegAsymX.exe
2912	RegAsymX.exe
2920	RegAsymX.exe
2920	RegAsymX.exe
620	RegAsymX.exe
620	RegAsymX.exe
1936	RegAsymX.exe
1936	RegAsymX.exe
2172	RegAsymX.exe
2172	RegAsymX.exe
1776	RegAsymX.exe
1776	RegAsymX.exe
1628	RegAsymX.exe
1628	RegAsymX.exe
980	RegAsymX.exe
980	RegAsymX.exe
1724	RegAsymX.exe
1724	RegAsymX.exe
2272	RegAsymX.exe
2272	RegAsymX.exe
1812	RegAsymX.exe
1812	RegAsymX.exe
2520	RegAsymX.exe
2520	RegAsymX.exe
2140	RegAsymX.exe
2140	RegAsymX.exe
1996	RegAsymX.exe
1996	RegAsymX.exe
2480	RegAsymX.exe
2480	RegAsymX.exe
2348	RegAsymX.exe
2348	RegAsymX.exe
2108	RegAsymX.exe
2108	RegAsymX.exe
2840	RegAsymX.exe
2840	RegAsymX.exe
2820	RegAsymX.exe
2820	RegAsymX.exe
2916	RegAsymX.exe
2916	RegAsymX.exe
2856	RegAsymX.exe
2856	RegAsymX.exe
3036	RegAsymX.exe
3036	RegAsymX.exe
1248	RegAsymX.exe
1248	RegAsymX.exe
2868	RegAsymX.exe
2868	RegAsymX.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2360	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2360	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
2320	RegAsymX.exe
2320	RegAsymX.exe
2248	RegAsymX.exe
2248	RegAsymX.exe
2828	RegAsymX.exe
2828	RegAsymX.exe
2860	RegAsymX.exe
2860	RegAsymX.exe
2688	RegAsymX.exe
2688	RegAsymX.exe
840	RegAsymX.exe
840	RegAsymX.exe
2764	RegAsymX.exe
2764	RegAsymX.exe
2912	RegAsymX.exe
2912	RegAsymX.exe
2920	RegAsymX.exe
2920	RegAsymX.exe
620	RegAsymX.exe
620	RegAsymX.exe
1936	RegAsymX.exe
1936	RegAsymX.exe
2172	RegAsymX.exe
2172	RegAsymX.exe
1776	RegAsymX.exe
1776	RegAsymX.exe
1628	RegAsymX.exe
1628	RegAsymX.exe
980	RegAsymX.exe
980	RegAsymX.exe
1724	RegAsymX.exe
1724	RegAsymX.exe
2272	RegAsymX.exe
2272	RegAsymX.exe
1812	RegAsymX.exe
1812	RegAsymX.exe
2520	RegAsymX.exe
2520	RegAsymX.exe
2140	RegAsymX.exe
2140	RegAsymX.exe
1996	RegAsymX.exe
1996	RegAsymX.exe
2480	RegAsymX.exe
2480	RegAsymX.exe
2348	RegAsymX.exe
2348	RegAsymX.exe
2108	RegAsymX.exe
2108	RegAsymX.exe
2840	RegAsymX.exe
2840	RegAsymX.exe
2820	RegAsymX.exe
2820	RegAsymX.exe
2916	RegAsymX.exe
2916	RegAsymX.exe
2856	RegAsymX.exe
2856	RegAsymX.exe
3036	RegAsymX.exe
3036	RegAsymX.exe
1248	RegAsymX.exe
1248	RegAsymX.exe
2868	RegAsymX.exe
2868	RegAsymX.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2320	2360	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe	31
PID 2360 wrote to memory of 2320	2360	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe	31
PID 2360 wrote to memory of 2320	2360	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe	31
PID 2360 wrote to memory of 2320	2360	560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe	31
PID 2320 wrote to memory of 2248	2320	RegAsymX.exe	32
PID 2320 wrote to memory of 2248	2320	RegAsymX.exe	32
PID 2320 wrote to memory of 2248	2320	RegAsymX.exe	32
PID 2320 wrote to memory of 2248	2320	RegAsymX.exe	32
PID 2248 wrote to memory of 2828	2248	RegAsymX.exe	33
PID 2248 wrote to memory of 2828	2248	RegAsymX.exe	33
PID 2248 wrote to memory of 2828	2248	RegAsymX.exe	33
PID 2248 wrote to memory of 2828	2248	RegAsymX.exe	33
PID 2828 wrote to memory of 2860	2828	RegAsymX.exe	34
PID 2828 wrote to memory of 2860	2828	RegAsymX.exe	34
PID 2828 wrote to memory of 2860	2828	RegAsymX.exe	34
PID 2828 wrote to memory of 2860	2828	RegAsymX.exe	34
PID 2860 wrote to memory of 2688	2860	RegAsymX.exe	35
PID 2860 wrote to memory of 2688	2860	RegAsymX.exe	35
PID 2860 wrote to memory of 2688	2860	RegAsymX.exe	35
PID 2860 wrote to memory of 2688	2860	RegAsymX.exe	35
PID 2688 wrote to memory of 840	2688	RegAsymX.exe	36
PID 2688 wrote to memory of 840	2688	RegAsymX.exe	36
PID 2688 wrote to memory of 840	2688	RegAsymX.exe	36
PID 2688 wrote to memory of 840	2688	RegAsymX.exe	36
PID 840 wrote to memory of 2764	840	RegAsymX.exe	37
PID 840 wrote to memory of 2764	840	RegAsymX.exe	37
PID 840 wrote to memory of 2764	840	RegAsymX.exe	37
PID 840 wrote to memory of 2764	840	RegAsymX.exe	37
PID 2764 wrote to memory of 2912	2764	RegAsymX.exe	38
PID 2764 wrote to memory of 2912	2764	RegAsymX.exe	38
PID 2764 wrote to memory of 2912	2764	RegAsymX.exe	38
PID 2764 wrote to memory of 2912	2764	RegAsymX.exe	38
PID 2912 wrote to memory of 2920	2912	RegAsymX.exe	39
PID 2912 wrote to memory of 2920	2912	RegAsymX.exe	39
PID 2912 wrote to memory of 2920	2912	RegAsymX.exe	39
PID 2912 wrote to memory of 2920	2912	RegAsymX.exe	39
PID 2920 wrote to memory of 620	2920	RegAsymX.exe	40
PID 2920 wrote to memory of 620	2920	RegAsymX.exe	40
PID 2920 wrote to memory of 620	2920	RegAsymX.exe	40
PID 2920 wrote to memory of 620	2920	RegAsymX.exe	40
PID 620 wrote to memory of 1936	620	RegAsymX.exe	41
PID 620 wrote to memory of 1936	620	RegAsymX.exe	41
PID 620 wrote to memory of 1936	620	RegAsymX.exe	41
PID 620 wrote to memory of 1936	620	RegAsymX.exe	41
PID 1936 wrote to memory of 2172	1936	RegAsymX.exe	42
PID 1936 wrote to memory of 2172	1936	RegAsymX.exe	42
PID 1936 wrote to memory of 2172	1936	RegAsymX.exe	42
PID 1936 wrote to memory of 2172	1936	RegAsymX.exe	42
PID 2172 wrote to memory of 1776	2172	RegAsymX.exe	43
PID 2172 wrote to memory of 1776	2172	RegAsymX.exe	43
PID 2172 wrote to memory of 1776	2172	RegAsymX.exe	43
PID 2172 wrote to memory of 1776	2172	RegAsymX.exe	43
PID 1776 wrote to memory of 1628	1776	RegAsymX.exe	44
PID 1776 wrote to memory of 1628	1776	RegAsymX.exe	44
PID 1776 wrote to memory of 1628	1776	RegAsymX.exe	44
PID 1776 wrote to memory of 1628	1776	RegAsymX.exe	44
PID 1628 wrote to memory of 980	1628	RegAsymX.exe	45
PID 1628 wrote to memory of 980	1628	RegAsymX.exe	45
PID 1628 wrote to memory of 980	1628	RegAsymX.exe	45
PID 1628 wrote to memory of 980	1628	RegAsymX.exe	45
PID 980 wrote to memory of 1724	980	RegAsymX.exe	46
PID 980 wrote to memory of 1724	980	RegAsymX.exe	46
PID 980 wrote to memory of 1724	980	RegAsymX.exe	46
PID 980 wrote to memory of 1724	980	RegAsymX.exe	46

C:\Users\Admin\AppData\Local\Temp\560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe
"C:\Users\Admin\AppData\Local\Temp\560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
  "C:\Users\Admin\AppData\Local\Temp\560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2320
- - C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
    "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2248
  - - C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
      "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2860
      - C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:840
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:620
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:980
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        21⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        24⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        26⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        28⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        33⤵
        Executes dropped EXE
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        34⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        35⤵
        Executes dropped EXE
        
        PID:856
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        36⤵
        Executes dropped EXE
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        37⤵
        Executes dropped EXE
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        38⤵
        Executes dropped EXE
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        39⤵
        Executes dropped EXE
        
        PID:828
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        40⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        41⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:564
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        42⤵
        Executes dropped EXE
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        43⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        44⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        45⤵
        Executes dropped EXE
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        46⤵
        Executes dropped EXE
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        47⤵
        Executes dropped EXE
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        48⤵
        Executes dropped EXE
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        49⤵
        Executes dropped EXE
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        50⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        51⤵
        Executes dropped EXE
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        52⤵
        Executes dropped EXE
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        53⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        54⤵
        Executes dropped EXE
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        55⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:292
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        56⤵
        Executes dropped EXE
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        57⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        58⤵
        Executes dropped EXE
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        59⤵
        Executes dropped EXE
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        60⤵
        Executes dropped EXE
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        61⤵
        Executes dropped EXE
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        62⤵
        Executes dropped EXE
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        63⤵
        Executes dropped EXE
        
        PID:896
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        64⤵
        Executes dropped EXE
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        65⤵
        Executes dropped EXE
        
        PID:348
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        66⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        67⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        68⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        69⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        70⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        71⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        72⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        73⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        74⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        75⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        77⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        78⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        79⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        80⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        81⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        82⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        83⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        84⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        85⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:992
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        87⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        88⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        89⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        90⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        91⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        92⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        94⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        95⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        96⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        97⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        98⤵
        System Location Discovery: System Language Discovery
        
        PID:824
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        99⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        100⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        101⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        102⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:352
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        104⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        105⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        106⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        107⤵
        System Location Discovery: System Language Discovery
        
        PID:952
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        108⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        109⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        110⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        111⤵
        System Location Discovery: System Language Discovery
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        113⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        114⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        115⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        117⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        118⤵
        System Location Discovery: System Language Discovery
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        120⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        121⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        122⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        123⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        124⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        125⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        126⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        127⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        128⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        129⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        130⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        131⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        132⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        133⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        134⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        135⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        136⤵
        System Location Discovery: System Language Discovery
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        137⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        138⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        139⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        141⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        142⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        143⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        144⤵
        System Location Discovery: System Language Discovery
        
        PID:328
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        145⤵
        
        PID:728
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        146⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        147⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        148⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        149⤵
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        150⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        151⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        152⤵
        System Location Discovery: System Language Discovery
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        153⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        154⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        155⤵
        System Location Discovery: System Language Discovery
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        156⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        157⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        158⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        159⤵
        System Location Discovery: System Language Discovery
        
        PID:548
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        160⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        161⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        162⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:684
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        164⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        165⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        166⤵
        System Location Discovery: System Language Discovery
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        167⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        168⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        169⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        170⤵
        System Location Discovery: System Language Discovery
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        171⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        172⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        173⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        174⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        175⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        176⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        177⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        178⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        179⤵
        System Location Discovery: System Language Discovery
        
        PID:924
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        180⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        181⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        182⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        183⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        184⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        185⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        186⤵
        System Location Discovery: System Language Discovery
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        187⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        188⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        189⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        190⤵
        System Location Discovery: System Language Discovery
        
        PID:108
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        191⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        192⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        193⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        194⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        195⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        196⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        197⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        198⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        199⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        200⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        201⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        202⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        203⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        205⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        206⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        207⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        208⤵
        System Location Discovery: System Language Discovery
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        209⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        210⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        211⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        212⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        213⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        214⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        215⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        216⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        217⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        218⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        219⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        220⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        221⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        222⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        223⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\directory\RegAsymX.exe
        
        "C:\Users\Admin\AppData\Local\directory\RegAsymX.exe"
        224⤵
        System Location Discovery: System Language Discovery
        
        PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Lymnaeidae

Filesize
84KB

MD5
e9d80ff6fcd8ceeb2f0c63b6d84354fd

SHA1
9e697f748635834b3b88f33fbb77323261b325b0

SHA256
91f5f7478ffcd500ad50e86ada1faffc60979b449af4d56b3bf1f71bb7da0a3d

SHA512
aba78fb40aae7238b20ba9fbe9d975481da595896a651962c41b89f6bea323a7040afaf35a33f0608a4f2d0aaf899537a5e1cc37887afc6ece0e468f9916b343

Download Submit
C:\Users\Admin\AppData\Local\Temp\autE8BA.tmp

Filesize
408KB

MD5
ce86f406e025ab6c2d4619b42b06a10f

SHA1
910ec8a487315a88f37d98e65c61886bfb6e5a8d

SHA256
c74e9a1bc00368e1cce005364c3b8ec3822241d895febc6f018491ea368e6464

SHA512
6b999d9b150eb8b6ecbb37a4b0f3e0a0246a97bce310044bdd90926945a4fd6942bfece1b0f64c57108834efc63a60feb48497db2d4a1a7ded076dc1fe162665

Download Submit
C:\Users\Admin\AppData\Local\Temp\autE8CA.tmp

Filesize
42KB

MD5
82867b0c21d8c24cf50c4408d8f9821b

SHA1
08cdc310e08ae5e72502e4077134bb6de08f3739

SHA256
900638a4da24c03753d210ea0c53ff6d729c04563c67b533c5e4f5271f4a3fd5

SHA512
f416f2e257caa70d47f152958c95f3f71443afbdd1e641b37ae0ca5d15954f19d8f0461fe035dd3a23afcb6d5e8c62577ae33aa192e35da3af3922bd868f2e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ophiolatrous

Filesize
483KB

MD5
89669f54c2cf58a12e6eb05f0b0c8b45

SHA1
9dd08035fb240b2d8c284c31786f20c04e4d871a

SHA256
7367a34c0b9d0c68678b8bd5bd02a54c94d7a60000aabc0525079b641c0f5e03

SHA512
000188de8af2c2886ab5085890835e29cf0e65f6c9fc01a52f47a709650d8c9f411bb8931e545c27edc132ee14fa685ec063d5681bffd9ece56a52473e9f2686

Download Submit
\Users\Admin\AppData\Local\directory\RegAsymX.exe

Filesize
1.4MB

MD5
c7fc0cee8ca35d709ed276e9f88ddbed

SHA1
ceea9d76bf0429872f4d7420addd0abdb5e8f4dc

SHA256
560def626fc69a10e4979b67107efaad102e2a01ce4733d005003dd47437a30e

SHA512
a1b93c9cb87993f77f2decf0e4ee33277567651d7fb664b579f3e293f97c6b198ce701c02cffd9d295b3e40f62cd6500f55bc252212c5ec81ac9e257831273da

Download Submit
memory/2360-11-0x0000000000170000-0x0000000000174000-memory.dmp

Filesize
16KB

Download