9a158e093959105e381fe82ace28d4b85a67334395aabb85ad1bf3cd3b2dcf26

Analysis

max time kernel
4s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05d27d3b8ef3f0e6b720b48a4ac95197.exe
Size

60KB
MD5

05d27d3b8ef3f0e6b720b48a4ac95197
SHA1

1cd1bf3183db924a4199329411009ce7d008a4b8
SHA256

9a158e093959105e381fe82ace28d4b85a67334395aabb85ad1bf3cd3b2dcf26
SHA512

a3d23dc1835cb46cb84cf7b6541da919a1a70b93fb2395404a34a8ee90302c27728ef3bbcd749a879f484e302ecedd350a9afe006ac74212766db94376be4d77
SSDEEP

768:dMVOQl0KWwJ917vmdox7CflsQSsgUV9d+6DAOESj6Zz6ZjkfZa8g0FO:iqK9JWdox7C9sQ59d1EOERO

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 23 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe

Executes dropped EXE 22 IoCs

pid	Process
3808	agetlkeyls.exe
5080	agetlkeyls.exe
392	agetlkeyls.exe
4216	agetlkeyls.exe
2156	agetlkeyls.exe
4968	agetlkeyls.exe
3588	agetlkeyls.exe
4924	agetlkeyls.exe
2004	agetlkeyls.exe
4996	agetlkeyls.exe
3844	agetlkeyls.exe
4292	agetlkeyls.exe
768	agetlkeyls.exe
3036	agetlkeyls.exe
456	agetlkeyls.exe
2544	agetlkeyls.exe
4652	agetlkeyls.exe
2984	agetlkeyls.exe
3176	agetlkeyls.exe
2492	agetlkeyls.exe
5056	agetlkeyls.exe
1612	agetlkeyls.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 23 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe

Suspicious use of SetWindowsHookEx 46 IoCs

pid	Process
4116	agetlkeyls.exe
4116	agetlkeyls.exe
3808	agetlkeyls.exe
3808	agetlkeyls.exe
5080	agetlkeyls.exe
5080	agetlkeyls.exe
392	agetlkeyls.exe
392	agetlkeyls.exe
4216	agetlkeyls.exe
4216	agetlkeyls.exe
2156	agetlkeyls.exe
2156	agetlkeyls.exe
4968	agetlkeyls.exe
4968	agetlkeyls.exe
3588	agetlkeyls.exe
3588	agetlkeyls.exe
4924	agetlkeyls.exe
4924	agetlkeyls.exe
2004	agetlkeyls.exe
2004	agetlkeyls.exe
4996	agetlkeyls.exe
4996	agetlkeyls.exe
3844	agetlkeyls.exe
3844	agetlkeyls.exe
4292	agetlkeyls.exe
4292	agetlkeyls.exe
768	agetlkeyls.exe
768	agetlkeyls.exe
3036	agetlkeyls.exe
3036	agetlkeyls.exe
456	agetlkeyls.exe
456	agetlkeyls.exe
2544	agetlkeyls.exe
2544	agetlkeyls.exe
4652	agetlkeyls.exe
4652	agetlkeyls.exe
2984	agetlkeyls.exe
2984	agetlkeyls.exe
3176	agetlkeyls.exe
3176	agetlkeyls.exe
2492	agetlkeyls.exe
2492	agetlkeyls.exe
5056	agetlkeyls.exe
5056	agetlkeyls.exe
1612	agetlkeyls.exe
1612	agetlkeyls.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 3808	4116	agetlkeyls.exe	775
PID 4116 wrote to memory of 3808	4116	agetlkeyls.exe	775
PID 4116 wrote to memory of 3808	4116	agetlkeyls.exe	775
PID 3808 wrote to memory of 5080	3808	agetlkeyls.exe	512
PID 3808 wrote to memory of 5080	3808	agetlkeyls.exe	512
PID 3808 wrote to memory of 5080	3808	agetlkeyls.exe	512
PID 5080 wrote to memory of 392	5080	agetlkeyls.exe	432
PID 5080 wrote to memory of 392	5080	agetlkeyls.exe	432
PID 5080 wrote to memory of 392	5080	agetlkeyls.exe	432
PID 392 wrote to memory of 4216	392	agetlkeyls.exe	812
PID 392 wrote to memory of 4216	392	agetlkeyls.exe	812
PID 392 wrote to memory of 4216	392	agetlkeyls.exe	812
PID 4216 wrote to memory of 2156	4216	agetlkeyls.exe	677
PID 4216 wrote to memory of 2156	4216	agetlkeyls.exe	677
PID 4216 wrote to memory of 2156	4216	agetlkeyls.exe	677
PID 2156 wrote to memory of 4968	2156	agetlkeyls.exe	450
PID 2156 wrote to memory of 4968	2156	agetlkeyls.exe	450
PID 2156 wrote to memory of 4968	2156	agetlkeyls.exe	450
PID 4968 wrote to memory of 3588	4968	agetlkeyls.exe	711
PID 4968 wrote to memory of 3588	4968	agetlkeyls.exe	711
PID 4968 wrote to memory of 3588	4968	agetlkeyls.exe	711
PID 3588 wrote to memory of 4924	3588	agetlkeyls.exe	788
PID 3588 wrote to memory of 4924	3588	agetlkeyls.exe	788
PID 3588 wrote to memory of 4924	3588	agetlkeyls.exe	788
PID 4924 wrote to memory of 2004	4924	agetlkeyls.exe	809
PID 4924 wrote to memory of 2004	4924	agetlkeyls.exe	809
PID 4924 wrote to memory of 2004	4924	agetlkeyls.exe	809
PID 2004 wrote to memory of 4996	2004	agetlkeyls.exe	38
PID 2004 wrote to memory of 4996	2004	agetlkeyls.exe	38
PID 2004 wrote to memory of 4996	2004	agetlkeyls.exe	38
PID 4996 wrote to memory of 3844	4996	agetlkeyls.exe	65
PID 4996 wrote to memory of 3844	4996	agetlkeyls.exe	65
PID 4996 wrote to memory of 3844	4996	agetlkeyls.exe	65
PID 3844 wrote to memory of 4292	3844	agetlkeyls.exe	757
PID 3844 wrote to memory of 4292	3844	agetlkeyls.exe	757
PID 3844 wrote to memory of 4292	3844	agetlkeyls.exe	757
PID 4292 wrote to memory of 768	4292	agetlkeyls.exe	794
PID 4292 wrote to memory of 768	4292	agetlkeyls.exe	794
PID 4292 wrote to memory of 768	4292	agetlkeyls.exe	794
PID 768 wrote to memory of 3036	768	agetlkeyls.exe	56
PID 768 wrote to memory of 3036	768	agetlkeyls.exe	56
PID 768 wrote to memory of 3036	768	agetlkeyls.exe	56
PID 3036 wrote to memory of 456	3036	agetlkeyls.exe	54
PID 3036 wrote to memory of 456	3036	agetlkeyls.exe	54
PID 3036 wrote to memory of 456	3036	agetlkeyls.exe	54
PID 456 wrote to memory of 2544	456	agetlkeyls.exe	43
PID 456 wrote to memory of 2544	456	agetlkeyls.exe	43
PID 456 wrote to memory of 2544	456	agetlkeyls.exe	43
PID 2544 wrote to memory of 4652	2544	agetlkeyls.exe	186
PID 2544 wrote to memory of 4652	2544	agetlkeyls.exe	186
PID 2544 wrote to memory of 4652	2544	agetlkeyls.exe	186
PID 4652 wrote to memory of 2984	4652	agetlkeyls.exe	728
PID 4652 wrote to memory of 2984	4652	agetlkeyls.exe	728
PID 4652 wrote to memory of 2984	4652	agetlkeyls.exe	728
PID 2984 wrote to memory of 3176	2984	agetlkeyls.exe	45
PID 2984 wrote to memory of 3176	2984	agetlkeyls.exe	45
PID 2984 wrote to memory of 3176	2984	agetlkeyls.exe	45
PID 3176 wrote to memory of 2492	3176	agetlkeyls.exe	46
PID 3176 wrote to memory of 2492	3176	agetlkeyls.exe	46
PID 3176 wrote to memory of 2492	3176	agetlkeyls.exe	46
PID 2492 wrote to memory of 5056	2492	agetlkeyls.exe	924
PID 2492 wrote to memory of 5056	2492	agetlkeyls.exe	924
PID 2492 wrote to memory of 5056	2492	agetlkeyls.exe	924
PID 5056 wrote to memory of 1612	5056	agetlkeyls.exe	689

C:\Users\Admin\AppData\Local\Temp\05d27d3b8ef3f0e6b720b48a4ac95197.exe
"C:\Users\Admin\AppData\Local\Temp\05d27d3b8ef3f0e6b720b48a4ac95197.exe"
1⤵
PID:4116
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  PID:3808
- - C:\Windows\SysWOW64\agetlkeyls.exe
    "C:\Windows\system32\agetlkeyls.exe"
    3⤵
    PID:5080
  - - C:\Windows\SysWOW64\agetlkeyls.exe
      "C:\Windows\system32\agetlkeyls.exe"
      4⤵
      PID:392
    - - C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        5⤵
        
        PID:4216
      - C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        6⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        7⤵
        
        PID:4968

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
PID:3588
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  PID:4924

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
PID:2004
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4996
- - C:\Windows\SysWOW64\agetlkeyls.exe
    "C:\Windows\system32\agetlkeyls.exe"
    3⤵
    PID:3844

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
PID:4292
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  PID:768
- - C:\Windows\SysWOW64\agetlkeyls.exe
    "C:\Windows\system32\agetlkeyls.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3036

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  PID:4652

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
PID:2984
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3176
- - C:\Windows\SysWOW64\agetlkeyls.exe
    "C:\Windows\system32\agetlkeyls.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Windows\SysWOW64\agetlkeyls.exe
      "C:\Windows\system32\agetlkeyls.exe"
      4⤵
      PID:5056
    - - C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        5⤵
        
        PID:1612
      - C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        6⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        7⤵
        
        PID:3440

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
PID:1144
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  PID:3472
- - C:\Windows\SysWOW64\agetlkeyls.exe
    "C:\Windows\system32\agetlkeyls.exe"
    3⤵
    PID:4080
  - - C:\Windows\SysWOW64\agetlkeyls.exe
      "C:\Windows\system32\agetlkeyls.exe"
      4⤵
      PID:1624
    - - C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        5⤵
        
        PID:1204
      - C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        6⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3844
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        8⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        9⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        10⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        11⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        12⤵
        
        PID:536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        13⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        14⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        15⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        16⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        17⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        18⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        19⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        20⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        21⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        22⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        23⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        24⤵
        
        PID:644
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        25⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        26⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        27⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        28⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        29⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        30⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        31⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        32⤵
        
        PID:816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        33⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        34⤵
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        
        PID:4116
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        35⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        36⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        37⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        38⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        39⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        40⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        41⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        42⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        43⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        44⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        45⤵
        
        PID:232
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        46⤵
        
        PID:212
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        47⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        48⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        49⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        50⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        51⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        52⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        53⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        54⤵
        
        PID:716
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        55⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        56⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        57⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        58⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        59⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        60⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        61⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        62⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        63⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        64⤵
        
        PID:560
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        65⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4652
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        66⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        67⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        68⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        69⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        70⤵
        
        PID:716
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        71⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        72⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        73⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        74⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        75⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        76⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        77⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        78⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        79⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        80⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        81⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        82⤵
        
        PID:472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        83⤵
        
        PID:316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        84⤵
        
        PID:60
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        85⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        86⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        87⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        88⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        89⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        90⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        91⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        92⤵
        
        PID:540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        93⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        94⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        95⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        96⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        97⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        98⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        99⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        100⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        101⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        102⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        103⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        104⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        105⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        106⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        107⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        108⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        109⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        110⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        111⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        112⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        113⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        114⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        115⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        116⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        117⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        118⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        119⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        120⤵
        
        PID:8
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        121⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        122⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        123⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        124⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        125⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        126⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        127⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        128⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        129⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        130⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        131⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        132⤵
        
        PID:472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        133⤵
        
        PID:316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        134⤵
        
        PID:460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        135⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        136⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        137⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        138⤵
        
        PID:852
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        139⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        140⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        141⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        142⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        143⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        144⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        145⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        146⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        147⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        148⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        149⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        150⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        151⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        152⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        153⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        154⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        155⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        156⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        157⤵
        
        PID:792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        158⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        159⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        160⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        161⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        162⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        163⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        164⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        165⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        166⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        167⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        168⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        169⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        170⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        171⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        172⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        173⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        174⤵
        
        PID:792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        175⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        176⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        177⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        178⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        179⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        180⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        181⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        182⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        183⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        184⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        185⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        186⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        187⤵
        
        PID:720
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        188⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        189⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        190⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        191⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        192⤵
        
        PID:392
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        193⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        194⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        195⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        196⤵
        
        PID:852
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        197⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        198⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        199⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        200⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        201⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        202⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        203⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        204⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        205⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        206⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        207⤵
        
        PID:1144
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        208⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        209⤵
        
        PID:644
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        210⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        211⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        212⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        213⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        214⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        215⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        216⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        217⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        218⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        219⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        220⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        221⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        222⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        223⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        224⤵
        
        PID:440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        225⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        226⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        227⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        228⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        229⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        230⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        231⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        232⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        233⤵
        
        PID:228
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        234⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        235⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        236⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        237⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        238⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        239⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        240⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        241⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        242⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        243⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        244⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        245⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        246⤵
        
        PID:1144
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        247⤵
        
        PID:316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        248⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        249⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        250⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        251⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        252⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        253⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        254⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        255⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        256⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        257⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        258⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        259⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        260⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        261⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        262⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        263⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        264⤵
        
        PID:540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        265⤵
        
        PID:60
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        266⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        267⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        268⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        269⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        270⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        271⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        272⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        273⤵
        
        PID:544
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        274⤵
        
        PID:860
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        275⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        276⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        277⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        278⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        279⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        280⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        281⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        282⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        283⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        284⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        285⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        286⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        287⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        288⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        289⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        290⤵
        
        PID:228
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        291⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        292⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        293⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        294⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        295⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        296⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        297⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        298⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        299⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        300⤵
        
        PID:316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        301⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        302⤵
        
        PID:596
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        303⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        304⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        305⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        306⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:392
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        307⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        308⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        309⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        310⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        311⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        312⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        313⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        314⤵
        
        PID:404
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        315⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        316⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        317⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        318⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        319⤵
        
        PID:8
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        320⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        321⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        322⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        323⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        324⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4968
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        325⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        326⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        327⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        328⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        329⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        330⤵
        
        PID:644
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        331⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        332⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        333⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        334⤵
        
        PID:228
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        335⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        336⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        337⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        338⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        339⤵
        
        PID:852
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        340⤵
        
        PID:860
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        341⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        342⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        343⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        344⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        345⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        346⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        347⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        348⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        349⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        350⤵
        
        PID:436
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        351⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        352⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        353⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        354⤵
        
        PID:980
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        355⤵
        
        PID:380
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        356⤵
        
        PID:316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        357⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        358⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        359⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        360⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        361⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        362⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        363⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        364⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        365⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        366⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        367⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        368⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        369⤵
        
        PID:912
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        370⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        371⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        372⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        373⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        374⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        375⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        376⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        377⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        378⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        379⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        380⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        381⤵
        
        PID:636
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        382⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        383⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        384⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        385⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        386⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        387⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        388⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        389⤵
        
        PID:596
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        390⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        391⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        392⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        393⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        394⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        395⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        396⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        397⤵
        
        PID:912
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        398⤵
        
        PID:380
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        399⤵
        
        PID:316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        400⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        401⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        402⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        403⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        404⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        405⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        406⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        407⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        408⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        409⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        410⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        411⤵
        
        PID:348
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        412⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        413⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        414⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        415⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        416⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        417⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        418⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        419⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        420⤵
        
        PID:864
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        421⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        422⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        423⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        424⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        425⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        426⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        427⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        428⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        429⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        430⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        431⤵
        
        PID:644
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        432⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        433⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        434⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        435⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        436⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        437⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        438⤵
        
        PID:520
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        439⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        440⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        441⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        442⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        443⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        444⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        445⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        446⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        447⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        448⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        449⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        450⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        451⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        452⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        453⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        454⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        455⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        456⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        457⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        458⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        459⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        460⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        461⤵
        
        PID:440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        462⤵
        
        PID:404
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        463⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        464⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        465⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        466⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        467⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        468⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        469⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        470⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        471⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        472⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        473⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        474⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        475⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        476⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        477⤵
        
        PID:764
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        478⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        479⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        480⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        481⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        482⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        483⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        484⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        485⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        486⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        487⤵
        
        PID:864
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        488⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        489⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        490⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        491⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        492⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        493⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        494⤵
        
        PID:980
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        495⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        496⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        497⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        498⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        499⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        500⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        501⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        502⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        503⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        504⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        505⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        506⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        507⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        508⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        509⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        510⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        511⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        512⤵
        
        PID:348
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        513⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        514⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        515⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        516⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        517⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        518⤵
        
        PID:644
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        519⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        520⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        521⤵
        
        PID:816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        522⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        523⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        524⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        525⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        526⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        527⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        528⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        529⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        530⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        531⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        532⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        533⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        534⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        535⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        536⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        537⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        538⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        539⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        540⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        541⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        542⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        543⤵
        
        PID:540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        544⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        545⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        546⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        547⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        548⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        549⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        550⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        551⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        552⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        553⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        554⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        555⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        556⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        557⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        558⤵
        
        PID:752
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        559⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        560⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        561⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        562⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        563⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        564⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        565⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        566⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        567⤵
        
        PID:856
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        568⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        569⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        570⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        571⤵
        
        PID:444
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        572⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        573⤵
        
        PID:740
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        574⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        575⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        576⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        577⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        578⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        579⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        580⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        581⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        582⤵
        
        PID:636
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        583⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3588
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        584⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        585⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        586⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        587⤵
        
        PID:348
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        588⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        589⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        590⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        591⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        592⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        593⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        594⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        595⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        596⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        597⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        598⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2984
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        599⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        600⤵
        
        PID:792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        601⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        602⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        603⤵
        
        PID:912
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        604⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        605⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        606⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        607⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        608⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        609⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        610⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        611⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        612⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        613⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        614⤵
        
        PID:792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        615⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        616⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        617⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        618⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        619⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        620⤵
        
        PID:624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        621⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        622⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        623⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        624⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        625⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4292
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        626⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        627⤵
        
        PID:752
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        628⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        629⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        630⤵
        
        PID:520
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        631⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        632⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        633⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        634⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        635⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        636⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        637⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        638⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        639⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        640⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        641⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        642⤵
        Checks computer location settings
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4116
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        643⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        644⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        645⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        646⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        647⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        648⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        649⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        650⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        651⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        652⤵
        
        PID:624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        653⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        654⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        655⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        656⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4924
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        657⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        658⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        659⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        660⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        661⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        662⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:768
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        663⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        664⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        665⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        666⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        667⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        668⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        669⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        670⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        671⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        672⤵
        
        PID:552
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        673⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        674⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        675⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        676⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        677⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        678⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        679⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        680⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        681⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        682⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        683⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        684⤵
        
        PID:468
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        685⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        686⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        687⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        688⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        689⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        690⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        691⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        692⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        693⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        694⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        695⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        696⤵
        
        PID:540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        697⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        698⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        699⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        700⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        701⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        702⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        703⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        704⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        705⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        706⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        707⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        708⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        709⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        710⤵
        
        PID:912
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        711⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        712⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        713⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        714⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        715⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        716⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        717⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        718⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        719⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        720⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        721⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        722⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        723⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        724⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        725⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        726⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        727⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        728⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        729⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        730⤵
        
        PID:624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        731⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        732⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        733⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        734⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        735⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        736⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        737⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        738⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        739⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        740⤵
        
        PID:980
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        741⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        742⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        743⤵
        
        PID:520
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        744⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        745⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        746⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        747⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        748⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        749⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        750⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        751⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        752⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        753⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        754⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        755⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        756⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        757⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        758⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        759⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        760⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        761⤵
        
        PID:8
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        762⤵
        
        PID:792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        763⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        764⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        765⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        766⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        767⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        768⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        769⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        770⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        771⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        772⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        773⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        774⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        775⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        776⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        777⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        778⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        779⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        780⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        781⤵
        
        PID:8
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        782⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        783⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        784⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        785⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        786⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        787⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        788⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        789⤵
        
        PID:816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        790⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        791⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        792⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        793⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        794⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        795⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        796⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        797⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        798⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        799⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        800⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        801⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        802⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        803⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        804⤵
        
        PID:796
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        805⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        806⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        807⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        808⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        809⤵
        
        PID:1436

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads