9a158e093959105e381fe82ace28d4b85a67334395aabb85ad1bf3cd3b2dcf26

Analysis

max time kernel
4s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:37 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05d27d3b8ef3f0e6b720b48a4ac95197.exe
Size

60KB
MD5

05d27d3b8ef3f0e6b720b48a4ac95197
SHA1

1cd1bf3183db924a4199329411009ce7d008a4b8
SHA256

9a158e093959105e381fe82ace28d4b85a67334395aabb85ad1bf3cd3b2dcf26
SHA512

a3d23dc1835cb46cb84cf7b6541da919a1a70b93fb2395404a34a8ee90302c27728ef3bbcd749a879f484e302ecedd350a9afe006ac74212766db94376be4d77
SSDEEP

768:dMVOQl0KWwJ917vmdox7CflsQSsgUV9d+6DAOESj6Zz6ZjkfZa8g0FO:iqK9JWdox7C9sQ59d1EOERO

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 23 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	agetlkeyls.exe

Executes dropped EXE 22 IoCs

pid	Process
3808	agetlkeyls.exe
5080	agetlkeyls.exe
392	agetlkeyls.exe
4216	agetlkeyls.exe
2156	agetlkeyls.exe
4968	agetlkeyls.exe
3588	agetlkeyls.exe
4924	agetlkeyls.exe
2004	agetlkeyls.exe
4996	agetlkeyls.exe
3844	agetlkeyls.exe
4292	agetlkeyls.exe
768	agetlkeyls.exe
3036	agetlkeyls.exe
456	agetlkeyls.exe
2544	agetlkeyls.exe
4652	agetlkeyls.exe
2984	agetlkeyls.exe
3176	agetlkeyls.exe
2492	agetlkeyls.exe
5056	agetlkeyls.exe
1612	agetlkeyls.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\psapi.lib	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File created	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe
File opened for modification	C:\Windows\SysWOW64\agetlkeyls.exe	agetlkeyls.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 23 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	agetlkeyls.exe

Suspicious use of SetWindowsHookEx 46 IoCs

pid	Process
4116	agetlkeyls.exe
4116	agetlkeyls.exe
3808	agetlkeyls.exe
3808	agetlkeyls.exe
5080	agetlkeyls.exe
5080	agetlkeyls.exe
392	agetlkeyls.exe
392	agetlkeyls.exe
4216	agetlkeyls.exe
4216	agetlkeyls.exe
2156	agetlkeyls.exe
2156	agetlkeyls.exe
4968	agetlkeyls.exe
4968	agetlkeyls.exe
3588	agetlkeyls.exe
3588	agetlkeyls.exe
4924	agetlkeyls.exe
4924	agetlkeyls.exe
2004	agetlkeyls.exe
2004	agetlkeyls.exe
4996	agetlkeyls.exe
4996	agetlkeyls.exe
3844	agetlkeyls.exe
3844	agetlkeyls.exe
4292	agetlkeyls.exe
4292	agetlkeyls.exe
768	agetlkeyls.exe
768	agetlkeyls.exe
3036	agetlkeyls.exe
3036	agetlkeyls.exe
456	agetlkeyls.exe
456	agetlkeyls.exe
2544	agetlkeyls.exe
2544	agetlkeyls.exe
4652	agetlkeyls.exe
4652	agetlkeyls.exe
2984	agetlkeyls.exe
2984	agetlkeyls.exe
3176	agetlkeyls.exe
3176	agetlkeyls.exe
2492	agetlkeyls.exe
2492	agetlkeyls.exe
5056	agetlkeyls.exe
5056	agetlkeyls.exe
1612	agetlkeyls.exe
1612	agetlkeyls.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 3808	4116	agetlkeyls.exe	775
PID 4116 wrote to memory of 3808	4116	agetlkeyls.exe	775
PID 4116 wrote to memory of 3808	4116	agetlkeyls.exe	775
PID 3808 wrote to memory of 5080	3808	agetlkeyls.exe	512
PID 3808 wrote to memory of 5080	3808	agetlkeyls.exe	512
PID 3808 wrote to memory of 5080	3808	agetlkeyls.exe	512
PID 5080 wrote to memory of 392	5080	agetlkeyls.exe	432
PID 5080 wrote to memory of 392	5080	agetlkeyls.exe	432
PID 5080 wrote to memory of 392	5080	agetlkeyls.exe	432
PID 392 wrote to memory of 4216	392	agetlkeyls.exe	812
PID 392 wrote to memory of 4216	392	agetlkeyls.exe	812
PID 392 wrote to memory of 4216	392	agetlkeyls.exe	812
PID 4216 wrote to memory of 2156	4216	agetlkeyls.exe	677
PID 4216 wrote to memory of 2156	4216	agetlkeyls.exe	677
PID 4216 wrote to memory of 2156	4216	agetlkeyls.exe	677
PID 2156 wrote to memory of 4968	2156	agetlkeyls.exe	450
PID 2156 wrote to memory of 4968	2156	agetlkeyls.exe	450
PID 2156 wrote to memory of 4968	2156	agetlkeyls.exe	450
PID 4968 wrote to memory of 3588	4968	agetlkeyls.exe	711
PID 4968 wrote to memory of 3588	4968	agetlkeyls.exe	711
PID 4968 wrote to memory of 3588	4968	agetlkeyls.exe	711
PID 3588 wrote to memory of 4924	3588	agetlkeyls.exe	788
PID 3588 wrote to memory of 4924	3588	agetlkeyls.exe	788
PID 3588 wrote to memory of 4924	3588	agetlkeyls.exe	788
PID 4924 wrote to memory of 2004	4924	agetlkeyls.exe	809
PID 4924 wrote to memory of 2004	4924	agetlkeyls.exe	809
PID 4924 wrote to memory of 2004	4924	agetlkeyls.exe	809
PID 2004 wrote to memory of 4996	2004	agetlkeyls.exe	38
PID 2004 wrote to memory of 4996	2004	agetlkeyls.exe	38
PID 2004 wrote to memory of 4996	2004	agetlkeyls.exe	38
PID 4996 wrote to memory of 3844	4996	agetlkeyls.exe	65
PID 4996 wrote to memory of 3844	4996	agetlkeyls.exe	65
PID 4996 wrote to memory of 3844	4996	agetlkeyls.exe	65
PID 3844 wrote to memory of 4292	3844	agetlkeyls.exe	757
PID 3844 wrote to memory of 4292	3844	agetlkeyls.exe	757
PID 3844 wrote to memory of 4292	3844	agetlkeyls.exe	757
PID 4292 wrote to memory of 768	4292	agetlkeyls.exe	794
PID 4292 wrote to memory of 768	4292	agetlkeyls.exe	794
PID 4292 wrote to memory of 768	4292	agetlkeyls.exe	794
PID 768 wrote to memory of 3036	768	agetlkeyls.exe	56
PID 768 wrote to memory of 3036	768	agetlkeyls.exe	56
PID 768 wrote to memory of 3036	768	agetlkeyls.exe	56
PID 3036 wrote to memory of 456	3036	agetlkeyls.exe	54
PID 3036 wrote to memory of 456	3036	agetlkeyls.exe	54
PID 3036 wrote to memory of 456	3036	agetlkeyls.exe	54
PID 456 wrote to memory of 2544	456	agetlkeyls.exe	43
PID 456 wrote to memory of 2544	456	agetlkeyls.exe	43
PID 456 wrote to memory of 2544	456	agetlkeyls.exe	43
PID 2544 wrote to memory of 4652	2544	agetlkeyls.exe	186
PID 2544 wrote to memory of 4652	2544	agetlkeyls.exe	186
PID 2544 wrote to memory of 4652	2544	agetlkeyls.exe	186
PID 4652 wrote to memory of 2984	4652	agetlkeyls.exe	728
PID 4652 wrote to memory of 2984	4652	agetlkeyls.exe	728
PID 4652 wrote to memory of 2984	4652	agetlkeyls.exe	728
PID 2984 wrote to memory of 3176	2984	agetlkeyls.exe	45
PID 2984 wrote to memory of 3176	2984	agetlkeyls.exe	45
PID 2984 wrote to memory of 3176	2984	agetlkeyls.exe	45
PID 3176 wrote to memory of 2492	3176	agetlkeyls.exe	46
PID 3176 wrote to memory of 2492	3176	agetlkeyls.exe	46
PID 3176 wrote to memory of 2492	3176	agetlkeyls.exe	46
PID 2492 wrote to memory of 5056	2492	agetlkeyls.exe	924
PID 2492 wrote to memory of 5056	2492	agetlkeyls.exe	924
PID 2492 wrote to memory of 5056	2492	agetlkeyls.exe	924
PID 5056 wrote to memory of 1612	5056	agetlkeyls.exe	689

C:\Users\Admin\AppData\Local\Temp\05d27d3b8ef3f0e6b720b48a4ac95197.exe
"C:\Users\Admin\AppData\Local\Temp\05d27d3b8ef3f0e6b720b48a4ac95197.exe"
1⤵
PID:4116
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  PID:3808
- - C:\Windows\SysWOW64\agetlkeyls.exe
    "C:\Windows\system32\agetlkeyls.exe"
    3⤵
    PID:5080
  - - C:\Windows\SysWOW64\agetlkeyls.exe
      "C:\Windows\system32\agetlkeyls.exe"
      4⤵
      PID:392
    - - C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        5⤵
        
        PID:4216
      - C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        6⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        7⤵
        
        PID:4968

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
PID:3588
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  PID:4924

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
PID:2004
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4996
- - C:\Windows\SysWOW64\agetlkeyls.exe
    "C:\Windows\system32\agetlkeyls.exe"
    3⤵
    PID:3844

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
PID:4292
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  PID:768
- - C:\Windows\SysWOW64\agetlkeyls.exe
    "C:\Windows\system32\agetlkeyls.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3036

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  PID:4652

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
PID:2984
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3176
- - C:\Windows\SysWOW64\agetlkeyls.exe
    "C:\Windows\system32\agetlkeyls.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Windows\SysWOW64\agetlkeyls.exe
      "C:\Windows\system32\agetlkeyls.exe"
      4⤵
      PID:5056
    - - C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        5⤵
        
        PID:1612
      - C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        6⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        7⤵
        
        PID:3440

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
PID:1144
- C:\Windows\SysWOW64\agetlkeyls.exe
  "C:\Windows\system32\agetlkeyls.exe"
  2⤵
  PID:3472
- - C:\Windows\SysWOW64\agetlkeyls.exe
    "C:\Windows\system32\agetlkeyls.exe"
    3⤵
    PID:4080
  - - C:\Windows\SysWOW64\agetlkeyls.exe
      "C:\Windows\system32\agetlkeyls.exe"
      4⤵
      PID:1624
    - - C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        5⤵
        
        PID:1204
      - C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        6⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3844
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        8⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        9⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        10⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        11⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        12⤵
        
        PID:536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        13⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        14⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        15⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        16⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        17⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        18⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        19⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        20⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        21⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        22⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        23⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        24⤵
        
        PID:644
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        25⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        26⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        27⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        28⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        29⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        30⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        31⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        32⤵
        
        PID:816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        33⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        34⤵
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        
        PID:4116
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        35⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        36⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        37⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        38⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        39⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        40⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        41⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        42⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        43⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        44⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        45⤵
        
        PID:232
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        46⤵
        
        PID:212
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        47⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        48⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        49⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        50⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        51⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        52⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        53⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        54⤵
        
        PID:716
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        55⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        56⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        57⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        58⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        59⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        60⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        61⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        62⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        63⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        64⤵
        
        PID:560
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        65⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4652
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        66⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        67⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        68⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        69⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        70⤵
        
        PID:716
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        71⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        72⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        73⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        74⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        75⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        76⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        77⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        78⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        79⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        80⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        81⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        82⤵
        
        PID:472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        83⤵
        
        PID:316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        84⤵
        
        PID:60
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        85⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        86⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        87⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        88⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        89⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        90⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        91⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        92⤵
        
        PID:540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        93⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        94⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        95⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        96⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        97⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        98⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        99⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        100⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        101⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        102⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        103⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        104⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        105⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        106⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        107⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        108⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        109⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        110⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        111⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        112⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        113⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        114⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        115⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        116⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        117⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        118⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        119⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        120⤵
        
        PID:8
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        121⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        122⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        123⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        124⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        125⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        126⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        127⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        128⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        129⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        130⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        131⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        132⤵
        
        PID:472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        133⤵
        
        PID:316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        134⤵
        
        PID:460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        135⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        136⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        137⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        138⤵
        
        PID:852
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        139⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        140⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        141⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        142⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        143⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        144⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        145⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        146⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        147⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        148⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        149⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        150⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        151⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        152⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        153⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        154⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        155⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        156⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        157⤵
        
        PID:792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        158⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        159⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        160⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        161⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        162⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        163⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        164⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        165⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        166⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        167⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        168⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        169⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        170⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        171⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        172⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        173⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        174⤵
        
        PID:792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        175⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        176⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        177⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        178⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        179⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        180⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        181⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        182⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        183⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        184⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        185⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        186⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        187⤵
        
        PID:720
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        188⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        189⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        190⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        191⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        192⤵
        
        PID:392
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        193⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        194⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        195⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        196⤵
        
        PID:852
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        197⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        198⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        199⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        200⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        201⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        202⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        203⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        204⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        205⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        206⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        207⤵
        
        PID:1144
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        208⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        209⤵
        
        PID:644
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        210⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        211⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        212⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        213⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        214⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        215⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        216⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        217⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        218⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        219⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        220⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        221⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        222⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        223⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        224⤵
        
        PID:440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        225⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        226⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        227⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        228⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        229⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        230⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        231⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        232⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        233⤵
        
        PID:228
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        234⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        235⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        236⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        237⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        238⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        239⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        240⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        241⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        242⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        243⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        244⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        245⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        246⤵
        
        PID:1144
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        247⤵
        
        PID:316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        248⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        249⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        250⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        251⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        252⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        253⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        254⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        255⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        256⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        257⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        258⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        259⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        260⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        261⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        262⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        263⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        264⤵
        
        PID:540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        265⤵
        
        PID:60
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        266⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        267⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        268⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        269⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        270⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        271⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        272⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        273⤵
        
        PID:544
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        274⤵
        
        PID:860
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        275⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        276⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        277⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        278⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        279⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        280⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        281⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        282⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        283⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        284⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        285⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        286⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        287⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        288⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        289⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        290⤵
        
        PID:228
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        291⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        292⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        293⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        294⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        295⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        296⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        297⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        298⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        299⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        300⤵
        
        PID:316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        301⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        302⤵
        
        PID:596
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        303⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        304⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        305⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        306⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:392
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        307⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        308⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        309⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        310⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        311⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        312⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        313⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        314⤵
        
        PID:404
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        315⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        316⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        317⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        318⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        319⤵
        
        PID:8
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        320⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        321⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        322⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        323⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        324⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4968
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        325⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        326⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        327⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        328⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        329⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        330⤵
        
        PID:644
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        331⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        332⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        333⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        334⤵
        
        PID:228
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        335⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        336⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        337⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        338⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        339⤵
        
        PID:852
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        340⤵
        
        PID:860
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        341⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        342⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        343⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        344⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        345⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        346⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        347⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        348⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        349⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        350⤵
        
        PID:436
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        351⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        352⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        353⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        354⤵
        
        PID:980
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        355⤵
        
        PID:380
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        356⤵
        
        PID:316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        357⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        358⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        359⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        360⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        361⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        362⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        363⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        364⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        365⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        366⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        367⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        368⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        369⤵
        
        PID:912
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        370⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        371⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        372⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        373⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        374⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        375⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        376⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        377⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        378⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        379⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        380⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        381⤵
        
        PID:636
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        382⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        383⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        384⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        385⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        386⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        387⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        388⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        389⤵
        
        PID:596
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        390⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        391⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        392⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        393⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        394⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        395⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        396⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        397⤵
        
        PID:912
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        398⤵
        
        PID:380
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        399⤵
        
        PID:316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        400⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        401⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        402⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        403⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        404⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        405⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        406⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        407⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        408⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        409⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        410⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        411⤵
        
        PID:348
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        412⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        413⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        414⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        415⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        416⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        417⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        418⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        419⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        420⤵
        
        PID:864
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        421⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        422⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        423⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        424⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        425⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        426⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        427⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        428⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        429⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        430⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        431⤵
        
        PID:644
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        432⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        433⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        434⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        435⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        436⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        437⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        438⤵
        
        PID:520
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        439⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        440⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        441⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        442⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        443⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        444⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        445⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        446⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        447⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        448⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        449⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        450⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        451⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        452⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        453⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        454⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        455⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        456⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        457⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        458⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        459⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        460⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        461⤵
        
        PID:440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        462⤵
        
        PID:404
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        463⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        464⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        465⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        466⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        467⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        468⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        469⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        470⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        471⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        472⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        473⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        474⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        475⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        476⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        477⤵
        
        PID:764
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        478⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        479⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        480⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        481⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        482⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        483⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        484⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        485⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        486⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        487⤵
        
        PID:864
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        488⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        489⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        490⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        491⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        492⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        493⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        494⤵
        
        PID:980
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        495⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        496⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        497⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        498⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        499⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        500⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        501⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        502⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        503⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        504⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        505⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        506⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        507⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        508⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        509⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        510⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        511⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        512⤵
        
        PID:348
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        513⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        514⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        515⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        516⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        517⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        518⤵
        
        PID:644
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        519⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        520⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        521⤵
        
        PID:816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        522⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        523⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        524⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        525⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        526⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        527⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        528⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        529⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        530⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        531⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        532⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        533⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        534⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        535⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        536⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        537⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        538⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        539⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        540⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        541⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        542⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        543⤵
        
        PID:540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        544⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        545⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        546⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        547⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        548⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        549⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        550⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        551⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        552⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        553⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        554⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        555⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        556⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        557⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        558⤵
        
        PID:752
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        559⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        560⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        561⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        562⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        563⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        564⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        565⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        566⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        567⤵
        
        PID:856
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        568⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        569⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        570⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        571⤵
        
        PID:444
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        572⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        573⤵
        
        PID:740
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        574⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        575⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        576⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        577⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        578⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        579⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        580⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        581⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        582⤵
        
        PID:636
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        583⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3588
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        584⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        585⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        586⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        587⤵
        
        PID:348
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        588⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        589⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        590⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        591⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        592⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        593⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        594⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        595⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        596⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        597⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        598⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2984
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        599⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        600⤵
        
        PID:792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        601⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        602⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        603⤵
        
        PID:912
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        604⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        605⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        606⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        607⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        608⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        609⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        610⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        611⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        612⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        613⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        614⤵
        
        PID:792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        615⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        616⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        617⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        618⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        619⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        620⤵
        
        PID:624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        621⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        622⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        623⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        624⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        625⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4292
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        626⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        627⤵
        
        PID:752
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        628⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        629⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        630⤵
        
        PID:520
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        631⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        632⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        633⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        634⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        635⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        636⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        637⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        638⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        639⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        640⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        641⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        642⤵
        Checks computer location settings
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4116
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        643⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        644⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        645⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        646⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        647⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        648⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        649⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        650⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        651⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        652⤵
        
        PID:624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        653⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        654⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        655⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        656⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4924
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        657⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        658⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        659⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        660⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        661⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        662⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:768
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        663⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        664⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        665⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        666⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        667⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        668⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        669⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        670⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        671⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        672⤵
        
        PID:552
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        673⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        674⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        675⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        676⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        677⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        678⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        679⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        680⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        681⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        682⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        683⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        684⤵
        
        PID:468
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        685⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        686⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        687⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        688⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        689⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        690⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        691⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        692⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        693⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        694⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        695⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        696⤵
        
        PID:540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        697⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        698⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        699⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        700⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        701⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        702⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        703⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        704⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        705⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        706⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        707⤵
        
        PID:688
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        708⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        709⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        710⤵
        
        PID:912
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        711⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        712⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        713⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        714⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        715⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        716⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        717⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        718⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        719⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        720⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        721⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        722⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        723⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        724⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        725⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        726⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        727⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        728⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        729⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        730⤵
        
        PID:624
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        731⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        732⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        733⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        734⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        735⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        736⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        737⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        738⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        739⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        740⤵
        
        PID:980
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        741⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        742⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        743⤵
        
        PID:520
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        744⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        745⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        746⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        747⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        748⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        749⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        750⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        751⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        752⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        753⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        754⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        755⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        756⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        757⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        758⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        759⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        760⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        761⤵
        
        PID:8
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        762⤵
        
        PID:792
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        763⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        764⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        765⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        766⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        767⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        768⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        769⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        770⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        771⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        772⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        773⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        774⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        775⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        776⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        777⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        778⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        779⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        780⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        781⤵
        
        PID:8
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        782⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        783⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        784⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        785⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        786⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        787⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        788⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        789⤵
        
        PID:816
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        790⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        791⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        792⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5056
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        793⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        794⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        795⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        796⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        797⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        798⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        799⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        800⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        801⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        802⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        803⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        804⤵
        
        PID:796
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        805⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        806⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        807⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        808⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\agetlkeyls.exe
        
        "C:\Windows\system32\agetlkeyls.exe"
        809⤵
        
        PID:1436

C:\Windows\SysWOW64\agetlkeyls.exe
"C:\Windows\system32\agetlkeyls.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:456

Network

DNS

0.181.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.181.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

79.121.231.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.121.231.20.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR
DNS

104.241.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.241.123.92.in-addr.arpa

IN PTR

Response

104.241.123.92.in-addr.arpa

IN PTR

a92-123-241-104deploystaticakamaitechnologiescom
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

176.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.178.17.96.in-addr.arpa

IN PTR

Response

176.178.17.96.in-addr.arpa

IN PTR

a96-17-178-176deploystaticakamaitechnologiescom
DNS

176.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.178.17.96.in-addr.arpa

IN PTR
DNS

211.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.135.221.88.in-addr.arpa

IN PTR

Response

211.135.221.88.in-addr.arpa

IN PTR

a88-221-135-211deploystaticakamaitechnologiescom
DNS

211.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.135.221.88.in-addr.arpa

IN PTR
DNS

32.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.134.221.88.in-addr.arpa

IN PTR

Response

32.134.221.88.in-addr.arpa

IN PTR

a88-221-134-32deploystaticakamaitechnologiescom
DNS

11.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.227.111.52.in-addr.arpa

IN PTR

Response
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

217.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.135.221.88.in-addr.arpa

IN PTR

Response

217.135.221.88.in-addr.arpa

IN PTR

a88-221-135-217deploystaticakamaitechnologiescom
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR
DNS

Remote address:

8.8.8.8:53

Response

dl.delivery.mp.microsoft.com

IN CNAME

dcat-nlu-fg-shim.trafficmanager.net

dcat-nlu-fg-shim.trafficmanager.net

IN CNAME

dl.delivery.mp.microsoft.com-c.edgesuite.net

dl.delivery.mp.microsoft.com-c.edgesuite.net

IN CNAME

a1683.dscd.akamai.net

a1683.dscd.akamai.net

IN A

88.221.135.217

a1683.dscd.akamai.net

IN A

88.221.134.18
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

204.79.197.200:443

tls

46 B
1.4kB
1
1
204.79.197.200:443

tse1.mm.bing.net

tls

1.4kB
8.2kB
14
13
204.79.197.200:443

14.3kB
407.1kB
300
300
204.79.197.200:443

tls

388 B
419 B
5
5
204.79.197.200:443

tls

254 B
7.0kB
5
5

8.8.8.8:53

0.181.190.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

0.181.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

79.121.231.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

79.121.231.20.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

59.128.231.4.in-addr.arpa

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

142 B
145 B
2
1

DNS Request

206.23.85.13.in-addr.arpa

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

104.241.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

104.241.123.92.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

176.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

176.178.17.96.in-addr.arpa

DNS Request

176.178.17.96.in-addr.arpa
8.8.8.8:53

211.135.221.88.in-addr.arpa

dns

146 B
139 B
2
1

DNS Request

211.135.221.88.in-addr.arpa

DNS Request

211.135.221.88.in-addr.arpa
8.8.8.8:53

32.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

32.134.221.88.in-addr.arpa
8.8.8.8:53

11.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

11.227.111.52.in-addr.arpa
8.8.8.8:53

217.135.221.88.in-addr.arpa

dns

146 B
278 B
2
2

DNS Request

217.135.221.88.in-addr.arpa

DNS Request

217.135.221.88.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

198.187.3.20.in-addr.arpa

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

dns

242 B
1

DNS Response

88.221.135.217

88.221.134.18
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

142 B
116 B
2
1

DNS Request

0.204.248.87.in-addr.arpa

DNS Request

0.204.248.87.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.