xenorat | hxxps://github[.]com/mategol/PySilon-malware/releases/tag/v3[.]7[.]5

Analysis

max time kernel
445s
max time network
965s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
27-11-2024 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/mategol/PySilon-malware/releases/tag/v3.7.5

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

1683.3.3

158.346.1231

1683.3.3.3

127.0.0.1

Mutex

\asdawads

Attributes

delay
5000
install_path
temp
port
114234
startup_name
nolice

Signatures

Detect XenoRat Payload 8 IoCs

resource	yara_rule
behavioral1/files/0x0005000000024f51-916.dat	family_xenorat
behavioral1/files/0x0005000000024f53-933.dat	family_xenorat
behavioral1/files/0x0005000000024f55-954.dat	family_xenorat
behavioral1/files/0x0005000000024f55-1036.dat	family_xenorat
behavioral1/memory/1412-1047-0x0000000000DE0000-0x0000000000DF2000-memory.dmp	family_xenorat
behavioral1/memory/3452-1092-0x00000000000A0000-0x00000000000B2000-memory.dmp	family_xenorat
behavioral1/memory/4128-1093-0x0000000000C30000-0x0000000000C42000-memory.dmp	family_xenorat
behavioral1/memory/2684-1094-0x00000000009B0000-0x00000000009C2000-memory.dmp	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Xenorat family
xenorat

Executes dropped EXE 64 IoCs

pid	Process
1412	asds.exe
4664	asds.exe
756	asds.exe
1020	asds.exe
4884	asds.exe
1424	asds.exe
2292	asds.exe
1068	asds.exe
2100	asds.exe
2192	asds.exe
3168	asds.exe
1084	asds.exe
4752	asds.exe
4948	asds.exe
3360	asds.exe
3816	asds.exe
3804	asds.exe
3828	asds.exe
3888	asds.exe
4772	asds.exe
2992	asds.exe
3248	asds.exe
2216	asds.exe
1556	asds.exe
3812	asds.exe
1708	asds.exe
2012	asds.exe
4636	asds.exe
3876	asds.exe
3908	asds.exe
8	asds.exe
1100	asds.exe
3168	asds.exe
3256	asds.exe
3452	asds.exe
1392	asds.exe
2032	asds.exe
2044	asds.exe
5116	asds.exe
1320	asds.exe
1476	asds.exe
240	asds.exe
3612	asds.exe
3584	asds.exe
112	asds.exe
4544	asds.exe
4696	asds.exe
1020	asds.exe
4464	asds.exe
3400	asds.exe
4084	asds.exe
2292	asds.exe
280	asds.exe
3016	asds.exe
772	asds.exe
912	asds.exe
2056	asds.exe
3920	asds.exe
4196	asds.exe
3584	asds.exe
1116	asds.exe
2064	asds.exe
2848	asds.exe
2340	asds.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4828	2056	Process not Found	6132
5036	2940	Process not Found	6130

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	asds.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 48 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\NodeSlot = "6"	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0\MRUListEx = ffffffff	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = 00000000ffffffff	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	xeno rat server.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 500031000000000047598863100041646d696e003c0009000400efbe4759855e7b59499b2e0000002c570200000001000000000000000000000000000000d3b69b00410064006d0069006e00000014000000	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\0 = 7e003100000000004759e56211004465736b746f7000680009000400efbe4759855e7b594f9b2e000000365702000000010000000000000000003e0000000000ea8f29014400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	xeno rat server.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	xeno rat server.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 78003100000000004759855e1100557365727300640009000400efbec5522d607b59499b2e0000006c0500000000010000000000000000003a0000000000753f7d0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	xeno rat server.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff	xeno rat server.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	xeno rat server.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\PySilon-malware-3.7.5.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Release.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
3412	msedge.exe
3412	msedge.exe
5068	identity_helper.exe
5068	identity_helper.exe
4344	msedge.exe
4344	msedge.exe
1080	msedge.exe
1080	msedge.exe
4884	msedge.exe
4884	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5000	xeno rat server.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4664	asds.exe
Token: SeDebugPrivilege	756	asds.exe
Token: SeDebugPrivilege	1020	asds.exe
Token: SeDebugPrivilege	4884	asds.exe
Token: SeDebugPrivilege	1424	asds.exe
Token: SeDebugPrivilege	2292	asds.exe
Token: SeDebugPrivilege	1068	asds.exe
Token: SeDebugPrivilege	2100	asds.exe
Token: SeDebugPrivilege	2192	asds.exe
Token: SeDebugPrivilege	3168	asds.exe
Token: SeDebugPrivilege	1084	asds.exe
Token: SeDebugPrivilege	4752	asds.exe
Token: SeDebugPrivilege	4948	asds.exe
Token: SeDebugPrivilege	3360	asds.exe
Token: SeDebugPrivilege	3816	asds.exe
Token: SeDebugPrivilege	3804	asds.exe
Token: SeDebugPrivilege	3828	asds.exe
Token: SeDebugPrivilege	3888	asds.exe
Token: SeDebugPrivilege	4772	asds.exe
Token: SeDebugPrivilege	2992	asds.exe
Token: SeDebugPrivilege	3248	asds.exe
Token: SeDebugPrivilege	2216	asds.exe
Token: SeDebugPrivilege	1556	asds.exe
Token: SeDebugPrivilege	3812	asds.exe
Token: SeDebugPrivilege	1708	asds.exe
Token: SeDebugPrivilege	2012	asds.exe
Token: SeDebugPrivilege	4636	asds.exe
Token: SeDebugPrivilege	3876	asds.exe
Token: SeDebugPrivilege	3908	asds.exe
Token: SeDebugPrivilege	8	asds.exe
Token: SeDebugPrivilege	1100	asds.exe
Token: SeDebugPrivilege	3168	asds.exe
Token: SeDebugPrivilege	3256	asds.exe
Token: SeDebugPrivilege	3452	asds.exe
Token: SeDebugPrivilege	1392	asds.exe
Token: SeDebugPrivilege	2032	asds.exe
Token: SeDebugPrivilege	2044	asds.exe
Token: SeDebugPrivilege	5116	asds.exe
Token: SeDebugPrivilege	1320	asds.exe
Token: SeDebugPrivilege	1476	asds.exe
Token: SeDebugPrivilege	240	asds.exe
Token: SeDebugPrivilege	3612	asds.exe
Token: SeDebugPrivilege	3584	asds.exe
Token: SeDebugPrivilege	112	asds.exe
Token: SeDebugPrivilege	4544	asds.exe
Token: SeDebugPrivilege	4696	asds.exe
Token: SeDebugPrivilege	1020	asds.exe
Token: SeDebugPrivilege	4464	asds.exe
Token: SeDebugPrivilege	3400	asds.exe
Token: SeDebugPrivilege	4084	asds.exe
Token: SeDebugPrivilege	2292	asds.exe
Token: SeDebugPrivilege	280	asds.exe
Token: SeDebugPrivilege	3016	asds.exe
Token: SeDebugPrivilege	772	asds.exe
Token: SeDebugPrivilege	912	asds.exe
Token: SeDebugPrivilege	2056	asds.exe
Token: SeDebugPrivilege	3920	asds.exe
Token: SeDebugPrivilege	4196	asds.exe
Token: SeDebugPrivilege	3584	asds.exe
Token: SeDebugPrivilege	1116	asds.exe
Token: SeDebugPrivilege	2064	asds.exe
Token: SeDebugPrivilege	2848	asds.exe
Token: SeDebugPrivilege	2340	asds.exe
Token: SeDebugPrivilege	4704	asds.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
5000	xeno rat server.exe
5000	xeno rat server.exe
5000	xeno rat server.exe
5000	xeno rat server.exe
5000	xeno rat server.exe
5000	xeno rat server.exe
5000	xeno rat server.exe
5000	xeno rat server.exe
5000	xeno rat server.exe
5000	xeno rat server.exe
5000	xeno rat server.exe
5000	xeno rat server.exe
5000	xeno rat server.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 4960	3412	msedge.exe	78
PID 3412 wrote to memory of 4960	3412	msedge.exe	78
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 872	3412	msedge.exe	79
PID 3412 wrote to memory of 3572	3412	msedge.exe	80
PID 3412 wrote to memory of 3572	3412	msedge.exe	80
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81
PID 3412 wrote to memory of 4804	3412	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/mategol/PySilon-malware/releases/tag/v3.7.5
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8fd713cb8,0x7ff8fd713cc8,0x7ff8fd713cd8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,8223567201305811035,11314531253229270995,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6540 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3308

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\PySilon-malware-3.7.5\PySilon-malware-3.7.5\PySilon.bat" "
1⤵
PID:4348
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python -m venv pysilon
  2⤵
  PID:4700
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python -m pip install --upgrade pip
  2⤵
  PID:4212
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python builder.py
  2⤵
  PID:2868

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\PySilon-malware-3.7.5\PySilon-malware-3.7.5\PySilon.bat" "
1⤵
PID:3152
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python -m venv pysilon
  2⤵
  PID:4600
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python -m pip install --upgrade pip
  2⤵
  PID:3908
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python builder.py
  2⤵
  PID:4932

C:\Users\Admin\Downloads\Release\xeno rat server.exe
"C:\Users\Admin\Downloads\Release\xeno rat server.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5000

C:\Users\Admin\Desktop\asds.exe
"C:\Users\Admin\Desktop\asds.exe"
1⤵
- Executes dropped EXE
PID:1412
- C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
  "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:4664
- - C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
    "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:756
  - - C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
      "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        33⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        34⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        35⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        36⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        37⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        38⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        39⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        40⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        41⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        42⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        43⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        44⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        45⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        46⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        47⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        48⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        49⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        50⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        51⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        52⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        53⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        54⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        55⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        56⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        57⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        58⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        59⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        60⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        61⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        62⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        63⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        64⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        65⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        66⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        67⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        68⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        69⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        70⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        71⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        73⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        74⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        75⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        76⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        77⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        78⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        79⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        80⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        81⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        83⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        84⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        85⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        86⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        87⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        88⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        89⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        90⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        91⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        92⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        93⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        94⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        95⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        96⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        97⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        98⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        99⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        100⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        101⤵
        
        PID:104
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        102⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        103⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        104⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        105⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        106⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        107⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        108⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        109⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        110⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        111⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        112⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        113⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        114⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        115⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        116⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        117⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        118⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        119⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        120⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        121⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        122⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        123⤵
        System Location Discovery: System Language Discovery
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        124⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        125⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        126⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        127⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        128⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        129⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        130⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        131⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        132⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        133⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        134⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        135⤵
        System Location Discovery: System Language Discovery
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        136⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        137⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        138⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        139⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        140⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        141⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        142⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        143⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        144⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        145⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        146⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        147⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        148⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        149⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        150⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        151⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        152⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        153⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        154⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        155⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        156⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        157⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        158⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        159⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        160⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        161⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        162⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        163⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        164⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        165⤵
        System Location Discovery: System Language Discovery
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        166⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        167⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        168⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        169⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        170⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        171⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        172⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        173⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        174⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        175⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        176⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        177⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        178⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        179⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        180⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        181⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        182⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        183⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        184⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        185⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        186⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        187⤵
        System Location Discovery: System Language Discovery
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        188⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        189⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        190⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        191⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        192⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        193⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        194⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        195⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        196⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        197⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        198⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        199⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        200⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        201⤵
        System Location Discovery: System Language Discovery
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        202⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        203⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        204⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        205⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        206⤵
        System Location Discovery: System Language Discovery
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        207⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        208⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        209⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        210⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        211⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        212⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        213⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        214⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        215⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        216⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        217⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        218⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        219⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        220⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        221⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        222⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        223⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        224⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        225⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        226⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        227⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        228⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        229⤵
        System Location Discovery: System Language Discovery
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        230⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        231⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        232⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        233⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        234⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        235⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        236⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        237⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        238⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        239⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        240⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        241⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        242⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        243⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        244⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        245⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        246⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        247⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        248⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        249⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        250⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        251⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        252⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        253⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        254⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        255⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        256⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        257⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        258⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        259⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        260⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        261⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        262⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        263⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        264⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        265⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        266⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        267⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        268⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        269⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        270⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        271⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        272⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        273⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        274⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        275⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        276⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        277⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        278⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        279⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        280⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        281⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        282⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        283⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        284⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        285⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        286⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        287⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        288⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        289⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        290⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        291⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        292⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        293⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        294⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        295⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        296⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        297⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        298⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        299⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        300⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        301⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        302⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        303⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        304⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        305⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        306⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        307⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        308⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        309⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        310⤵
        
        PID:244
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        311⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        312⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        313⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        314⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        315⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        316⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        317⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        318⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        319⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        320⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        321⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        322⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        323⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        324⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        325⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        326⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        327⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        328⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        329⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        330⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        331⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        332⤵
        System Location Discovery: System Language Discovery
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        333⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        334⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        335⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        336⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        337⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        338⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        339⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        340⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        341⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        342⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        343⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        344⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        345⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        346⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        347⤵
        System Location Discovery: System Language Discovery
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        348⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        349⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        350⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        351⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        352⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        353⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        354⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        355⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        356⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        357⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        358⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        359⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        360⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        361⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        362⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        363⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        364⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        365⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        366⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        367⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        368⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        369⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        370⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        371⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        372⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        373⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        374⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        375⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        376⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        377⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        378⤵
        
        PID:196
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        379⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        380⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        381⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        382⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        383⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        384⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        385⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        386⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        387⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        388⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        389⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        390⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        391⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        392⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        393⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        394⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        395⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        396⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        397⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        398⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        399⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        400⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        401⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        402⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        403⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        404⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        405⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        406⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        407⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        408⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        409⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        410⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        411⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        412⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        413⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        414⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        415⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        416⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        417⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        418⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        419⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        420⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        421⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        422⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        423⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        424⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        425⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        426⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        427⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        428⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        429⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        430⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        431⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        432⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        433⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        434⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        435⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        436⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        437⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        438⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        439⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        440⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        441⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        442⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        443⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        444⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        445⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        446⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        447⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        448⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        449⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        450⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        451⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        452⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        453⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        454⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        455⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        456⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        457⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        458⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        459⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        460⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        461⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        462⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        463⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        464⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        465⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        466⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        467⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        468⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        469⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        470⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        471⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        472⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        473⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        474⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        475⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        476⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        477⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        478⤵
        
        PID:232
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        479⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        480⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        481⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        482⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        483⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        484⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        485⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        486⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        487⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        488⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        489⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        490⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        491⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        492⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        493⤵
        System Location Discovery: System Language Discovery
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        494⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        495⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        496⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        497⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        498⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        499⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        500⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        501⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        502⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        503⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        504⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        505⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        506⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        507⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        508⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        509⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        510⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        511⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        512⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        513⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        514⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        515⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        516⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        517⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        518⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        519⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        520⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        521⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        522⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        523⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        524⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        525⤵
        System Location Discovery: System Language Discovery
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        526⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\XenoManager\asds.exe"
        527⤵
        
        PID:4796

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k wsappx -p -s AppXSvc
1⤵
PID:772

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:1884

C:\Users\Admin\Desktop\asd.exe
"C:\Users\Admin\Desktop\asd.exe"
1⤵
PID:3452

C:\Users\Admin\Desktop\azx.exe
"C:\Users\Admin\Desktop\azx.exe"
1⤵
PID:4128

C:\Users\Admin\Desktop\asdxc.exe
"C:\Users\Admin\Desktop\asdxc.exe"
1⤵
PID:2684

C:\Users\Admin\Desktop\asds.exe
"C:\Users\Admin\Desktop\asds.exe"
1⤵
PID:1288
- C:\Users\Admin\Desktop\asds.exe
  "C:\Users\Admin\Desktop\asds.exe"
  2⤵
  PID:4284
- - C:\Users\Admin\Desktop\asds.exe
    "C:\Users\Admin\Desktop\asds.exe"
    3⤵
    PID:244
  - - C:\Users\Admin\Desktop\asds.exe
      "C:\Users\Admin\Desktop\asds.exe"
      4⤵
      PID:4868
    - - C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4548
      - C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        6⤵
        
        PID:2628
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        7⤵
        
        PID:4592
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        8⤵
        
        PID:432
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        9⤵
        
        PID:4392
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        10⤵
        
        PID:2104
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        11⤵
        
        PID:4200
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        12⤵
        
        PID:1248
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        13⤵
        
        PID:3132
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        14⤵
        
        PID:1428
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        15⤵
        
        PID:4316
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        16⤵
        
        PID:2032
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        17⤵
        
        PID:1376
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        18⤵
        
        PID:2984
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        19⤵
        
        PID:196
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        20⤵
        
        PID:3684
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        21⤵
        
        PID:3436
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        22⤵
        
        PID:4424
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        23⤵
        
        PID:2352
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        24⤵
        
        PID:3512
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        25⤵
        
        PID:2908
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        26⤵
        
        PID:4848
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        27⤵
        
        PID:244
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        28⤵
        
        PID:4676
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        29⤵
        
        PID:2836
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        30⤵
        
        PID:5004
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        31⤵
        System Location Discovery: System Language Discovery
        
        PID:1288
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        32⤵
        
        PID:2392
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        33⤵
        
        PID:4576
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        34⤵
        
        PID:4424
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        35⤵
        
        PID:2352
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        36⤵
        
        PID:2296
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        37⤵
        
        PID:1192
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        38⤵
        
        PID:232
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        39⤵
        System Location Discovery: System Language Discovery
        
        PID:880
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        40⤵
        
        PID:1376
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        41⤵
        
        PID:1656
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        42⤵
        
        PID:4324
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        43⤵
        
        PID:1812
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        44⤵
        
        PID:4332
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        45⤵
        
        PID:1432
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        46⤵
        
        PID:3304
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        47⤵
        System Location Discovery: System Language Discovery
        
        PID:1556
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        48⤵
        
        PID:1320
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        49⤵
        
        PID:4452
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        50⤵
        
        PID:716
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        51⤵
        
        PID:4868
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        52⤵
        
        PID:4424
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        53⤵
        
        PID:3692
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        54⤵
        
        PID:1120
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        55⤵
        
        PID:2984
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        56⤵
        
        PID:2684
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        57⤵
        
        PID:4548
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        58⤵
        
        PID:4200
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        59⤵
        
        PID:1556
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        60⤵
        
        PID:776
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        61⤵
        
        PID:1824
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        62⤵
        System Location Discovery: System Language Discovery
        
        PID:3684
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        63⤵
        
        PID:3408
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        64⤵
        
        PID:2552
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        65⤵
        
        PID:4056
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        66⤵
        
        PID:4324
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        67⤵
        
        PID:196
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        68⤵
        
        PID:4848
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        69⤵
        
        PID:3000
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        70⤵
        
        PID:2408
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        71⤵
        
        PID:4200
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        72⤵
        
        PID:2352
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        73⤵
        
        PID:3204
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        74⤵
        
        PID:1428
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        75⤵
        
        PID:2168
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        76⤵
        
        PID:3144
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        77⤵
        
        PID:3576
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        78⤵
        
        PID:4660
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        79⤵
        
        PID:1320
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:4332
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        81⤵
        
        PID:936
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        82⤵
        
        PID:112
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:4220
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        84⤵
        
        PID:4592
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        85⤵
        
        PID:3228
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        86⤵
        
        PID:1144
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        87⤵
        
        PID:1288
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        88⤵
        
        PID:696
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        89⤵
        
        PID:2468
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        90⤵
        
        PID:1176
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        91⤵
        
        PID:2292
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        92⤵
        
        PID:3500
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        93⤵
        
        PID:1764
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        94⤵
        
        PID:5024
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        95⤵
        
        PID:3712
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        96⤵
        
        PID:1692
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        97⤵
        
        PID:1048
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        98⤵
        
        PID:880
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        99⤵
        
        PID:2836
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        100⤵
        
        PID:3436
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        101⤵
        
        PID:4604
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        102⤵
        
        PID:4592
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        103⤵
        
        PID:3684
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        104⤵
        
        PID:4068
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        105⤵
        
        PID:716
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        106⤵
        
        PID:1664
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        107⤵
        
        PID:4324
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        108⤵
        
        PID:1252
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        109⤵
        
        PID:1812
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        110⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        111⤵
        
        PID:244
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        112⤵
        
        PID:776
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        113⤵
        
        PID:1116
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        114⤵
        
        PID:1192
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        115⤵
        
        PID:4152
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        116⤵
        
        PID:1432
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        117⤵
        
        PID:3684
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        118⤵
        
        PID:3152
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        119⤵
        
        PID:3576
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        120⤵
        
        PID:4464
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        121⤵
        
        PID:432
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        122⤵
        
        PID:4588
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        123⤵
        
        PID:2340
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        124⤵
        
        PID:1664
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        125⤵
        
        PID:4708
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        126⤵
        
        PID:2032
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        127⤵
        
        PID:2260
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:1188
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        129⤵
        
        PID:716
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        130⤵
        
        PID:4200
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        131⤵
        
        PID:2400
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        132⤵
        
        PID:3512
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        133⤵
        
        PID:4692
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        134⤵
        
        PID:1952
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        135⤵
        
        PID:1596
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        136⤵
        
        PID:3304
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        137⤵
        
        PID:1252
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        138⤵
        
        PID:4948
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        139⤵
        
        PID:2984
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        140⤵
        
        PID:3068
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        141⤵
        
        PID:2216
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        142⤵
        
        PID:696
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        143⤵
        
        PID:4056
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        144⤵
        
        PID:3512
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        145⤵
        
        PID:2896
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        146⤵
        
        PID:936
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        147⤵
        
        PID:1664
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        148⤵
        
        PID:1596
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        149⤵
        
        PID:1088
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        150⤵
        
        PID:1556
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        151⤵
        
        PID:3404
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        152⤵
        
        PID:244
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        153⤵
        
        PID:4664
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        154⤵
        
        PID:4752
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        155⤵
        
        PID:584
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        156⤵
        
        PID:2684
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        157⤵
        
        PID:3408
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        158⤵
        
        PID:800
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        159⤵
        
        PID:3964
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        160⤵
        
        PID:4076
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        161⤵
        
        PID:2468
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        162⤵
        
        PID:548
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        163⤵
        
        PID:4464
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        164⤵
        
        PID:2260
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        165⤵
        
        PID:4392
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        166⤵
        
        PID:3132
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        167⤵
        
        PID:1116
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        168⤵
        
        PID:1252
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        169⤵
        
        PID:1824
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        170⤵
        
        PID:3500
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        171⤵
        
        PID:2528
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        172⤵
        
        PID:3964
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        173⤵
        
        PID:3132
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        174⤵
        
        PID:2464
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        175⤵
        
        PID:3016
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        176⤵
        
        PID:4424
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        177⤵
        
        PID:936
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        178⤵
        
        PID:2216
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        179⤵
        
        PID:2400
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        180⤵
        
        PID:4604
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        181⤵
        
        PID:2984
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        182⤵
        
        PID:4580
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        183⤵
        
        PID:4240
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        184⤵
        
        PID:1176
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        185⤵
        
        PID:3132
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        186⤵
        
        PID:2276
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        187⤵
        
        PID:4724
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        188⤵
        
        PID:1220
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        189⤵
        
        PID:4548
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        190⤵
        
        PID:3692
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        191⤵
        
        PID:1812
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        192⤵
        
        PID:2032
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        193⤵
        
        PID:3000
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        194⤵
        
        PID:5036
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        195⤵
        
        PID:2392
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        196⤵
        
        PID:1876
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        197⤵
        
        PID:732
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        198⤵
        
        PID:8
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        199⤵
        
        PID:2384
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        200⤵
        
        PID:1192
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        201⤵
        
        PID:1220
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        202⤵
        
        PID:800
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        203⤵
        
        PID:4392
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        204⤵
        
        PID:4332
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        205⤵
        
        PID:3512
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        206⤵
        
        PID:2628
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        207⤵
        
        PID:3016
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        208⤵
        
        PID:1220
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        209⤵
        
        PID:4912
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        210⤵
        
        PID:1176
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        211⤵
        
        PID:4676
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        212⤵
        
        PID:4848
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        213⤵
        
        PID:2628
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        214⤵
        
        PID:4220
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        215⤵
        
        PID:660
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        216⤵
        
        PID:1248
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        217⤵
        
        PID:2080
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        218⤵
        
        PID:396
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        219⤵
        
        PID:1088
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        220⤵
        
        PID:1116
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        221⤵
        
        PID:4464
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        222⤵
        
        PID:2352
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        223⤵
        
        PID:4392
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        224⤵
        
        PID:2808
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        225⤵
        
        PID:3804
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        226⤵
        
        PID:2104
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        227⤵
        
        PID:3460
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        228⤵
        
        PID:3576
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        229⤵
        
        PID:4152
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        230⤵
        
        PID:2216
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        231⤵
        
        PID:1692
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        232⤵
        
        PID:4424
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        233⤵
        
        PID:4068
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        234⤵
        
        PID:3812
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        235⤵
        
        PID:716
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        236⤵
        
        PID:3692
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        237⤵
        
        PID:4592
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        238⤵
        
        PID:696
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        239⤵
        
        PID:4948
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        240⤵
        
        PID:1460
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        241⤵
        
        PID:1320
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        242⤵
        
        PID:2340
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        243⤵
        
        PID:2352
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        244⤵
        
        PID:4056
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        245⤵
        
        PID:1664
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        246⤵
        
        PID:4124
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        247⤵
        
        PID:3408
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        248⤵
        
        PID:4068
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        249⤵
        
        PID:1248
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        250⤵
        
        PID:2276
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        251⤵
        
        PID:2428
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        252⤵
        
        PID:4676
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        253⤵
        
        PID:4124
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        254⤵
        
        PID:4220
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        255⤵
        
        PID:3684
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        256⤵
        
        PID:4664
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        257⤵
        
        PID:2384
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        258⤵
        
        PID:3040
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        259⤵
        
        PID:1876
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        260⤵
        
        PID:5036
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        261⤵
        
        PID:716
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        262⤵
        
        PID:4340
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        263⤵
        
        PID:1288
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        264⤵
        
        PID:4232
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        265⤵
        
        PID:696
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        266⤵
        
        PID:2300
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        267⤵
        
        PID:904
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        268⤵
        
        PID:1824
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        269⤵
        
        PID:244
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        270⤵
        
        PID:1348
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        271⤵
        
        PID:4592
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        272⤵
        
        PID:2216
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        273⤵
        
        PID:4676
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        274⤵
        
        PID:1428
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        275⤵
        
        PID:1764
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        276⤵
        
        PID:4332
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        277⤵
        
        PID:3008
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        278⤵
        
        PID:4592
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        279⤵
        
        PID:2684
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        280⤵
        
        PID:4624
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        281⤵
        
        PID:3280
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        282⤵
        System Location Discovery: System Language Discovery
        
        PID:1144
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        283⤵
        
        PID:2528
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        284⤵
        
        PID:4828
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        285⤵
        
        PID:4452
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        286⤵
        
        PID:2216
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        287⤵
        
        PID:904
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        288⤵
        
        PID:4660
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        289⤵
        
        PID:1764
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        290⤵
        
        PID:1656
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        291⤵
        
        PID:4056
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        292⤵
        
        PID:4200
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        293⤵
        
        PID:4624
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        294⤵
        
        PID:2572
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        295⤵
        
        PID:4284
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        296⤵
        
        PID:548
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        297⤵
        
        PID:3820
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        298⤵
        
        PID:2452
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        299⤵
        
        PID:4200
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        300⤵
        
        PID:3280
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        301⤵
        
        PID:4220
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        302⤵
        
        PID:3068
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        303⤵
        
        PID:4664
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        304⤵
        
        PID:3304
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        305⤵
        
        PID:4324
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        306⤵
        System Location Discovery: System Language Discovery
        
        PID:4464
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        307⤵
        
        PID:1376
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        308⤵
        
        PID:3404
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        309⤵
        
        PID:1656
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        310⤵
        
        PID:3500
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        311⤵
        
        PID:2300
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        312⤵
        
        PID:1664
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        313⤵
        
        PID:3684
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        314⤵
        
        PID:1812
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        315⤵
        
        PID:3404
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        316⤵
        
        PID:2276
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        317⤵
        
        PID:3500
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        318⤵
        
        PID:1320
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        319⤵
        
        PID:4616
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        320⤵
        
        PID:4660
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        321⤵
        
        PID:5040
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        322⤵
        
        PID:3404
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        323⤵
        
        PID:2032
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        324⤵
        
        PID:3964
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        325⤵
        
        PID:1048
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        326⤵
        
        PID:4616
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        327⤵
        
        PID:1188
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        328⤵
        
        PID:3576
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        329⤵
        
        PID:5024
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        330⤵
        
        PID:3972
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        331⤵
        
        PID:4580
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        332⤵
        
        PID:3152
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        333⤵
        
        PID:2808
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        334⤵
        
        PID:2908
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        335⤵
        
        PID:3576
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        336⤵
        
        PID:4592
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        337⤵
        
        PID:3500
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        338⤵
        
        PID:4424
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        339⤵
        
        PID:244
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        340⤵
        
        PID:1144
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        341⤵
        
        PID:3436
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        342⤵
        
        PID:3712
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        343⤵
        
        PID:396
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        344⤵
        
        PID:2552
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        345⤵
        
        PID:4580
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        346⤵
        
        PID:2420
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        347⤵
        
        PID:3248
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        348⤵
        
        PID:4752
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        349⤵
        
        PID:4036
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        350⤵
        
        PID:4868
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        351⤵
        
        PID:2676
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        352⤵
        System Location Discovery: System Language Discovery
        
        PID:4464
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        353⤵
        
        PID:3000
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        354⤵
        
        PID:2468
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        355⤵
        
        PID:1348
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        356⤵
        System Location Discovery: System Language Discovery
        
        PID:1172
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        357⤵
        
        PID:4324
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        358⤵
        
        PID:4548
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        359⤵
        
        PID:4464
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        360⤵
        
        PID:3784
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        361⤵
        
        PID:4392
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        362⤵
        
        PID:3460
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        363⤵
        
        PID:4036
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        364⤵
        
        PID:1248
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        365⤵
        
        PID:2676
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        366⤵
        
        PID:2324
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        367⤵
        
        PID:1120
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        368⤵
        
        PID:776
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        369⤵
        
        PID:548
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        370⤵
        
        PID:3972
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        371⤵
        
        PID:4588
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        372⤵
        
        PID:2628
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        373⤵
        
        PID:244
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        374⤵
        System Location Discovery: System Language Discovery
        
        PID:696
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        375⤵
        
        PID:1120
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        376⤵
        
        PID:3804
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        377⤵
        
        PID:1528
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        378⤵
        
        PID:4604
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        379⤵
        
        PID:3364
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        380⤵
        
        PID:4408
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        381⤵
        
        PID:1144
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        382⤵
        
        PID:2632
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        383⤵
        
        PID:8
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        384⤵
        
        PID:2428
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        385⤵
        
        PID:732
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        386⤵
        
        PID:716
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        387⤵
        
        PID:2080
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        388⤵
        
        PID:3784
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        389⤵
        
        PID:4576
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        390⤵
        
        PID:1796
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        391⤵
        
        PID:2108
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        392⤵
        
        PID:3304
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        393⤵
        
        PID:2216
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        394⤵
        
        PID:1188
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        395⤵
        
        PID:4636
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        396⤵
        
        PID:4408
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        397⤵
        
        PID:3712
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        398⤵
        
        PID:3248
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        399⤵
        
        PID:4220
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        400⤵
        
        PID:2392
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        401⤵
        
        PID:2324
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        402⤵
        
        PID:4424
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        403⤵
        
        PID:3784
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        404⤵
        
        PID:776
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        405⤵
        
        PID:2896
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        406⤵
        
        PID:4752
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        407⤵
        
        PID:3432
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        408⤵
        
        PID:232
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        409⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        410⤵
        
        PID:2464
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        411⤵
        
        PID:2632
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        412⤵
        
        PID:1348
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        413⤵
        
        PID:1420
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        414⤵
        
        PID:3804
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        415⤵
        
        PID:2528
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        416⤵
        
        PID:2292
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        417⤵
        
        PID:4692
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        418⤵
        
        PID:1812
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        419⤵
        
        PID:3820
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        420⤵
        
        PID:2032
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        421⤵
        
        PID:1796
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        422⤵
        
        PID:584
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        423⤵
        
        PID:4420
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        424⤵
        
        PID:3120
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        425⤵
        
        PID:3152
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        426⤵
        
        PID:660
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        427⤵
        
        PID:3512
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        428⤵
        
        PID:4124
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        429⤵
        
        PID:4220
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        430⤵
        
        PID:1176
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        431⤵
        
        PID:4604
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        432⤵
        
        PID:2324
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        433⤵
        
        PID:4152
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        434⤵
        
        PID:2468
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        435⤵
        
        PID:3500
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        436⤵
        
        PID:4708
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        437⤵
        
        PID:1876
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        438⤵
        
        PID:2340
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        439⤵
        
        PID:5048
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        440⤵
        
        PID:4848
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        441⤵
        
        PID:660
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        442⤵
        
        PID:3784
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        443⤵
        
        PID:1428
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        444⤵
        
        PID:1376
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        445⤵
        
        PID:1120
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        446⤵
        
        PID:2080
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        447⤵
        
        PID:3068
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        448⤵
        
        PID:3132
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        449⤵
        
        PID:1460
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        450⤵
        
        PID:732
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        451⤵
        
        PID:432
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        452⤵
        
        PID:3404
        
        C:\Users\Admin\Desktop\asds.exe
        
        "C:\Users\Admin\Desktop\asds.exe"
        453⤵
        
        PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\asds.exe.log

Filesize
226B

MD5
1294de804ea5400409324a82fdc7ec59

SHA1
9a39506bc6cadf99c1f2129265b610c69d1518f7

SHA256
494398ec6108c68573c366c96aae23d35e7f9bdbb440a4aab96e86fcad5871d0

SHA512
033905cc5b4d0c0ffab2138da47e3223765146fa751c9f84b199284b653a04874c32a23aae577d2e06ce6c6b34fec62331b5fc928e3baf68dc53263ecdfa10c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7c2ed170979ff8be902439ea1d07ff26

SHA1
26b92934b7e9ba26d4b11aa0e6f6857b46f0cf26

SHA256
0c73ef2af6da7c61af435d5fcaa0e56a1b79c2de375b2328219bcf24094fcb6f

SHA512
69c2044b3cc7d0e03c6af435fa07cc1baf6a9af4657271681c1664327dba0eabefd359487dd0f6d7cf61140eaf4758e362e4026d730e20fc91a86c26b0f7d433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fc3b1397e16786ad4a9c41ad4f0f65ab

SHA1
a430f4549a0b014d8fa700eaddde7499f282cfdb

SHA256
10cfe47cb98e011960062ca4777077ce72a9e0adcd4e0bd3e83436abfcb3da88

SHA512
2cc2d3ac1e3bd04bba920fd8d7f622a891bff10ea6e73f1ef17e1283dcad284f8687a9b3e62aafdd377c750d70d201025b9ed1e6ebc3299e3ac54a519d315225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
091693233e7114ad75039bb692695388

SHA1
78ed99a6d7d6d6ba67ea6e3b4f7ab12e41bceef7

SHA256
5c9c5dbe6e46f82bb1dd9c17e6c456fffe4b3606bf542b5c846dd5ac81a2f1c9

SHA512
fca685d779c9a40a5d9b4185d0e1a3ed92b54b7c272301df06a8a9162fa22704310ddd5ac0c367ddb77e4ab454c62ec9cbfe90eb45daa1e325058ced8b1c5525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9c91a7e1196e53d222e0b41dbf16af97

SHA1
d0cee490ee87b5308627f15b20730ff59dd718e2

SHA256
a0d8534416e15cb4a47d9a4c8dcc13531a85ae0438487fcce640bf5815baffa1

SHA512
42a5e16405653c9c735cafbc9c1935c574a56b28369c92e80b612168683942cf41ba7af1145280e78ae403db4096eacf75b6ee1fdd1e9b5264b5b298f2f56098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
b83fd52731b5bcb3ca5d3fdd07cd2c79

SHA1
3d57744a3cf0fcf5d742fd4522068d42d9a8c41f

SHA256
64a49262d2532e8f0260ac66aa059ba483dbf6c4979220534f7c7ea601bd170e

SHA512
dfcf9d33bf5e3d44d0cd4cf09d660b53a94d1101f45b86d994e928f25e5e187eee068e409bd5c2bc91444a3902f5cac31df9ffb866193a3e489eb946c9f846ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bc004784a615c984ce02bd0c1cd9f7ff

SHA1
056d570ffe4b097aef9c0f3499e98aac6b4cf3f3

SHA256
5c0cd56d3a5af02d5a844d89b1ae5e22530517c903002b5576b1dc71bf14d442

SHA512
7c8c911c2a2096ded0a6ccd5c8fd0127a5b2a1f7ee355ad871fc961d5a2aea3084c40c1b593107b8af629fe94644a3618da32fd24f3fb8e33e520363aa66def8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7560af42dce7d9817b5b9070927224fb

SHA1
0fcdafd35505723628edff97a10844febce5c341

SHA256
33229bead4047010d62e4a5607530ea9461747a9602ccb0b5070cc6311cb3486

SHA512
f1f1663e6e05241b559de3f69bacfbc914d0baffcb18a55f83e58ae5eaee9eb3853ab962db715aab2be89414d6ed4db792d60a80fc1c0ee5314a913bf90f7311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1010B

MD5
f1977baebcf2b62358493087030e9488

SHA1
dc841363707133c1bd8d29c4c1204d73c5fb31be

SHA256
1d78f9875c241c4b26895e56ec88533ca5db98f21ba0a407f524a2daed628b4a

SHA512
dccd3be3a3577bf6b004b476bfdfde02d62cf6567f16307486337142017d7a830ca19beebe359e07ba5580691a859485182f58cbae7b27440fe62362c7f74d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9752a0f7fa5a41f31bc8e314e268b0ac

SHA1
9b793a1f6646b9e6063ba1e0d67154b52f6744a5

SHA256
c4f0cca5d73dda7d959f47e8a3b97bc1503a6971dee3a563417641bd7e6b0f11

SHA512
20f9904c67a7d879a73ac291b536cf8745591789e08c65c69d5eb12c4cf953ba005041020d8dc76635db93bddb0e7087bb5c15285805cffa898ea9c219cad429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d02a8a8c3571e978b23f85aed1260159

SHA1
1a16b333642298d2762447a15a4b902d9bc98340

SHA256
c2c976f762e55a583dbd44febe92e0b2a987c397102532fffeda36e7a0c8db60

SHA512
47b40d43c3d041f7375fc40a92db9936e687f332a919b4f57d4901a997a4669adfe077f14d1b066374e01bce7ee02e758e7e37086fe4551edcd93a3ca725b23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0fb3ebef82663e5da6e608b0dae2159d

SHA1
41fcaf3cab11f1cf41c7fdd49d50b43ee32e6543

SHA256
73b9c14a5a1a8e412cb6540804aa29dcce6c167e6b5a19d11c015acb23ebb7fd

SHA512
239ea9bbd36a1c3762aa480079f1bc8e25879086a71b54a03373e575deb04afd2062106129721125ce8251ccd2f8daf26216f0067b0d97b60d5decda70dbe78b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
088700a4395e0133fa6a7c3b25982751

SHA1
4c062170acce12fa0c558d3f7832adacc6a81b40

SHA256
5e037cdbee2879a7de448bc6c85f82bfeecb6e962f524ec2e1ffc1030dfb8a84

SHA512
8d906c46cb5a5e261b730a85d9edbd1ffe13639715e09eca6cf983b56dcb8b9e526e371fa5d285793728532142631e2c296d4eb4514683250de45d56020e50a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
550de725d0afa6b2127104bc569beb7b

SHA1
c0d009e67c7c1be1124e016a3bcec969026a5d85

SHA256
06b317a66c30dc723ba97bdf68e51dcfa61f23541a43c0c5f89d919ec1560f07

SHA512
deaa92aba0d98ac7a7b6ae9c5355ca0f200753dd052826b525419048ff94c862b7e023715a19a9da5372443c0243d04efc10f15aa861bb7fb4ced2272f7e7b88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2dc65a645ccc7d4b157c289bdb3af4ef

SHA1
72434c79c4cc3e1c272eab82482d99a458f6b23d

SHA256
fa768b5a3cdb233926824151bdd927a4bfbef115f9b68fa289f733d0fe72e202

SHA512
186fe497d652c3e47e4fc4ab36907c3a03e8255e7140ef74145073dcc0d028fa827b96d0a047c98ba885139787bda96e20bf37a6c45e16c2af0c8d258b1db913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c4a900c4fb2b6c8c55d980ae652c749

SHA1
15cf601c8a11162a27793d20c796db9b8a3b3d21

SHA256
f04d030d184e6b693efc933b9c68082b2894ffc771c34a1ba18f7a70ea1ed970

SHA512
08a9133e6daf6bc80822b26b279a891cefc61951280a894876a0c7540d1d630333a8426757eb05457d520f83261adbde9c9f8d687979cbe6f010c0c205c6eae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ebd8120219e55f2518bed3e28a0bbf6

SHA1
503a9f570621945913140cd30f0bce52672eabdf

SHA256
e6cfbc60d7175cba3cf883f8a36e389f70820119b0bb91ee2e43641eddababf3

SHA512
201876746ba9d26b13e99585b0063cd70779ffc19a0019e67cb2799f01ba5e6a43b00efa252ee6923cc32d89f2052e4e98a134435b2424bc6fabb3ee145cd556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
54371bae3e51569e620dcdf38c2fc52d

SHA1
01ee17ac6274c9903f788e328ad78480974ddfa5

SHA256
89f7db17754e3e7d8cf487e6022940ec8daeeb0ecbd95a3bdd083a35bd9e00ac

SHA512
36d9b3f5eb93fd80389e901dffb0fdaa0b1f010c4485a1b1dcda20f02a3354ca42e934483b10be26444fbc154ab2d9930fd5186340930c31a45e60275b09ecf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
01abb72c16d352ba0efa049b888c8abf

SHA1
84694ab134a3505f87a3e7f9da6d3f8bfdfdb12e

SHA256
e99a634a6a3ed071d61bd408cfb62657ae298eb63db3c0a778e8781de4814a00

SHA512
eae3d536fc1ee1d680be25f57c55cb1a4d3e53f258770694028ed8b6de6e9b4cda44eab5e72faa9890704a34e494f8d6d3fbbcd37f5ad3105cab6695e44a2369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2929edb6993bdbbe784443c184892a81

SHA1
4aad8d7fef26da66e272b236d43c343023975369

SHA256
2ad6241f79a3efd59879dc5e845cae5920d895d421c864f1fb535259daf3df91

SHA512
1a51309767eb0fa3ebcedde3e8c5fe225ba4d4aedc7f083121c8f49965cfc653923527265798eb3aa2e08f0bd1c206870580512dc97a3e6bf9b8deb77f39d796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9e351136d339ab4f2fc0308da26ea015

SHA1
26e5a02ec52a13387c3ef00055e939853e4df855

SHA256
6a464a91a1ef6f6a9b6faddcbff33cd4abfe1f1e5d4ea753513af22483488cd3

SHA512
47128ed0aba49b29f959a52beaf521c1967d1ee3eb157fde1646dc94218c216b7f5777eb06cab03c3016f31bb14802d6dc0b484c9f9bcd7686c535f22d645dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d311b8278dff696ec5a818dce6974bcd

SHA1
cbf02044535056c9c4b471f9f23f0ffe94e8409c

SHA256
a2b564f6faf8ae355255169daf0e6fd69389f0580e6019439f8f3a2fca45863a

SHA512
af88cca6e72559c024ddc6f2eba5a8d41c7834b6321fa8d8be9cfe028b549d690fb2fd09a41753eb099de5417823f8ff9e400e494ef2097e4649c3cd6f294c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f378.TMP

Filesize
874B

MD5
2c4bb2173917531ace8fd3d57b061855

SHA1
f2a8b12970b8e9b0ab818066c69e37ed729721f5

SHA256
46540f396e7b12dc1e9c85c3b775d0e8699a2e8779bd02cf80b1b27e640149a9

SHA512
d158146535e31d39f98cbaef17d7d91b8cd6d5c393b202d9774e6092f1dd703a205cc76db173de248f1af731af90c611aef60621e1664598e57b3d2b16344ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0d9579ef53c3b7ff890b6cd4eadaa49a

SHA1
b28077f161d83a74225bf734b8f418d10ef9b022

SHA256
5ecf8eb5fabb58ed7b6c56879573a07f0d5c25390509130530b8f53eb834dbfe

SHA512
b5d921d3c1beaba4ae61192aa6cce2cfd7c279150ddcd991b50e5bf6382e980c518b30ae396e30a996e10666b0885e0aaa084c0ac0155790d4bc6f406b119a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8b36c3bd6727d7e58270b08347d79aa2

SHA1
bb885d35878ffb918f4012fa3fb9f6639f4ff60c

SHA256
0990b96d7917e89adcb3075756f391f8121c81b1772193c6b340e3237f758e83

SHA512
95d59984321250f8e8baa61d7b43feb6f8c0f1fa3ae937d2a01a4fa6a0a9001326468e13b0ee3a6b3f134652a651f6d50464eb6073a852d046af03d3aa644118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eac76534cac51df68f875ec61ca718a4

SHA1
9c5dd67afea8c9b6853d607add1f84ac841ee23e

SHA256
1a47ea778b6e50d8688ad5f362839f6416490d4419a0dcf8131087f47db85812

SHA512
83d40be01a3c6f00f49dbcd86256be1c5d02b88a81593bc1fb560a9e0ed6fcd5bef8c5a95430db52cf421a02d4520a65fabde26df26966187cfa55b5ebcced11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5139b9f0f0089b3d387eca9dd65cceb5

SHA1
a6350dc10d15ddd49f87e54d09e795e11e7f995b

SHA256
fa7174dea03cccb972044c8ff722f31ee87638bd18d42ff4331afae675b4ec06

SHA512
1da55899104aac2f6fefb7734b3d6dbb2ff45e31c9eda46d98e234ea534543e1b5dad0174c9492abb662de0df14bf4426ff11d0b0bd10524d1ea55cd2b185168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b7cfe42c4551a260deced99129c3b6c

SHA1
f55e480c3869358e23a6c587dff0277fb63df348

SHA256
f8636e3f34c620c21ada95cd9215c1fe7c8ae724c4c08fa6fed24d9beb7a93fe

SHA512
36caae828d0719cc2d535a3fbf62ab43d11de7dad76de5333aa9b8daa5842cd99066e0bf0cbc7bf55b0a04754367618af42e3f5ba35330ae27447136a77158b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e3671884d3a3ad8242f265a0bb1d5056

SHA1
dec8c1afcc198119759b8daaa2cb6718efc947c2

SHA256
025973795984fa3e6d1a250934232a63fd4339e2094d474152ac53316570186d

SHA512
7f98beb1c58daccbd03e9c9ff0c96877a718efd298c9e5069b7a3802d93e4e2371958b931ddd8fd8694e6a1f2b3935a02952d1734307686f0e6741615b0576ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
0f26fefa43aa10c5452610988b7c5512

SHA1
e97cdc28c03d2248605ae8a47824fbb85da8eed2

SHA256
b01f5a72f494af695290d5f70e2927c503c4b5582db67e620ac36ec6d75c7a98

SHA512
d320dbf2f41d4b3d2eeea46522c5b7241db6d64d71c9405d9ca4eaa0e01f1c938d98c4ca9e6ff74bbb304135d9d94622c80bd432c07e826b1630875271a0c8ef

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
1003B

MD5
dbe4b0a26f98c2fc33b88e599e5d7217

SHA1
aa84dae6daa5496ef195007f6b3db32ee66b8352

SHA256
943d081b680ac301958dd1dc063a70e9ba18382786afa8d1ffb27f516bf4643a

SHA512
e5f3054129f6aa06c16778b6f7c5ae92bec01da758615007b4756e46fc89610107c5fbc571281e2c489620a017ae283b3ae7ea66c3b59d511f45f915e335bbeb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
1KB

MD5
af7242398425ce6f8aa77087c29acf6e

SHA1
7b71ce6d858e1ab12bded5ca41b062f19cb8ec0f

SHA256
c2325e6f1404d00127dfbd58baadb31c22369840a6a023dab4f0c03089d2aae9

SHA512
2597e8abae45eb5ee5281344c9a6920e21e64db19a9e3c1af048f92836d85f3a59dbcc14a63ac184d364c158fa576d009bf1f3b4ffbae81a2670e472c08ef7a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
1KB

MD5
a73997be63aa5f723f361311728f3e0c

SHA1
d6205744e8d96b94855cb0b9e0f53684781c1f0c

SHA256
bf94e47c776680f5d1b4df898e1dcefc52ec1f5ed5cad92f95e8157dc31dd7e3

SHA512
93c050f083ee10dcfb297120ee85d5de9a4ff19c85ee3c2a23879307259c4ce0350ce5c19280f9b479884eaf5ddb78051ff456efe2d6c1ec40ec13a21c46d19b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
2KB

MD5
eecfcd9cc2bed2202781c600bf64ee53

SHA1
750ee42f99f013e723ed504879e5026f4a4b8406

SHA256
802e317b4d1072b68b22464df929bff131987fa6adbdf668690278d02efa52d6

SHA512
87cfa243153eb526e208d1b96a0d61bbce71e4aa650873bc36fb906129950233859c53c85d77c07769a0e41e6a09f99d6b52173eb5a131655a91320303a0caf7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
2KB

MD5
77be1d2ff06ab88f6996784a5115f1b3

SHA1
bf8fcb2c72de8830f4cb611108f99de16b6410f0

SHA256
3158fd7cf443a45bb5ef3f9455dbc39c1acfd33c0d622b19265d2e40ba2c94ab

SHA512
164f3f888c248f87b735d409e78a22449cc7a85c544167d2253f37e838a92c59f0c93a15d29d6dc879503dd1e6b8a2e31a2739aeed0088761aac5e1d828a91ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\35784c83-2c60-4e7a-a1d2-5422c1fceb65.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\Desktop\asd.exe

Filesize
45KB

MD5
5d1ef0e351ee344552e19c080712991a

SHA1
34903fc234864f56b128f63c4e754f4d90d8097a

SHA256
fdf37bd3ab391819b12db396f6e78b424d9cb99af0aa4480bc616e34a54a3c35

SHA512
7b5dada8ed4e74d4156a720d0ab46c63746d1b7e77157cb0f4001f6463c670673b00e2d3d5d7f53e52198e171cb14dd5641af93bbad4c67b0f4bd02faa91c22e

Download Submit
C:\Users\Admin\Desktop\asds.exe

Filesize
45KB

MD5
b078582d67292e8d3fa6f2bcb1aca7c7

SHA1
c2d07ce7db8f97ff2571bf0ecf361365215f529c

SHA256
87e2f662c598cbf8ee1d6cfcd9edae7b0f0996b08863b5e3f5331eab5637f780

SHA512
d18aead5bf8c70a4db3de2ad33fcbf979c095f5a8b1460644f5229b1a9eef5aa67df57183a04b879e7f170178465f3a316c7345c34557b87fd4b34e2e867554c

Download Submit
C:\Users\Admin\Desktop\asds.exe

Filesize
45KB

MD5
08a1d1461abc202f360be9fabe5a627d

SHA1
1989ff9e6b0149100dab8169dcde7d68ca5a3280

SHA256
776e2ce7a42ebb9afd8e5bc45157e8797374436c0fbd79eef3b06051ea641448

SHA512
268d33318e85940bcc11ba037b15af720c4faa475f3bfd9a088925b440177fe62d1dde5bab03f4fb1981c49ebeffc0a9677d7934773046c34663c119c7c39486

Download Submit
C:\Users\Admin\Desktop\asdxc.exe

Filesize
45KB

MD5
e069304f72f1993e3a4227b5fb5337a1

SHA1
131c2b3eb9afb6a806610567fe846a09d60b5115

SHA256
5d00cfc66ae11f68bae4ac8e5a0f07158dae6bfd4ea34035b8c7c4e3be70f2c5

SHA512
26f18e40b1d4d97d997815fe3921af11f8e75e99a9386bbe39fb8820af1cbe4e9f41d3328b6a051f1d63a4dfff5b674a0abafae975f848df4272aa036771e2e9

Download Submit
C:\Users\Admin\Downloads\PySilon-malware-3.7.5.zip

Filesize
2.0MB

MD5
58a45cb5713726620af3b3cb00f17918

SHA1
4ca8dbf7ef1c5f45261d688f7349f6e7e06c6b59

SHA256
42f47cb41507151ec2db8422662adfd8d234533874740b6680ebd06f4f359403

SHA512
0b23bba7ad789c1d5439efbb641109a6771cb5e46d520a9406a13a61630f3ad41de5b73a984beff409682c36089ca62ca9de41fe30c112d59a2973474097c5ef

Download Submit
C:\Users\Admin\Downloads\PySilon-malware-3.7.5.zip:Zone.Identifier

Filesize
184B

MD5
767cfe348a49dda93004e191a948d6e7

SHA1
9c632a9b7f9e5560ee317ba1655d173a95a5afb1

SHA256
48bbeb76a143ca6a6b90be671c7975817e1682a746921f6d2ed4e82a67e06008

SHA512
a1f44f00d85a14da5534417568a3eb95096ad5d6bedab65f89d55cc367ed7521d67541c27657abb1e13c162c45297e68f3b8ab7c382a87571f3691b3b1095400

Download Submit
C:\Users\Admin\Downloads\Release.zip

Filesize
6.4MB

MD5
89661a9ff6de529497fec56a112bf75e

SHA1
2dd31a19489f4d7c562b647f69117e31b894b5c3

SHA256
e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd

SHA512
33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f

Download Submit
C:\Users\Admin\Downloads\Release.zip:Zone.Identifier

Filesize
94B

MD5
cced52b34bfd2387c302c3d496259fb2

SHA1
a79d213261354f108441ff54499b139e3bf08f58

SHA256
0c5027dc525ff889968304a5303a2b4ff978be996cf7df2b02df1a01cecf47bf

SHA512
04080f3321d80560d749238073dce291ca35f2a8e61176dbd76ac4fa368f3436b848568ea746be85cd4c9acda145d8cb9b423ba44b7e624944b4de4024a5024b

Download Submit
memory/1412-1047-0x0000000000DE0000-0x0000000000DF2000-memory.dmp

Filesize
72KB

Download
memory/2684-1094-0x00000000009B0000-0x00000000009C2000-memory.dmp

Filesize
72KB

Download
memory/3452-1092-0x00000000000A0000-0x00000000000B2000-memory.dmp

Filesize
72KB

Download
memory/4128-1093-0x0000000000C30000-0x0000000000C42000-memory.dmp

Filesize
72KB

Download
memory/5000-897-0x0000000008010000-0x000000000802A000-memory.dmp

Filesize
104KB

Download
memory/5000-864-0x0000000000620000-0x0000000000822000-memory.dmp

Filesize
2.0MB

Download
memory/5000-865-0x0000000005920000-0x0000000005EC6000-memory.dmp

Filesize
5.6MB

Download
memory/5000-866-0x0000000005370000-0x0000000005402000-memory.dmp

Filesize
584KB

Download
memory/5000-867-0x0000000005300000-0x000000000530A000-memory.dmp

Filesize
40KB

Download
memory/5000-878-0x0000000007D00000-0x0000000007D1A000-memory.dmp

Filesize
104KB

Download
memory/5000-896-0x0000000007EC0000-0x0000000007FE4000-memory.dmp

Filesize
1.1MB

Download
memory/5000-893-0x00000000082D0000-0x0000000008627000-memory.dmp

Filesize
3.3MB

Download
memory/5000-892-0x0000000007D90000-0x0000000007E42000-memory.dmp

Filesize
712KB

Download
memory/5000-877-0x0000000005900000-0x0000000005914000-memory.dmp

Filesize
80KB

Download
memory/5000-880-0x0000000009C20000-0x0000000009C42000-memory.dmp

Filesize
136KB

Download
memory/5000-879-0x0000000007D20000-0x0000000007D32000-memory.dmp

Filesize
72KB

Download