fakeav | a212ce3b73d111d138568fa10a26dcecafd47a2d9ea3ce26c08ab9a7f1f9edd6

Target

fb71fba4893f205b0f62e2a8bc4f7294.exe
Size

724KB
MD5

fb71fba4893f205b0f62e2a8bc4f7294
SHA1

404e7845d1b6ca8fb4ab92000b1c3c80e4623843
SHA256

a212ce3b73d111d138568fa10a26dcecafd47a2d9ea3ce26c08ab9a7f1f9edd6
SHA512

55c5e812f90c9d8de7babaa23e1c003ca8c03f995bcd93335e7edc7887eda11e423b03efcb587a00e5e2be3694539387eea96e2b73f7e1bee5e123db1128c914

Score

10^/10

fakeav xmrig fakeav miner persistence spyware

Malware Config

Signatures

FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
fakeav spyware fakeav
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

FakeAV payload 2 IoCs

fakeav spyware

Processes:

resource	yara_rule
\Windows\SysWOW64\lssmon.exe	fakeav
C:\Windows\SysWOW64\lssmon.exe	fakeav

Executes dropped EXE 143 IoCs

Processes:

srtsrv32.exelssmon.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEsrtsrv32.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEsrtsrv32.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEwmiprvse.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXE

pid	process
1380	srtsrv32.exe
1996	lssmon.exe
652	LSASSMGR.EXE
1572	LSASSMGR.EXE
532	LSASSMGR.EXE
1752	LSASSMGR.EXE
308	LSASSMGR.EXE
1588	LSASSMGR.EXE
1656	srtsrv32.exe
1296	LSASSMGR.EXE
1688	LSASSMGR.EXE
860	LSASSMGR.EXE
404	srtsrv32.exe
744	LSASSMGR.EXE
1680	LSASSMGR.EXE
1064	LSASSMGR.EXE
1428	LSASSMGR.EXE
1612	LSASSMGR.EXE
1316	LSASSMGR.EXE
1824	LSASSMGR.EXE
1148	LSASSMGR.EXE
472	LSASSMGR.EXE
1796	LSASSMGR.EXE
1872	LSASSMGR.EXE
1572	LSASSMGR.EXE
1760	LSASSMGR.EXE
1712	LSASSMGR.EXE
1472	LSASSMGR.EXE
532	LSASSMGR.EXE
1504	LSASSMGR.EXE
308	LSASSMGR.EXE
1028	LSASSMGR.EXE
316	LSASSMGR.EXE
980	LSASSMGR.EXE
812	LSASSMGR.EXE
1160	LSASSMGR.EXE
928	LSASSMGR.EXE
780	LSASSMGR.EXE
1812	LSASSMGR.EXE
788	LSASSMGR.EXE
1408	LSASSMGR.EXE
1688	LSASSMGR.EXE
1388	LSASSMGR.EXE
1736	LSASSMGR.EXE
1680	LSASSMGR.EXE
1064	LSASSMGR.EXE
1788	LSASSMGR.EXE
692	LSASSMGR.EXE
332	LSASSMGR.EXE
1772	LSASSMGR.EXE
1748	LSASSMGR.EXE
472	wmiprvse.exe
1740	LSASSMGR.EXE
1784	LSASSMGR.EXE
1872	LSASSMGR.EXE
1848	LSASSMGR.EXE
1060	LSASSMGR.EXE
1900	LSASSMGR.EXE
308	LSASSMGR.EXE
1256	LSASSMGR.EXE
668	LSASSMGR.EXE
2044	LSASSMGR.EXE
616	LSASSMGR.EXE
1348	LSASSMGR.EXE

Sets file execution options in registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Loads dropped DLL 289 IoCs

Processes:

fb71fba4893f205b0f62e2a8bc4f7294.exesrtsrv32.exelssmon.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEsrtsrv32.exeLSASSMGR.EXEsrtsrv32.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEWerFault.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEwmiprvse.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXE

pid	process
1836	fb71fba4893f205b0f62e2a8bc4f7294.exe
1836	fb71fba4893f205b0f62e2a8bc4f7294.exe
1836	fb71fba4893f205b0f62e2a8bc4f7294.exe
1380	srtsrv32.exe
1380	srtsrv32.exe
1996	lssmon.exe
1996	lssmon.exe
652	LSASSMGR.EXE
652	LSASSMGR.EXE
1572	LSASSMGR.EXE
1572	LSASSMGR.EXE
1752	LSASSMGR.EXE
1752	LSASSMGR.EXE
532	LSASSMGR.EXE
532	LSASSMGR.EXE
1996	lssmon.exe
1996	lssmon.exe
1588	LSASSMGR.EXE
1588	LSASSMGR.EXE
308	LSASSMGR.EXE
308	LSASSMGR.EXE
1996	lssmon.exe
1296	LSASSMGR.EXE
1996	lssmon.exe
1296	LSASSMGR.EXE
1656	srtsrv32.exe
1656	srtsrv32.exe
1688	LSASSMGR.EXE
404	srtsrv32.exe
1688	LSASSMGR.EXE
404	srtsrv32.exe
744	LSASSMGR.EXE
744	LSASSMGR.EXE
860	LSASSMGR.EXE
860	LSASSMGR.EXE
1680	LSASSMGR.EXE
1612	LSASSMGR.EXE
1680	LSASSMGR.EXE
1612	LSASSMGR.EXE
1064	LSASSMGR.EXE
1428	LSASSMGR.EXE
1428	LSASSMGR.EXE
1064	LSASSMGR.EXE
1980	WerFault.exe
1824	LSASSMGR.EXE
1824	LSASSMGR.EXE
1980	WerFault.exe
1148	LSASSMGR.EXE
1148	LSASSMGR.EXE
1316	LSASSMGR.EXE
1316	LSASSMGR.EXE
1796	LSASSMGR.EXE
1796	LSASSMGR.EXE
472	wmiprvse.exe
472	wmiprvse.exe
1572	LSASSMGR.EXE
1572	LSASSMGR.EXE
1760	LSASSMGR.EXE
1872	LSASSMGR.EXE
1872	LSASSMGR.EXE
1760	LSASSMGR.EXE
1712	LSASSMGR.EXE
1712	LSASSMGR.EXE
532	LSASSMGR.EXE

Adds Run key to start application 2 TTPs 106 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

LSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEsrtsrv32.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXElssmon.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXE

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	srtsrv32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	lssmon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE

Drops file in System32 directory 210 IoCs

Processes:

LSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEsrtsrv32.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEwmiprvse.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXE

description	ioc	process
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	srtsrv32.exe
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	wmiprvse.exe
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE

Drops file in Program Files directory 204 IoCs

Processes:

LSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEsrtsrv32.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEsrtsrv32.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEwmiprvse.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXE

description	ioc	process
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	srtsrv32.exe
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	srtsrv32.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	wmiprvse.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE

Drops file in Windows directory 1 IoCs

Processes:

fb71fba4893f205b0f62e2a8bc4f7294.exe

description ioc process

File created C:\Windows\divx32.dll fb71fba4893f205b0f62e2a8bc4f7294.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1980 1996 WerFault.exe lssmon.exe
Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

WerFault.exe

pid process

1980 WerFault.exe
1980 WerFault.exe
1980 WerFault.exe
1980 WerFault.exe
1980 WerFault.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WerFault.exe

description pid process

Token: SeDebugPrivilege 1980 WerFault.exe

description	ioc	process
File created	C:\Windows\divx32.dll	fb71fba4893f205b0f62e2a8bc4f7294.exe

pid	pid_target	process	target process
1980	1996	WerFault.exe	lssmon.exe

pid	process
1980	WerFault.exe
1980	WerFault.exe
1980	WerFault.exe
1980	WerFault.exe
1980	WerFault.exe

description	pid	process
Token: SeDebugPrivilege	1980	WerFault.exe

Suspicious use of WriteProcessMemory 580 IoCs

Processes:

fb71fba4893f205b0f62e2a8bc4f7294.exesrtsrv32.exelssmon.exeLSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXELSASSMGR.EXEsrtsrv32.exeLSASSMGR.EXE

description	pid	process	target process
PID 1836 wrote to memory of 1380	1836	fb71fba4893f205b0f62e2a8bc4f7294.exe	srtsrv32.exe
PID 1836 wrote to memory of 1380	1836	fb71fba4893f205b0f62e2a8bc4f7294.exe	srtsrv32.exe
PID 1836 wrote to memory of 1380	1836	fb71fba4893f205b0f62e2a8bc4f7294.exe	srtsrv32.exe
PID 1836 wrote to memory of 1380	1836	fb71fba4893f205b0f62e2a8bc4f7294.exe	srtsrv32.exe
PID 1836 wrote to memory of 1996	1836	fb71fba4893f205b0f62e2a8bc4f7294.exe	lssmon.exe
PID 1836 wrote to memory of 1996	1836	fb71fba4893f205b0f62e2a8bc4f7294.exe	lssmon.exe
PID 1836 wrote to memory of 1996	1836	fb71fba4893f205b0f62e2a8bc4f7294.exe	lssmon.exe
PID 1836 wrote to memory of 1996	1836	fb71fba4893f205b0f62e2a8bc4f7294.exe	lssmon.exe
PID 1380 wrote to memory of 652	1380	srtsrv32.exe	LSASSMGR.EXE
PID 1380 wrote to memory of 652	1380	srtsrv32.exe	LSASSMGR.EXE
PID 1380 wrote to memory of 652	1380	srtsrv32.exe	LSASSMGR.EXE
PID 1380 wrote to memory of 652	1380	srtsrv32.exe	LSASSMGR.EXE
PID 1996 wrote to memory of 1572	1996	lssmon.exe	LSASSMGR.EXE
PID 1996 wrote to memory of 1572	1996	lssmon.exe	LSASSMGR.EXE
PID 1996 wrote to memory of 1572	1996	lssmon.exe	LSASSMGR.EXE
PID 1996 wrote to memory of 1572	1996	lssmon.exe	LSASSMGR.EXE
PID 652 wrote to memory of 532	652	LSASSMGR.EXE	LSASSMGR.EXE
PID 652 wrote to memory of 532	652	LSASSMGR.EXE	LSASSMGR.EXE
PID 652 wrote to memory of 532	652	LSASSMGR.EXE	LSASSMGR.EXE
PID 652 wrote to memory of 532	652	LSASSMGR.EXE	LSASSMGR.EXE
PID 1572 wrote to memory of 1752	1572	LSASSMGR.EXE	LSASSMGR.EXE
PID 1572 wrote to memory of 1752	1572	LSASSMGR.EXE	LSASSMGR.EXE
PID 1572 wrote to memory of 1752	1572	LSASSMGR.EXE	LSASSMGR.EXE
PID 1572 wrote to memory of 1752	1572	LSASSMGR.EXE	LSASSMGR.EXE
PID 1752 wrote to memory of 308	1752	LSASSMGR.EXE	LSASSMGR.EXE
PID 1752 wrote to memory of 308	1752	LSASSMGR.EXE	LSASSMGR.EXE
PID 1752 wrote to memory of 308	1752	LSASSMGR.EXE	LSASSMGR.EXE
PID 1752 wrote to memory of 308	1752	LSASSMGR.EXE	LSASSMGR.EXE
PID 532 wrote to memory of 1588	532	LSASSMGR.EXE	LSASSMGR.EXE
PID 532 wrote to memory of 1588	532	LSASSMGR.EXE	LSASSMGR.EXE
PID 532 wrote to memory of 1588	532	LSASSMGR.EXE	LSASSMGR.EXE
PID 532 wrote to memory of 1588	532	LSASSMGR.EXE	LSASSMGR.EXE
PID 1996 wrote to memory of 1656	1996	lssmon.exe	srtsrv32.exe
PID 1996 wrote to memory of 1656	1996	lssmon.exe	srtsrv32.exe
PID 1996 wrote to memory of 1656	1996	lssmon.exe	srtsrv32.exe
PID 1996 wrote to memory of 1656	1996	lssmon.exe	srtsrv32.exe
PID 1588 wrote to memory of 1296	1588	LSASSMGR.EXE	LSASSMGR.EXE
PID 1588 wrote to memory of 1296	1588	LSASSMGR.EXE	LSASSMGR.EXE
PID 1588 wrote to memory of 1296	1588	LSASSMGR.EXE	LSASSMGR.EXE
PID 1588 wrote to memory of 1296	1588	LSASSMGR.EXE	LSASSMGR.EXE
PID 308 wrote to memory of 1688	308	LSASSMGR.EXE	LSASSMGR.EXE
PID 308 wrote to memory of 1688	308	LSASSMGR.EXE	LSASSMGR.EXE
PID 308 wrote to memory of 1688	308	LSASSMGR.EXE	LSASSMGR.EXE
PID 308 wrote to memory of 1688	308	LSASSMGR.EXE	LSASSMGR.EXE
PID 1996 wrote to memory of 404	1996	lssmon.exe	srtsrv32.exe
PID 1996 wrote to memory of 404	1996	lssmon.exe	srtsrv32.exe
PID 1996 wrote to memory of 404	1996	lssmon.exe	srtsrv32.exe
PID 1996 wrote to memory of 404	1996	lssmon.exe	srtsrv32.exe
PID 1296 wrote to memory of 744	1296	LSASSMGR.EXE	LSASSMGR.EXE
PID 1296 wrote to memory of 744	1296	LSASSMGR.EXE	LSASSMGR.EXE
PID 1296 wrote to memory of 744	1296	LSASSMGR.EXE	LSASSMGR.EXE
PID 1296 wrote to memory of 744	1296	LSASSMGR.EXE	LSASSMGR.EXE
PID 1656 wrote to memory of 860	1656	srtsrv32.exe	LSASSMGR.EXE
PID 1656 wrote to memory of 860	1656	srtsrv32.exe	LSASSMGR.EXE
PID 1656 wrote to memory of 860	1656	srtsrv32.exe	LSASSMGR.EXE
PID 1656 wrote to memory of 860	1656	srtsrv32.exe	LSASSMGR.EXE
PID 1996 wrote to memory of 1980	1996	lssmon.exe	WerFault.exe
PID 1996 wrote to memory of 1980	1996	lssmon.exe	WerFault.exe
PID 1996 wrote to memory of 1980	1996	lssmon.exe	WerFault.exe
PID 1996 wrote to memory of 1980	1996	lssmon.exe	WerFault.exe
PID 1688 wrote to memory of 1064	1688	LSASSMGR.EXE	LSASSMGR.EXE
PID 1688 wrote to memory of 1064	1688	LSASSMGR.EXE	LSASSMGR.EXE
PID 1688 wrote to memory of 1064	1688	LSASSMGR.EXE	LSASSMGR.EXE
PID 1688 wrote to memory of 1064	1688	LSASSMGR.EXE	LSASSMGR.EXE

C:\Users\Admin\AppData\Local\Temp\fb71fba4893f205b0f62e2a8bc4f7294.exe
"C:\Users\Admin\AppData\Local\Temp\fb71fba4893f205b0f62e2a8bc4f7294.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1836

C:\Windows\SysWOW64\srtsrv32.exe
"C:\Windows\system32\srtsrv32.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1380

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:652

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
4⤵
PID:532

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1588

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1296

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
PID:744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1428

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
PID:472

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
PID:1712

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
PID:1504

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:1028

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
PID:1160

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
PID:788

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
PID:1388

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
PID:1788

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1844

C:\Windows\SysWOW64\lssmon.exe
"C:\Windows\system32\lssmon.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1996

C:\Windows\SysWOW64\srtsrv32.exe
"C:\Windows\system32\srtsrv32.exe"
3⤵
PID:1572

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1752

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
5⤵
PID:308

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
6⤵
PID:1688

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
7⤵
PID:1064

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
PID:1148

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
PID:1872

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
PID:1472

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
PID:308

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:980

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
PID:928

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
PID:780

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1688

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1680

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
PID:1160

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1328

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
PID:268

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:1040

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
18⤵
PID:1988

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:2044

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
PID:1844

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
- Drops file in Program Files directory
PID:1032

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
PID:1624

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:1968

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
PID:1148

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
18⤵
PID:1776

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
PID:1784

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
PID:1676

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1852

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
- Executes dropped EXE
PID:780

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
PID:1632

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:960

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:524

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1540

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
27⤵
PID:1560

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
28⤵
PID:1772

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
29⤵
PID:664

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
30⤵
PID:1112

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
31⤵
PID:1916

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
32⤵
PID:2016

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
33⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1992

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
34⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
PID:1064

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
35⤵
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1904

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
36⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:1472

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
37⤵
PID:1036

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
38⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:2044

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
39⤵
PID:668

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1652

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:1388

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
42⤵
PID:824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
43⤵
PID:848

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
44⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1712

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
45⤵
PID:1400

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
46⤵
PID:792

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
47⤵
- Adds Run key to start application
PID:1676

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
48⤵
PID:928

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
34⤵
PID:812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
35⤵
PID:484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
36⤵
PID:2016

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
37⤵
PID:1872

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
38⤵
PID:968

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
39⤵
PID:1844

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
PID:1856

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
PID:1744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
42⤵
PID:1632

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
43⤵
PID:1408

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
44⤵
PID:652

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
45⤵
PID:1812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
46⤵
PID:1372

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
47⤵
PID:1616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
48⤵
PID:1732

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
49⤵
PID:616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
32⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
PID:812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
33⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
PID:308

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
34⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:1880

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
35⤵
PID:1564

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
28⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:936

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
29⤵
PID:472

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
30⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:432

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:1736

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
- Adds Run key to start application
PID:1560

C:\Windows\SysWOW64\srtsrv32.exe
"C:\Windows\system32\srtsrv32.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
PID:404

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
4⤵
PID:1680

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
5⤵
PID:1824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
6⤵
PID:1796

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
PID:1760

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:532

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
- Executes dropped EXE
PID:316

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
PID:812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
PID:1812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:1408

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
PID:1736

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
5⤵
PID:692

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
6⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
PID:1748

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
7⤵
PID:1740

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
PID:1848

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
PID:308

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
PID:304

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
PID:1812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:1408

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
PID:1556

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:652

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
PID:1660

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
PID:1776

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
PID:432

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
18⤵
PID:668

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
- Drops file in System32 directory
PID:304

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
PID:788

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:2012

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1688

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
PID:1788

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:944

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:1504

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
PID:1848

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
27⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1924

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
28⤵
- Drops file in System32 directory
- Drops file in Program Files directory
PID:344

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
29⤵
PID:1348

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
30⤵
PID:1880

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
31⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
PID:1408

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
32⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
33⤵
PID:1720

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
34⤵
PID:1780

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
35⤵
PID:760

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
36⤵
PID:1300

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
37⤵
PID:968

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
38⤵
PID:1812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
38⤵
PID:1836

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
39⤵
PID:1164

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
PID:848

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1688

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
37⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1348

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
38⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1160

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
39⤵
PID:824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:860

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
PID:1720

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
42⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
43⤵
PID:1380

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
44⤵
PID:1624

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
45⤵
PID:332

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
46⤵
PID:1780

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
47⤵
PID:1072

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
48⤵
PID:2016

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
49⤵
PID:972

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
50⤵
PID:1632

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
51⤵
PID:1920

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
52⤵
PID:1780

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
53⤵
PID:1716

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
54⤵
PID:1280

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
55⤵
PID:1372

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
56⤵
PID:972

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
57⤵
PID:524

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
58⤵
PID:332

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
59⤵
PID:1256

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
60⤵
PID:1824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
61⤵
PID:2004

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
62⤵
PID:1156

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
63⤵
PID:1688

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
64⤵
PID:1624

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
65⤵
PID:1184

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
66⤵
PID:1920

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
67⤵
PID:1564

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
68⤵
PID:1748

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
69⤵
PID:1856

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
70⤵
PID:1020

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
71⤵
PID:1880

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
72⤵
PID:1388

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
73⤵
PID:2012

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
63⤵
PID:1184

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
64⤵
PID:896

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
65⤵
PID:1164

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
66⤵
PID:812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
67⤵
PID:1796

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
68⤵
PID:1284

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
69⤵
PID:1564

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
70⤵
PID:1736

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
71⤵
PID:1020

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
72⤵
PID:1156

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
73⤵
PID:1184

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
74⤵
PID:1700

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
75⤵
PID:1732

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
76⤵
PID:928

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
77⤵
PID:1796

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
78⤵
PID:1284

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
79⤵
PID:640

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
80⤵
PID:1716

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
81⤵
PID:1320

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
82⤵
PID:1020

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
83⤵
PID:1824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
84⤵
PID:1280

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
85⤵
PID:824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
86⤵
PID:928

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
87⤵
PID:944

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
88⤵
PID:1284

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
89⤵
PID:1820

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
90⤵
PID:536

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
91⤵
PID:1256

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
92⤵
PID:1812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
93⤵
PID:1184

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
94⤵
PID:1836

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
95⤵
PID:904

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
PID:1780

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
PID:1812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
42⤵
PID:1688

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
43⤵
PID:1744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
44⤵
PID:1068

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
45⤵
PID:524

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
46⤵
PID:788

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
47⤵
PID:744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
48⤵
PID:1564

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
49⤵
PID:1280

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
50⤵
PID:1748

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
51⤵
PID:1856

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
52⤵
PID:1872

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
53⤵
PID:1160

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
54⤵
PID:1112

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
55⤵
PID:1732

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
56⤵
PID:572

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
57⤵
PID:1100

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
58⤵
PID:268

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
59⤵
PID:1344

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
60⤵
PID:1372

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
61⤵
PID:1700

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
62⤵
PID:1720

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
63⤵
PID:1380

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
64⤵
PID:308

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
65⤵
PID:1292

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
66⤵
PID:2016

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
67⤵
PID:944

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
68⤵
PID:1148

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
69⤵
PID:536

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
57⤵
PID:1072

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
58⤵
PID:268

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
59⤵
PID:1688

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
60⤵
PID:1372

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
61⤵
PID:1700

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
62⤵
PID:1720

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
63⤵
PID:1536

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
64⤵
PID:828

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
65⤵
PID:836

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
66⤵
PID:1780

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
67⤵
PID:1348

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
68⤵
PID:1320

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
69⤵
PID:1328

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
70⤵
PID:668

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
71⤵
PID:1608

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
72⤵
PID:2012

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
73⤵
PID:1284

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
74⤵
PID:1072

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
75⤵
PID:1856

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
76⤵
PID:560

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
38⤵
PID:1252

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
39⤵
PID:1836

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
PID:616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
PID:572

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
PID:1284

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
PID:1344

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:1320

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:2024

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
PID:972

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:2016

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
PID:1688

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1064

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:1704

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:1708

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
PID:1900

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
27⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:668

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
28⤵
PID:744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1060

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
18⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:664

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
PID:916

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:928

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
PID:268

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
- Drops file in System32 directory
- Drops file in Program Files directory
PID:300

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1256

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:972

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
PID:1968

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
27⤵
PID:524

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
28⤵
PID:1068

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
29⤵
PID:1716

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
30⤵
PID:1344

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
31⤵
PID:904

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
32⤵
PID:1744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
33⤵
PID:860

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
34⤵
PID:1844

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
35⤵
PID:1256

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
36⤵
PID:1812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
37⤵
PID:1856

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
38⤵
PID:904

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
39⤵
PID:1988

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
PID:1720

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
PID:1796

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
42⤵
PID:1100

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
43⤵
PID:944

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
44⤵
PID:304

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
45⤵
PID:2024

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
46⤵
PID:1872

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
47⤵
PID:960

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
48⤵
PID:1256

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
49⤵
PID:812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
50⤵
PID:1660

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
51⤵
PID:1968

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
52⤵
PID:1900

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
53⤵
PID:1720

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
54⤵
PID:824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
39⤵
PID:652

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
PID:1992

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
PID:1536

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
42⤵
PID:1616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
43⤵
PID:1068

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
44⤵
PID:304

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
45⤵
PID:960

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
46⤵
PID:896

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
47⤵
PID:1832

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
48⤵
PID:1672

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
49⤵
PID:1384

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
50⤵
PID:1496

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
44⤵
PID:1920

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
45⤵
PID:524

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
46⤵
PID:1040

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
47⤵
PID:1256

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
48⤵
PID:2044

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
49⤵
PID:1160

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
50⤵
PID:1384

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
51⤵
PID:1316

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
52⤵
PID:1904

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
53⤵
PID:2008

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
54⤵
PID:848

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
55⤵
PID:2012

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
56⤵
PID:1716

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
- Executes dropped EXE
- Adds Run key to start application
PID:788

C:\Windows\SysWOW64\srtsrv32.exe
"C:\Windows\system32\srtsrv32.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1656

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
4⤵
PID:860

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:1612

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
6⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:1316

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1572

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
PID:608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 336
3⤵
- Loads dropped DLL
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1980

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
1⤵
PID:1064

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
2⤵
PID:332

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
3⤵
- Executes dropped EXE
- Adds Run key to start application
PID:472

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
4⤵
PID:1872

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
5⤵
PID:1900

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
6⤵
PID:668

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
7⤵
PID:616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:1424

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:2004

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
PID:1560

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
PID:1772

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:432

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
- Drops file in Program Files directory
PID:1984

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
PID:1652

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
PID:1844

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:860

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
PID:1744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
18⤵
PID:1064

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
- Executes dropped EXE
- Adds Run key to start application
PID:332

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
PID:1472

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
- Executes dropped EXE
PID:1784

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
PID:1872

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
PID:1256

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
PID:560

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:960

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
18⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1788

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
PID:936

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
PID:1724

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
PID:1256

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
PID:484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
PID:968

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
1⤵
PID:1772

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
2⤵
PID:1784

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
3⤵
PID:1060

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
1⤵
PID:1256

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
2⤵
PID:1348

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
3⤵
PID:1880

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
4⤵
PID:1328

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
5⤵
PID:1736

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
6⤵
PID:300

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
7⤵
PID:1040

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
- Adds Run key to start application
PID:1700

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
PID:1472

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
PID:1872

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:308

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
2⤵
PID:1520

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
3⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1632

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
4⤵
PID:1856

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
PID:1796

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
6⤵
PID:1736

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
7⤵
PID:936

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
PID:1060

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1740

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
- Drops file in Program Files directory
PID:1296

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1112

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:572

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
PID:300

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
PID:1644

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
PID:1736

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
- Adds Run key to start application
PID:1660

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
- Loads dropped DLL
PID:1316

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
18⤵
PID:1772

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
PID:664

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
PID:1020

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
PID:744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
PID:1732

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
- Drops file in System32 directory
PID:524

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:1644

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
- Drops file in System32 directory
PID:1916

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
- Drops file in Program Files directory
PID:1556

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1848

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:1772

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
PID:2020

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
PID:1036

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
PID:1300

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
PID:1504

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:980

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:1028

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
4⤵
PID:664

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
1⤵
PID:1880

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:692

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
3⤵
- Adds Run key to start application
PID:1624

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:1744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
2⤵
PID:1764

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:308

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
4⤵
PID:692

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
5⤵
PID:2024

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
6⤵
PID:1428

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
7⤵
PID:812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
PID:616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
PID:484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
PID:560

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
PID:1624

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:572

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
PID:1992

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
PID:1812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:968

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
PID:1700

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
PID:1824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
PID:1292

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
PID:2016

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
PID:816

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
18⤵
PID:1336

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
PID:1520

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
PID:560

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
PID:524

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
PID:1112

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
PID:956

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:1384

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:828

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
PID:652

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
27⤵
PID:944

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
28⤵
PID:1624

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
29⤵
PID:1344

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
30⤵
PID:1020

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
29⤵
PID:1184

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
30⤵
PID:1700

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
31⤵
PID:1372

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
32⤵
PID:1824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
33⤵
PID:956

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
34⤵
PID:308

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
35⤵
PID:1380

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
36⤵
PID:652

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
37⤵
PID:1348

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
38⤵
PID:1660

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
39⤵
PID:1408

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
PID:332

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
PID:1372

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
42⤵
PID:812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
43⤵
PID:2016

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
44⤵
PID:1900

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
45⤵
PID:1380

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
46⤵
PID:1500

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
47⤵
PID:1100

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
48⤵
PID:1156

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
PID:560

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
PID:1752

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
PID:616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
PID:1496

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:1368

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:816

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
PID:484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
27⤵
PID:268

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
28⤵
PID:960

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
29⤵
PID:668

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
30⤵
PID:788

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
31⤵
PID:1744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
32⤵
PID:956

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
33⤵
PID:824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
34⤵
PID:1300

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
35⤵
PID:2004

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
36⤵
PID:1624

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
37⤵
PID:1660

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
38⤵
PID:1764

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
39⤵
PID:1156

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
PID:1688

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
PID:1344

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
42⤵
PID:1160

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
43⤵
PID:1188

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
44⤵
PID:1680

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
45⤵
PID:572

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
46⤵
PID:1484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
47⤵
PID:1920

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
48⤵
PID:1616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
49⤵
PID:1736

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
50⤵
PID:1520

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
51⤵
PID:1040

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
52⤵
PID:1056

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
53⤵
PID:1752

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
54⤵
PID:1844

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
55⤵
PID:652

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
56⤵
PID:1780

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
57⤵
PID:1348

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
58⤵
PID:1796

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
59⤵
PID:640

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
60⤵
PID:1320

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
61⤵
PID:1520

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
62⤵
PID:1740

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
63⤵
PID:1184

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
64⤵
PID:904

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
65⤵
PID:828

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
66⤵
PID:1748

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
67⤵
PID:1300

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
68⤵
PID:1696

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
69⤵
PID:1484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
70⤵
PID:484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
71⤵
PID:1100

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
72⤵
PID:1112

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
73⤵
PID:1320

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
74⤵
PID:960

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
75⤵
PID:1292

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
76⤵
PID:1740

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
63⤵
PID:904

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
64⤵
PID:828

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
65⤵
PID:1748

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
66⤵
PID:1300

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
67⤵
PID:1696

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
68⤵
PID:1716

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
69⤵
PID:268

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
70⤵
PID:548

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
71⤵
PID:968

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
72⤵
PID:1320

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
73⤵
PID:1040

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
74⤵
PID:896

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
75⤵
PID:860

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
76⤵
PID:1752

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
77⤵
PID:828

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
78⤵
PID:1748

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
79⤵
PID:760

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
80⤵
PID:1504

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
81⤵
PID:1716

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
82⤵
PID:268

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
83⤵
PID:856

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
84⤵
PID:1112

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
85⤵
PID:1044

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
86⤵
PID:560

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
87⤵
PID:824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
88⤵
PID:860

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
89⤵
PID:1836

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
90⤵
PID:944

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
91⤵
PID:1748

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
92⤵
PID:1284

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
93⤵
PID:1504

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
94⤵
PID:1716

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
95⤵
PID:1156

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
96⤵
PID:744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
97⤵
PID:1824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
98⤵
PID:1292

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
99⤵
PID:560

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
100⤵
PID:1844

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
101⤵
PID:860

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
102⤵
PID:1804

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
103⤵
PID:1904

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
104⤵
PID:1624

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
105⤵
PID:736

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
106⤵
PID:1872

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
107⤵
PID:1764

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
108⤵
PID:1100

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
109⤵
PID:2040

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
110⤵
PID:960

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
111⤵
PID:896

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
112⤵
PID:308

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
113⤵
PID:1368

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
114⤵
PID:1992

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
115⤵
PID:572

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
116⤵
PID:1408

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
117⤵
PID:1624

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
118⤵
PID:1632

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
119⤵
PID:1872

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
120⤵
PID:1020

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
121⤵
PID:268

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
122⤵
PID:1900

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
123⤵
PID:1044

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
124⤵
PID:896

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
125⤵
PID:904

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
126⤵
PID:1924

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
127⤵
PID:1384

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
128⤵
PID:1252

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
129⤵
PID:1660

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
130⤵
PID:484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
131⤵
PID:1624

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
132⤵
PID:1616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
133⤵
PID:788

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
134⤵
PID:1744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
135⤵
PID:1092

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
136⤵
PID:1832

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
137⤵
PID:664

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
138⤵
PID:1368

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
139⤵
PID:1680

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
95⤵
PID:1688

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
96⤵
PID:1164

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
97⤵
PID:304

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
98⤵
PID:812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
99⤵
PID:824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
100⤵
PID:1680

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
101⤵
PID:1536

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
102⤵
PID:752

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
103⤵
PID:1748

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
104⤵
PID:1768

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
105⤵
PID:1632

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
106⤵
PID:1504

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
107⤵
PID:1372

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
108⤵
PID:548

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
109⤵
PID:1720

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
110⤵
PID:2028

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
111⤵
PID:1344

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
112⤵
PID:824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
113⤵
PID:1924

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:928

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:1100

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
PID:836

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
27⤵
PID:1320

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
28⤵
PID:1764

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
29⤵
PID:1164

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
30⤵
PID:1092

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
31⤵
PID:1328

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
32⤵
PID:1836

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
33⤵
PID:1924

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
34⤵
PID:1252

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
35⤵
PID:572

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
36⤵
PID:1872

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
37⤵
PID:1564

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
38⤵
PID:856

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
39⤵
PID:548

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
PID:1020

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
PID:1044

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
42⤵
PID:1700

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
43⤵
PID:1344

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
44⤵
PID:1160

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
45⤵
PID:956

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
46⤵
PID:1544

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
47⤵
PID:1644

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
48⤵
PID:1348

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
49⤵
PID:1504

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
50⤵
PID:1920

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
51⤵
PID:836

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
52⤵
PID:788

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
53⤵
PID:304

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
54⤵
PID:1732

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
55⤵
PID:2016

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
56⤵
PID:1056

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
57⤵
PID:1672

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
58⤵
PID:956

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
59⤵
PID:816

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
60⤵
PID:1644

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
61⤵
PID:1984

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
62⤵
PID:1492

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
63⤵
PID:1920

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
64⤵
PID:744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
65⤵
PID:524

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
66⤵
PID:1164

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
67⤵
PID:1280

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
68⤵
PID:1188

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
69⤵
PID:1384

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
70⤵
PID:1496

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
71⤵
PID:752

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
PID:1292

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
PID:484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
PID:1700

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:668

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
PID:1900

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
PID:652

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
PID:1072

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
PID:752

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
PID:1716

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
18⤵
PID:692

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
PID:1252

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
PID:1744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
PID:1040

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
PID:1992

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
PID:1796

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:1564

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:1660

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
PID:1020

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
27⤵
PID:1348

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
PID:472

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
1⤵
PID:1068

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
2⤵
PID:524

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
3⤵
PID:1608

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
4⤵
PID:1380

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
5⤵
PID:1284

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
6⤵
PID:1368

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
7⤵
PID:1564

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
PID:1148

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
PID:1624

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
PID:1252

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
PID:1160

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
PID:1900

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
PID:752

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
PID:1368

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
7⤵
PID:1484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
PID:1408

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
PID:1184

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
PID:304

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
PID:744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:788

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
PID:1536

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
PID:928

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
PID:484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
PID:1044

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
PID:1148

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
18⤵
PID:1020

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
PID:1744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
PID:332

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
PID:1040

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
PID:1092

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
PID:1536

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:2004

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:816

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
PID:1484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
27⤵
PID:1408

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
28⤵
PID:1688

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
29⤵
PID:560

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
30⤵
PID:896

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
PID:1388

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
PID:1160

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
PID:812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
PID:1844

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
PID:1536

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:1716

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:1336

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
PID:1624

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
1⤵
PID:824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
2⤵
PID:1680

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
3⤵
PID:752

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
4⤵
PID:2012

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
5⤵
PID:816

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
6⤵
PID:1484

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
7⤵
PID:1408

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
8⤵
PID:304

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
9⤵
PID:1328

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
10⤵
PID:1160

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
11⤵
PID:1900

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
12⤵
PID:1680

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
13⤵
PID:752

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
PID:1716

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
PID:536

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
PID:1320

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
PID:1344

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
18⤵
PID:1700

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
PID:1328

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
PID:928

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
PID:572

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
PID:1680

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
PID:1044

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:1716

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:536

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
PID:1320

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
27⤵
PID:1408

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
28⤵
PID:1388

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
29⤵
PID:616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
30⤵
PID:1672

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
31⤵
PID:1072

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
32⤵
PID:836

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
33⤵
PID:640

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
34⤵
PID:856

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
35⤵
PID:268

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
36⤵
PID:968

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
37⤵
PID:668

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
38⤵
PID:1344

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
39⤵
PID:824

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
PID:812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
PID:572

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
42⤵
PID:2004

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
43⤵
PID:1616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
44⤵
PID:2012

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
45⤵
PID:1812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
46⤵
PID:1520

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
14⤵
PID:2004

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
15⤵
PID:1336

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
16⤵
PID:936

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
17⤵
PID:1492

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
18⤵
PID:1616

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
19⤵
PID:2028

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
20⤵
PID:304

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
21⤵
PID:1812

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
22⤵
PID:2016

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
23⤵
PID:1992

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
24⤵
PID:956

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
25⤵
PID:1252

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
26⤵
PID:928

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
27⤵
PID:1780

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
28⤵
PID:1336

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
29⤵
PID:792

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
30⤵
PID:268

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
31⤵
PID:640

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
32⤵
PID:1744

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
33⤵
PID:304

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
34⤵
PID:1184

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
35⤵
PID:1160

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
36⤵
PID:1188

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
37⤵
PID:1544

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
38⤵
PID:944

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
39⤵
PID:928

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
40⤵
PID:1644

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
41⤵
PID:1336

C:\Windows\SysWOW64\LSASSMGR.EXE
"C:\Windows\system32\LSASSMGR.EXE"
42⤵
PID:1068

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Internet Explorer\iexplor.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\lssmon.exe
MD5
333aa09c7f0685b0c36a36e6814317e9

SHA1
4f54963ca76bd9c211100ae2d9681974f22816c8

SHA256
f38ead7aff865bbdb37ae7d54f03c59a7a1748f633a2de2ea1dacdfc059be3df

SHA512
fab1a386639d6af98642d893e07dbcb4f7c777d68410c59b6ef1d052b9f8c73f28103afe755315e764deac01a7b7d3b5168f96bf4fcfa1904d9c224a91af20d0

Download Submit
C:\Windows\SysWOW64\spool.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\spool.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\spool.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\spool.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\spool.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\spool.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\spool.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\spool.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\spool.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\spool.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\spool.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
C:\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\lssmon.exe
MD5
333aa09c7f0685b0c36a36e6814317e9

SHA1
4f54963ca76bd9c211100ae2d9681974f22816c8

SHA256
f38ead7aff865bbdb37ae7d54f03c59a7a1748f633a2de2ea1dacdfc059be3df

SHA512
fab1a386639d6af98642d893e07dbcb4f7c777d68410c59b6ef1d052b9f8c73f28103afe755315e764deac01a7b7d3b5168f96bf4fcfa1904d9c224a91af20d0

Download Submit
\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
\Windows\SysWOW64\srtsrv32.exe
MD5
b46a6b2c6332a82c5eea358418e8b501

SHA1
6b8f31aa58f7c81b0277bf1aceb6e6c789f8d1b2

SHA256
cc2edd362d0257cf227c7726bcb62d7a6d02481b95f55dd587fe518453d08506

SHA512
d2e169fbd02943c9e95085b0be5b4391145c2daceb75df49afaeef561ccec1776fc70c1b621415782e59b67685bf50d66ae01b464c170399cd92aae68279c27e

Download Submit
memory/268-310-0x0000000000000000-mapping.dmp

Download
memory/268-817-0x0000000000000000-mapping.dmp

Download
memory/268-869-0x0000000000000000-mapping.dmp

Download
memory/268-447-0x0000000000000000-mapping.dmp

Download
memory/268-466-0x0000000000000000-mapping.dmp

Download
memory/268-615-0x0000000000000000-mapping.dmp

Download
memory/268-653-0x0000000000000000-mapping.dmp

Download
memory/268-253-0x0000000000000000-mapping.dmp

Download
memory/268-792-0x0000000000000000-mapping.dmp

Download
memory/268-766-0x0000000000000000-mapping.dmp

Download
memory/300-313-0x0000000000000000-mapping.dmp

Download
memory/300-148-0x0000000000000000-mapping.dmp

Download
memory/300-226-0x0000000000000000-mapping.dmp

Download
memory/304-191-0x0000000000000000-mapping.dmp

Download
memory/304-505-0x0000000000000000-mapping.dmp

Download
memory/304-164-0x0000000000000000-mapping.dmp

Download
memory/304-823-0x0000000000000000-mapping.dmp

Download
memory/304-873-0x0000000000000000-mapping.dmp

Download
memory/304-377-0x0000000000000000-mapping.dmp

Download
memory/304-676-0x0000000000000000-mapping.dmp

Download
memory/304-561-0x0000000000000000-mapping.dmp

Download
memory/304-797-0x0000000000000000-mapping.dmp

Download
memory/304-747-0x0000000000000000-mapping.dmp

Download
memory/308-319-0x0000000000000000-mapping.dmp

Download
memory/308-459-0x0000000000000000-mapping.dmp

Download
memory/308-133-0x0000000000000000-mapping.dmp

Download
memory/308-37-0x0000000000000000-mapping.dmp

Download
memory/308-851-0x0000000000000000-mapping.dmp

Download
memory/308-304-0x0000000000000000-mapping.dmp

Download
memory/308-569-0x0000000000000000-mapping.dmp

Download
memory/308-101-0x0000000000000000-mapping.dmp

Download
memory/308-161-0x0000000000000000-mapping.dmp

Download
memory/316-102-0x0000000000000000-mapping.dmp

Download
memory/332-525-0x0000000000000000-mapping.dmp

Download
memory/332-327-0x0000000000000000-mapping.dmp

Download
memory/332-368-0x0000000000000000-mapping.dmp

Download
memory/332-123-0x0000000000000000-mapping.dmp

Download
memory/332-177-0x0000000000000000-mapping.dmp

Download
memory/332-581-0x0000000000000000-mapping.dmp

Download
memory/344-217-0x0000000000000000-mapping.dmp

Download
memory/404-68-0x0000000000000000-mapping.dmp

Download
memory/432-297-0x0000000000000000-mapping.dmp

Download
memory/432-158-0x0000000000000000-mapping.dmp

Download
memory/432-185-0x0000000000000000-mapping.dmp

Download
memory/472-87-0x0000000000000000-mapping.dmp

Download
memory/472-294-0x0000000000000000-mapping.dmp

Download
memory/472-126-0x0000000000000000-mapping.dmp

Download
memory/484-412-0x0000000000000000-mapping.dmp

Download
memory/484-320-0x0000000000000000-mapping.dmp

Download
memory/484-651-0x0000000000000000-mapping.dmp

Download
memory/484-740-0x0000000000000000-mapping.dmp

Download
memory/484-887-0x0000000000000000-mapping.dmp

Download
memory/484-337-0x0000000000000000-mapping.dmp

Download
memory/484-356-0x0000000000000000-mapping.dmp

Download
memory/484-515-0x0000000000000000-mapping.dmp

Download
memory/484-272-0x0000000000000000-mapping.dmp

Download
memory/524-846-0x0000000000000000-mapping.dmp

Download
memory/524-423-0x0000000000000000-mapping.dmp

Download
memory/524-366-0x0000000000000000-mapping.dmp

Download
memory/524-524-0x0000000000000000-mapping.dmp

Download
memory/524-174-0x0000000000000000-mapping.dmp

Download
memory/524-771-0x0000000000000000-mapping.dmp

Download
memory/524-282-0x0000000000000000-mapping.dmp

Download
memory/524-471-0x0000000000000000-mapping.dmp

Download
memory/524-329-0x0000000000000000-mapping.dmp

Download
memory/532-24-0x0000000000000000-mapping.dmp

Download
memory/532-99-0x0000000000000000-mapping.dmp

Download
memory/536-576-0x0000000000000000-mapping.dmp

Download
memory/536-654-0x0000000000000000-mapping.dmp

Download
memory/536-596-0x0000000000000000-mapping.dmp

Download
memory/536-467-0x0000000000000000-mapping.dmp

Download
memory/548-896-0x0000000000000000-mapping.dmp

Download
memory/548-768-0x0000000000000000-mapping.dmp

Download
memory/548-719-0x0000000000000000-mapping.dmp

Download
memory/560-826-0x0000000000000000-mapping.dmp

Download
memory/560-522-0x0000000000000000-mapping.dmp

Download
memory/560-640-0x0000000000000000-mapping.dmp

Download
memory/560-254-0x0000000000000000-mapping.dmp

Download
memory/560-340-0x0000000000000000-mapping.dmp

Download
memory/560-502-0x0000000000000000-mapping.dmp

Download
memory/560-800-0x0000000000000000-mapping.dmp

Download
memory/560-543-0x0000000000000000-mapping.dmp

Download
memory/572-712-0x0000000000000000-mapping.dmp

Download
memory/572-222-0x0000000000000000-mapping.dmp

Download
memory/572-461-0x0000000000000000-mapping.dmp

Download
memory/572-443-0x0000000000000000-mapping.dmp

Download
memory/572-588-0x0000000000000000-mapping.dmp

Download
memory/572-627-0x0000000000000000-mapping.dmp

Download
memory/572-689-0x0000000000000000-mapping.dmp

Download
memory/572-348-0x0000000000000000-mapping.dmp

Download
memory/572-858-0x0000000000000000-mapping.dmp

Download
memory/608-97-0x0000000000000000-mapping.dmp

Download
memory/616-643-0x0000000000000000-mapping.dmp

Download
memory/616-604-0x0000000000000000-mapping.dmp

Download
memory/616-458-0x0000000000000000-mapping.dmp

Download
memory/616-138-0x0000000000000000-mapping.dmp

Download
memory/616-405-0x0000000000000000-mapping.dmp

Download
memory/616-333-0x0000000000000000-mapping.dmp

Download
memory/616-318-0x0000000000000000-mapping.dmp

Download
memory/640-819-0x0000000000000000-mapping.dmp

Download
memory/640-612-0x0000000000000000-mapping.dmp

Download
memory/640-718-0x0000000000000000-mapping.dmp

Download
memory/640-632-0x0000000000000000-mapping.dmp

Download
memory/652-666-0x0000000000000000-mapping.dmp

Download
memory/652-12-0x0000000000000000-mapping.dmp

Download
memory/652-534-0x0000000000000000-mapping.dmp

Download
memory/652-389-0x0000000000000000-mapping.dmp

Download
memory/652-573-0x0000000000000000-mapping.dmp

Download
memory/652-426-0x0000000000000000-mapping.dmp

Download
memory/652-176-0x0000000000000000-mapping.dmp

Download
memory/652-709-0x0000000000000000-mapping.dmp

Download
memory/664-902-0x0000000000000000-mapping.dmp

Download
memory/664-187-0x0000000000000000-mapping.dmp

Download
memory/664-243-0x0000000000000000-mapping.dmp

Download
memory/664-300-0x0000000000000000-mapping.dmp

Download
memory/664-271-0x0000000000000000-mapping.dmp

Download
memory/668-657-0x0000000000000000-mapping.dmp

Download
memory/668-418-0x0000000000000000-mapping.dmp

Download
memory/668-188-0x0000000000000000-mapping.dmp

Download
memory/668-274-0x0000000000000000-mapping.dmp

Download
memory/668-218-0x0000000000000000-mapping.dmp

Download
memory/668-619-0x0000000000000000-mapping.dmp

Download
memory/668-490-0x0000000000000000-mapping.dmp

Download
memory/668-135-0x0000000000000000-mapping.dmp

Download
memory/692-280-0x0000000000000000-mapping.dmp

Download
memory/692-322-0x0000000000000000-mapping.dmp

Download
memory/692-122-0x0000000000000000-mapping.dmp

Download
memory/692-434-0x0000000000000000-mapping.dmp

Download
memory/736-837-0x0000000000000000-mapping.dmp

Download
memory/744-248-0x0000000000000000-mapping.dmp

Download
memory/744-820-0x0000000000000000-mapping.dmp

Download
memory/744-425-0x0000000000000000-mapping.dmp

Download
memory/744-769-0x0000000000000000-mapping.dmp

Download
memory/744-70-0x0000000000000000-mapping.dmp

Download
memory/744-277-0x0000000000000000-mapping.dmp

Download
memory/744-508-0x0000000000000000-mapping.dmp

Download
memory/752-572-0x0000000000000000-mapping.dmp

Download
memory/752-884-0x0000000000000000-mapping.dmp

Download
memory/752-784-0x0000000000000000-mapping.dmp

Download
memory/752-495-0x0000000000000000-mapping.dmp

Download
memory/752-552-0x0000000000000000-mapping.dmp

Download
memory/752-430-0x0000000000000000-mapping.dmp

Download
memory/760-785-0x0000000000000000-mapping.dmp

Download
memory/760-238-0x0000000000000000-mapping.dmp

Download
memory/780-165-0x0000000000000000-mapping.dmp

Download
memory/780-108-0x0000000000000000-mapping.dmp

Download
memory/788-893-0x0000000000000000-mapping.dmp

Download
memory/788-659-0x0000000000000000-mapping.dmp

Download
memory/788-745-0x0000000000000000-mapping.dmp

Download
memory/788-509-0x0000000000000000-mapping.dmp

Download
memory/788-194-0x0000000000000000-mapping.dmp

Download
memory/788-424-0x0000000000000000-mapping.dmp

Download
memory/788-251-0x0000000000000000-mapping.dmp

Download
memory/788-110-0x0000000000000000-mapping.dmp

Download
memory/792-239-0x0000000000000000-mapping.dmp

Download
memory/792-815-0x0000000000000000-mapping.dmp

Download
memory/812-353-0x0000000000000000-mapping.dmp

Download
memory/812-585-0x0000000000000000-mapping.dmp

Download
memory/812-605-0x0000000000000000-mapping.dmp

Download
memory/812-330-0x0000000000000000-mapping.dmp

Download
memory/812-391-0x0000000000000000-mapping.dmp

Download
memory/812-625-0x0000000000000000-mapping.dmp

Download
memory/812-547-0x0000000000000000-mapping.dmp

Download
memory/812-105-0x0000000000000000-mapping.dmp

Download
memory/812-876-0x0000000000000000-mapping.dmp

Download
memory/812-301-0x0000000000000000-mapping.dmp

Download
memory/816-649-0x0000000000000000-mapping.dmp

Download
memory/816-759-0x0000000000000000-mapping.dmp

Download
memory/816-535-0x0000000000000000-mapping.dmp

Download
memory/816-555-0x0000000000000000-mapping.dmp

Download
memory/816-516-0x0000000000000000-mapping.dmp

Download
memory/824-406-0x0000000000000000-mapping.dmp

Download
memory/824-548-0x0000000000000000-mapping.dmp

Download
memory/824-904-0x0000000000000000-mapping.dmp

Download
memory/824-491-0x0000000000000000-mapping.dmp

Download
memory/824-623-0x0000000000000000-mapping.dmp

Download
memory/824-665-0x0000000000000000-mapping.dmp

Download
memory/824-878-0x0000000000000000-mapping.dmp

Download
memory/824-229-0x0000000000000000-mapping.dmp

Download
memory/824-644-0x0000000000000000-mapping.dmp

Download
memory/824-802-0x0000000000000000-mapping.dmp

Download
memory/824-308-0x0000000000000000-mapping.dmp

Download
memory/828-782-0x0000000000000000-mapping.dmp

Download
memory/828-477-0x0000000000000000-mapping.dmp

Download
memory/828-532-0x0000000000000000-mapping.dmp

Download
memory/828-730-0x0000000000000000-mapping.dmp

Download
memory/828-756-0x0000000000000000-mapping.dmp

Download
memory/836-609-0x0000000000000000-mapping.dmp

Download
memory/836-743-0x0000000000000000-mapping.dmp

Download
memory/836-694-0x0000000000000000-mapping.dmp

Download
memory/836-479-0x0000000000000000-mapping.dmp

Download
memory/848-230-0x0000000000000000-mapping.dmp

Download
memory/848-284-0x0000000000000000-mapping.dmp

Download
memory/848-864-0x0000000000000000-mapping.dmp

Download
memory/856-793-0x0000000000000000-mapping.dmp

Download
memory/856-613-0x0000000000000000-mapping.dmp

Download
memory/856-717-0x0000000000000000-mapping.dmp

Download
memory/860-171-0x0000000000000000-mapping.dmp

Download
memory/860-803-0x0000000000000000-mapping.dmp

Download
memory/860-777-0x0000000000000000-mapping.dmp

Download
memory/860-311-0x0000000000000000-mapping.dmp

Download
memory/860-829-0x0000000000000000-mapping.dmp

Download
memory/860-343-0x0000000000000000-mapping.dmp

Download
memory/860-73-0x0000000000000000-mapping.dmp

Download
memory/896-849-0x0000000000000000-mapping.dmp

Download
memory/896-680-0x0000000000000000-mapping.dmp

Download
memory/896-546-0x0000000000000000-mapping.dmp

Download
memory/896-875-0x0000000000000000-mapping.dmp

Download
memory/896-601-0x0000000000000000-mapping.dmp

Download
memory/896-775-0x0000000000000000-mapping.dmp

Download
memory/904-360-0x0000000000000000-mapping.dmp

Download
memory/904-877-0x0000000000000000-mapping.dmp

Download
memory/904-728-0x0000000000000000-mapping.dmp

Download
memory/904-664-0x0000000000000000-mapping.dmp

Download
memory/904-754-0x0000000000000000-mapping.dmp

Download
memory/904-339-0x0000000000000000-mapping.dmp

Download
memory/916-273-0x0000000000000000-mapping.dmp

Download
memory/928-690-0x0000000000000000-mapping.dmp

Download
memory/928-809-0x0000000000000000-mapping.dmp

Download
memory/928-303-0x0000000000000000-mapping.dmp

Download
memory/928-836-0x0000000000000000-mapping.dmp

Download
memory/928-586-0x0000000000000000-mapping.dmp

Download
memory/928-246-0x0000000000000000-mapping.dmp

Download
memory/928-626-0x0000000000000000-mapping.dmp

Download
memory/928-106-0x0000000000000000-mapping.dmp

Download
memory/928-646-0x0000000000000000-mapping.dmp

Download
memory/928-513-0x0000000000000000-mapping.dmp

Download
memory/936-789-0x0000000000000000-mapping.dmp

Download
memory/936-292-0x0000000000000000-mapping.dmp

Download
memory/936-206-0x0000000000000000-mapping.dmp

Download
memory/936-262-0x0000000000000000-mapping.dmp

Download
memory/944-536-0x0000000000000000-mapping.dmp

Download
memory/944-373-0x0000000000000000-mapping.dmp

Download
memory/944-464-0x0000000000000000-mapping.dmp

Download
memory/944-648-0x0000000000000000-mapping.dmp

Download
memory/944-807-0x0000000000000000-mapping.dmp

Download
memory/944-205-0x0000000000000000-mapping.dmp

Download
memory/944-834-0x0000000000000000-mapping.dmp

Download
memory/956-663-0x0000000000000000-mapping.dmp

Download
memory/956-528-0x0000000000000000-mapping.dmp

Download
memory/956-731-0x0000000000000000-mapping.dmp

Download
memory/956-567-0x0000000000000000-mapping.dmp

Download
memory/956-806-0x0000000000000000-mapping.dmp

Download
memory/956-757-0x0000000000000000-mapping.dmp

Download
memory/960-678-0x0000000000000000-mapping.dmp

Download
memory/960-847-0x0000000000000000-mapping.dmp

Download
memory/960-748-0x0000000000000000-mapping.dmp

Download
memory/960-655-0x0000000000000000-mapping.dmp

Download
memory/960-170-0x0000000000000000-mapping.dmp

Download
memory/960-385-0x0000000000000000-mapping.dmp

Download
memory/960-256-0x0000000000000000-mapping.dmp

Download
memory/968-275-0x0000000000000000-mapping.dmp

Download
memory/968-506-0x0000000000000000-mapping.dmp

Download
memory/968-617-0x0000000000000000-mapping.dmp

Download
memory/968-770-0x0000000000000000-mapping.dmp

Download
memory/968-244-0x0000000000000000-mapping.dmp

Download
memory/968-364-0x0000000000000000-mapping.dmp

Download
memory/972-419-0x0000000000000000-mapping.dmp

Download
memory/972-341-0x0000000000000000-mapping.dmp

Download
memory/972-323-0x0000000000000000-mapping.dmp

Download
memory/972-362-0x0000000000000000-mapping.dmp

Download
memory/980-266-0x0000000000000000-mapping.dmp

Download
memory/980-104-0x0000000000000000-mapping.dmp

Download
memory/1020-616-0x0000000000000000-mapping.dmp

Download
memory/1020-637-0x0000000000000000-mapping.dmp

Download
memory/1020-868-0x0000000000000000-mapping.dmp

Download
memory/1020-449-0x0000000000000000-mapping.dmp

Download
memory/1020-541-0x0000000000000000-mapping.dmp

Download
memory/1020-521-0x0000000000000000-mapping.dmp

Download
memory/1020-398-0x0000000000000000-mapping.dmp

Download
memory/1020-245-0x0000000000000000-mapping.dmp

Download
memory/1020-721-0x0000000000000000-mapping.dmp

Download
memory/1028-268-0x0000000000000000-mapping.dmp

Download
memory/1028-103-0x0000000000000000-mapping.dmp

Download
memory/1032-141-0x0000000000000000-mapping.dmp

Download
memory/1036-213-0x0000000000000000-mapping.dmp

Download
memory/1036-295-0x0000000000000000-mapping.dmp

Download
memory/1040-848-0x0000000000000000-mapping.dmp

Download
memory/1040-258-0x0000000000000000-mapping.dmp

Download
memory/1040-774-0x0000000000000000-mapping.dmp

Download
memory/1040-701-0x0000000000000000-mapping.dmp

Download
memory/1040-440-0x0000000000000000-mapping.dmp

Download
memory/1040-527-0x0000000000000000-mapping.dmp

Download
memory/1040-150-0x0000000000000000-mapping.dmp

Download
memory/1044-723-0x0000000000000000-mapping.dmp

Download
memory/1044-874-0x0000000000000000-mapping.dmp

Download
memory/1044-592-0x0000000000000000-mapping.dmp

Download
memory/1044-798-0x0000000000000000-mapping.dmp

Download
memory/1044-518-0x0000000000000000-mapping.dmp

Download
memory/1056-753-0x0000000000000000-mapping.dmp

Download
memory/1056-704-0x0000000000000000-mapping.dmp

Download
memory/1060-290-0x0000000000000000-mapping.dmp

Download
memory/1060-131-0x0000000000000000-mapping.dmp

Download
memory/1060-209-0x0000000000000000-mapping.dmp

Download
memory/1064-260-0x0000000000000000-mapping.dmp

Download
memory/1064-81-0x0000000000000000-mapping.dmp

Download
memory/1064-120-0x0000000000000000-mapping.dmp

Download
memory/1064-175-0x0000000000000000-mapping.dmp

Download
memory/1064-202-0x0000000000000000-mapping.dmp

Download
memory/1068-842-0x0000000000000000-mapping.dmp

Download
memory/1068-674-0x0000000000000000-mapping.dmp

Download
memory/1068-332-0x0000000000000000-mapping.dmp

Download
memory/1068-469-0x0000000000000000-mapping.dmp

Download
memory/1068-422-0x0000000000000000-mapping.dmp

Download
memory/1072-498-0x0000000000000000-mapping.dmp

Download
memory/1072-335-0x0000000000000000-mapping.dmp

Download
memory/1072-427-0x0000000000000000-mapping.dmp

Download
memory/1072-463-0x0000000000000000-mapping.dmp

Download
memory/1072-608-0x0000000000000000-mapping.dmp

Download
memory/1092-529-0x0000000000000000-mapping.dmp

Download
memory/1092-702-0x0000000000000000-mapping.dmp

Download
memory/1092-897-0x0000000000000000-mapping.dmp

Download
memory/1100-371-0x0000000000000000-mapping.dmp

Download
memory/1100-742-0x0000000000000000-mapping.dmp

Download
memory/1100-595-0x0000000000000000-mapping.dmp

Download
memory/1100-445-0x0000000000000000-mapping.dmp

Download
memory/1100-843-0x0000000000000000-mapping.dmp

Download
memory/1100-692-0x0000000000000000-mapping.dmp

Download
memory/1112-744-0x0000000000000000-mapping.dmp

Download
memory/1112-439-0x0000000000000000-mapping.dmp

Download
memory/1112-526-0x0000000000000000-mapping.dmp

Download
memory/1112-190-0x0000000000000000-mapping.dmp

Download
memory/1112-795-0x0000000000000000-mapping.dmp

Download
memory/1112-219-0x0000000000000000-mapping.dmp

Download
memory/1148-151-0x0000000000000000-mapping.dmp

Download
memory/1148-483-0x0000000000000000-mapping.dmp

Download
memory/1148-520-0x0000000000000000-mapping.dmp

Download
memory/1148-465-0x0000000000000000-mapping.dmp

Download
memory/1148-89-0x0000000000000000-mapping.dmp

Download
memory/1156-818-0x0000000000000000-mapping.dmp

Download
memory/1156-375-0x0000000000000000-mapping.dmp

Download
memory/1156-677-0x0000000000000000-mapping.dmp

Download
memory/1156-597-0x0000000000000000-mapping.dmp

Download
memory/1156-618-0x0000000000000000-mapping.dmp

Download
memory/1160-489-0x0000000000000000-mapping.dmp

Download
memory/1160-249-0x0000000000000000-mapping.dmp

Download
memory/1160-438-0x0000000000000000-mapping.dmp

Download
memory/1160-683-0x0000000000000000-mapping.dmp

Download
memory/1160-545-0x0000000000000000-mapping.dmp

Download
memory/1160-305-0x0000000000000000-mapping.dmp

Download
memory/1160-729-0x0000000000000000-mapping.dmp

Download
memory/1160-566-0x0000000000000000-mapping.dmp

Download
memory/1160-827-0x0000000000000000-mapping.dmp

Download
memory/1160-107-0x0000000000000000-mapping.dmp

Download
memory/1160-854-0x0000000000000000-mapping.dmp

Download
memory/1164-700-0x0000000000000000-mapping.dmp

Download
memory/1164-603-0x0000000000000000-mapping.dmp

Download
memory/1164-773-0x0000000000000000-mapping.dmp

Download
memory/1164-281-0x0000000000000000-mapping.dmp

Download
memory/1164-872-0x0000000000000000-mapping.dmp

Download
memory/1184-384-0x0000000000000000-mapping.dmp

Download
memory/1184-503-0x0000000000000000-mapping.dmp

Download
memory/1184-560-0x0000000000000000-mapping.dmp

Download
memory/1184-825-0x0000000000000000-mapping.dmp

Download
memory/1184-600-0x0000000000000000-mapping.dmp

Download
memory/1184-726-0x0000000000000000-mapping.dmp

Download
memory/1184-620-0x0000000000000000-mapping.dmp

Download
memory/1184-660-0x0000000000000000-mapping.dmp

Download
memory/1188-686-0x0000000000000000-mapping.dmp

Download
memory/1188-830-0x0000000000000000-mapping.dmp

Download
memory/1188-778-0x0000000000000000-mapping.dmp

Download
memory/1252-487-0x0000000000000000-mapping.dmp

Download
memory/1252-808-0x0000000000000000-mapping.dmp

Download
memory/1252-453-0x0000000000000000-mapping.dmp

Download
memory/1252-436-0x0000000000000000-mapping.dmp

Download
memory/1252-710-0x0000000000000000-mapping.dmp

Download
memory/1252-883-0x0000000000000000-mapping.dmp

Download
memory/1256-370-0x0000000000000000-mapping.dmp

Download
memory/1256-269-0x0000000000000000-mapping.dmp

Download
memory/1256-189-0x0000000000000000-mapping.dmp

Download
memory/1256-656-0x0000000000000000-mapping.dmp

Download
memory/1256-317-0x0000000000000000-mapping.dmp

Download
memory/1256-349-0x0000000000000000-mapping.dmp

Download
memory/1256-134-0x0000000000000000-mapping.dmp

Download
memory/1256-388-0x0000000000000000-mapping.dmp

Download
memory/1256-850-0x0000000000000000-mapping.dmp

Download
memory/1280-357-0x0000000000000000-mapping.dmp

Download
memory/1280-642-0x0000000000000000-mapping.dmp

Download
memory/1280-429-0x0000000000000000-mapping.dmp

Download
memory/1280-776-0x0000000000000000-mapping.dmp

Download
memory/1284-610-0x0000000000000000-mapping.dmp

Download
memory/1284-478-0x0000000000000000-mapping.dmp

Download
memory/1284-630-0x0000000000000000-mapping.dmp

Download
memory/1284-650-0x0000000000000000-mapping.dmp

Download
memory/1284-811-0x0000000000000000-mapping.dmp

Download
memory/1284-410-0x0000000000000000-mapping.dmp

Download
memory/1284-496-0x0000000000000000-mapping.dmp

Download
memory/1292-750-0x0000000000000000-mapping.dmp

Download
memory/1292-512-0x0000000000000000-mapping.dmp

Download
memory/1292-824-0x0000000000000000-mapping.dmp

Download
memory/1292-460-0x0000000000000000-mapping.dmp

Download
memory/1292-408-0x0000000000000000-mapping.dmp

Download
memory/1296-215-0x0000000000000000-mapping.dmp

Download
memory/1296-55-0x0000000000000000-mapping.dmp

Download
memory/1300-734-0x0000000000000000-mapping.dmp

Download
memory/1300-667-0x0000000000000000-mapping.dmp

Download
memory/1300-298-0x0000000000000000-mapping.dmp

Download
memory/1300-760-0x0000000000000000-mapping.dmp

Download
memory/1300-241-0x0000000000000000-mapping.dmp

Download
memory/1316-237-0x0000000000000000-mapping.dmp

Download
memory/1316-857-0x0000000000000000-mapping.dmp

Download
memory/1316-86-0x0000000000000000-mapping.dmp

Download
memory/1320-696-0x0000000000000000-mapping.dmp

Download
memory/1320-578-0x0000000000000000-mapping.dmp

Download
memory/1320-598-0x0000000000000000-mapping.dmp

Download
memory/1320-635-0x0000000000000000-mapping.dmp

Download
memory/1320-720-0x0000000000000000-mapping.dmp

Download
memory/1320-746-0x0000000000000000-mapping.dmp

Download
memory/1320-414-0x0000000000000000-mapping.dmp

Download
memory/1320-772-0x0000000000000000-mapping.dmp

Download
memory/1320-486-0x0000000000000000-mapping.dmp

Download
memory/1328-703-0x0000000000000000-mapping.dmp

Download
memory/1328-584-0x0000000000000000-mapping.dmp

Download
memory/1328-488-0x0000000000000000-mapping.dmp

Download
memory/1328-250-0x0000000000000000-mapping.dmp

Download
memory/1328-564-0x0000000000000000-mapping.dmp

Download
memory/1328-143-0x0000000000000000-mapping.dmp

Download
memory/1336-556-0x0000000000000000-mapping.dmp

Download
memory/1336-813-0x0000000000000000-mapping.dmp

Download
memory/1336-517-0x0000000000000000-mapping.dmp

Download
memory/1336-787-0x0000000000000000-mapping.dmp

Download
memory/1336-839-0x0000000000000000-mapping.dmp

Download
memory/1344-727-0x0000000000000000-mapping.dmp

Download
memory/1344-901-0x0000000000000000-mapping.dmp

Download
memory/1344-450-0x0000000000000000-mapping.dmp

Download
memory/1344-411-0x0000000000000000-mapping.dmp

Download
memory/1344-621-0x0000000000000000-mapping.dmp

Download
memory/1344-580-0x0000000000000000-mapping.dmp

Download
memory/1344-540-0x0000000000000000-mapping.dmp

Download
memory/1344-336-0x0000000000000000-mapping.dmp

Download
memory/1344-681-0x0000000000000000-mapping.dmp

Download
memory/1348-451-0x0000000000000000-mapping.dmp

Download
memory/1348-575-0x0000000000000000-mapping.dmp

Download
memory/1348-713-0x0000000000000000-mapping.dmp

Download
memory/1348-220-0x0000000000000000-mapping.dmp

Download
memory/1348-737-0x0000000000000000-mapping.dmp

Download
memory/1348-302-0x0000000000000000-mapping.dmp

Download
memory/1348-484-0x0000000000000000-mapping.dmp

Download
memory/1348-137-0x0000000000000000-mapping.dmp

Download
memory/1368-853-0x0000000000000000-mapping.dmp

Download
memory/1368-647-0x0000000000000000-mapping.dmp

Download
memory/1368-497-0x0000000000000000-mapping.dmp

Download
memory/1368-480-0x0000000000000000-mapping.dmp

Download
memory/1368-903-0x0000000000000000-mapping.dmp

Download
memory/1372-563-0x0000000000000000-mapping.dmp

Download
memory/1372-894-0x0000000000000000-mapping.dmp

Download
memory/1372-359-0x0000000000000000-mapping.dmp

Download
memory/1372-583-0x0000000000000000-mapping.dmp

Download
memory/1372-452-0x0000000000000000-mapping.dmp

Download
memory/1372-395-0x0000000000000000-mapping.dmp

Download
memory/1372-470-0x0000000000000000-mapping.dmp

Download
memory/1380-571-0x0000000000000000-mapping.dmp

Download
memory/1380-4-0x0000000000000000-mapping.dmp

Download
memory/1380-475-0x0000000000000000-mapping.dmp

Download
memory/1380-591-0x0000000000000000-mapping.dmp

Download
memory/1380-457-0x0000000000000000-mapping.dmp

Download
memory/1380-321-0x0000000000000000-mapping.dmp

Download
memory/1384-780-0x0000000000000000-mapping.dmp

Download
memory/1384-882-0x0000000000000000-mapping.dmp

Download
memory/1384-685-0x0000000000000000-mapping.dmp

Download
memory/1384-530-0x0000000000000000-mapping.dmp

Download
memory/1384-855-0x0000000000000000-mapping.dmp

Download
memory/1388-602-0x0000000000000000-mapping.dmp

Download
memory/1388-544-0x0000000000000000-mapping.dmp

Download
memory/1388-402-0x0000000000000000-mapping.dmp

Download
memory/1388-113-0x0000000000000000-mapping.dmp

Download
memory/1388-224-0x0000000000000000-mapping.dmp

Download
memory/1400-236-0x0000000000000000-mapping.dmp

Download
memory/1408-539-0x0000000000000000-mapping.dmp

Download
memory/1408-579-0x0000000000000000-mapping.dmp

Download
memory/1408-225-0x0000000000000000-mapping.dmp

Download
memory/1408-860-0x0000000000000000-mapping.dmp

Download
memory/1408-599-0x0000000000000000-mapping.dmp

Download
memory/1408-501-0x0000000000000000-mapping.dmp

Download
memory/1408-559-0x0000000000000000-mapping.dmp

Download
memory/1408-112-0x0000000000000000-mapping.dmp

Download
memory/1408-387-0x0000000000000000-mapping.dmp

Download
memory/1408-169-0x0000000000000000-mapping.dmp

Download
memory/1424-142-0x0000000000000000-mapping.dmp

Download
memory/1428-328-0x0000000000000000-mapping.dmp

Download
memory/1428-83-0x0000000000000000-mapping.dmp

Download
memory/1472-182-0x0000000000000000-mapping.dmp

Download
memory/1472-210-0x0000000000000000-mapping.dmp

Download
memory/1472-155-0x0000000000000000-mapping.dmp

Download
memory/1472-98-0x0000000000000000-mapping.dmp

Download
memory/1484-558-0x0000000000000000-mapping.dmp

Download
memory/1484-537-0x0000000000000000-mapping.dmp

Download
memory/1484-691-0x0000000000000000-mapping.dmp

Download
memory/1484-738-0x0000000000000000-mapping.dmp

Download
memory/1484-499-0x0000000000000000-mapping.dmp

Download
memory/1492-791-0x0000000000000000-mapping.dmp

Download
memory/1492-765-0x0000000000000000-mapping.dmp

Download
memory/1496-645-0x0000000000000000-mapping.dmp

Download
memory/1496-781-0x0000000000000000-mapping.dmp

Download
memory/1496-687-0x0000000000000000-mapping.dmp

Download
memory/1500-593-0x0000000000000000-mapping.dmp

Download
memory/1504-739-0x0000000000000000-mapping.dmp

Download
memory/1504-208-0x0000000000000000-mapping.dmp

Download
memory/1504-892-0x0000000000000000-mapping.dmp

Download
memory/1504-814-0x0000000000000000-mapping.dmp

Download
memory/1504-263-0x0000000000000000-mapping.dmp

Download
memory/1504-788-0x0000000000000000-mapping.dmp

Download
memory/1504-100-0x0000000000000000-mapping.dmp

Download
memory/1520-699-0x0000000000000000-mapping.dmp

Download
memory/1520-192-0x0000000000000000-mapping.dmp

Download
memory/1520-722-0x0000000000000000-mapping.dmp

Download
memory/1520-638-0x0000000000000000-mapping.dmp

Download
memory/1520-519-0x0000000000000000-mapping.dmp

Download
memory/1536-551-0x0000000000000000-mapping.dmp

Download
memory/1536-670-0x0000000000000000-mapping.dmp

Download
memory/1536-476-0x0000000000000000-mapping.dmp

Download
memory/1536-881-0x0000000000000000-mapping.dmp

Download
memory/1536-511-0x0000000000000000-mapping.dmp

Download
memory/1536-531-0x0000000000000000-mapping.dmp

Download
memory/1540-178-0x0000000000000000-mapping.dmp

Download
memory/1544-733-0x0000000000000000-mapping.dmp

Download
memory/1544-832-0x0000000000000000-mapping.dmp

Download
memory/1556-288-0x0000000000000000-mapping.dmp

Download
memory/1556-172-0x0000000000000000-mapping.dmp

Download
memory/1560-149-0x0000000000000000-mapping.dmp

Download
memory/1560-289-0x0000000000000000-mapping.dmp

Download
memory/1560-180-0x0000000000000000-mapping.dmp

Download
memory/1564-716-0x0000000000000000-mapping.dmp

Download
memory/1564-446-0x0000000000000000-mapping.dmp

Download
memory/1564-390-0x0000000000000000-mapping.dmp

Download
memory/1564-611-0x0000000000000000-mapping.dmp

Download
memory/1564-481-0x0000000000000000-mapping.dmp

Download
memory/1564-309-0x0000000000000000-mapping.dmp

Download
memory/1564-428-0x0000000000000000-mapping.dmp

Download
memory/1572-19-0x0000000000000000-mapping.dmp

Download
memory/1572-94-0x0000000000000000-mapping.dmp

Download
memory/1588-40-0x0000000000000000-mapping.dmp

Download
memory/1608-474-0x0000000000000000-mapping.dmp

Download
memory/1608-492-0x0000000000000000-mapping.dmp

Download
memory/1612-84-0x0000000000000000-mapping.dmp

Download
memory/1616-631-0x0000000000000000-mapping.dmp

Download
memory/1616-891-0x0000000000000000-mapping.dmp

Download
memory/1616-399-0x0000000000000000-mapping.dmp

Download
memory/1616-794-0x0000000000000000-mapping.dmp

Download
memory/1616-671-0x0000000000000000-mapping.dmp

Download
memory/1616-695-0x0000000000000000-mapping.dmp

Download
memory/1624-382-0x0000000000000000-mapping.dmp

Download
memory/1624-283-0x0000000000000000-mapping.dmp

Download
memory/1624-557-0x0000000000000000-mapping.dmp

Download
memory/1624-485-0x0000000000000000-mapping.dmp

Download
memory/1624-324-0x0000000000000000-mapping.dmp

Download
memory/1624-889-0x0000000000000000-mapping.dmp

Download
memory/1624-144-0x0000000000000000-mapping.dmp

Download
memory/1624-862-0x0000000000000000-mapping.dmp

Download
memory/1624-344-0x0000000000000000-mapping.dmp

Download
memory/1624-835-0x0000000000000000-mapping.dmp

Download
memory/1624-672-0x0000000000000000-mapping.dmp

Download
memory/1624-538-0x0000000000000000-mapping.dmp

Download
memory/1632-863-0x0000000000000000-mapping.dmp

Download
memory/1632-890-0x0000000000000000-mapping.dmp

Download
memory/1632-168-0x0000000000000000-mapping.dmp

Download
memory/1632-345-0x0000000000000000-mapping.dmp

Download
memory/1632-383-0x0000000000000000-mapping.dmp

Download
memory/1632-195-0x0000000000000000-mapping.dmp

Download
memory/1644-228-0x0000000000000000-mapping.dmp

Download
memory/1644-761-0x0000000000000000-mapping.dmp

Download
memory/1644-285-0x0000000000000000-mapping.dmp

Download
memory/1644-735-0x0000000000000000-mapping.dmp

Download
memory/1644-838-0x0000000000000000-mapping.dmp

Download
memory/1652-163-0x0000000000000000-mapping.dmp

Download
memory/1652-221-0x0000000000000000-mapping.dmp

Download
memory/1656-44-0x0000000000000000-mapping.dmp

Download
memory/1660-448-0x0000000000000000-mapping.dmp

Download
memory/1660-673-0x0000000000000000-mapping.dmp

Download
memory/1660-179-0x0000000000000000-mapping.dmp

Download
memory/1660-577-0x0000000000000000-mapping.dmp

Download
memory/1660-393-0x0000000000000000-mapping.dmp

Download
memory/1660-235-0x0000000000000000-mapping.dmp

Download
memory/1660-885-0x0000000000000000-mapping.dmp

Download
memory/1672-606-0x0000000000000000-mapping.dmp

Download
memory/1672-755-0x0000000000000000-mapping.dmp

Download
memory/1672-684-0x0000000000000000-mapping.dmp

Download
memory/1676-159-0x0000000000000000-mapping.dmp

Download
memory/1676-242-0x0000000000000000-mapping.dmp

Download
memory/1680-570-0x0000000000000000-mapping.dmp

Download
memory/1680-550-0x0000000000000000-mapping.dmp

Download
memory/1680-880-0x0000000000000000-mapping.dmp

Download
memory/1680-82-0x0000000000000000-mapping.dmp

Download
memory/1680-688-0x0000000000000000-mapping.dmp

Download
memory/1680-905-0x0000000000000000-mapping.dmp

Download
memory/1680-590-0x0000000000000000-mapping.dmp

Download
memory/1680-116-0x0000000000000000-mapping.dmp

Download
memory/1688-199-0x0000000000000000-mapping.dmp

Download
memory/1688-287-0x0000000000000000-mapping.dmp

Download
memory/1688-379-0x0000000000000000-mapping.dmp

Download
memory/1688-257-0x0000000000000000-mapping.dmp

Download
memory/1688-417-0x0000000000000000-mapping.dmp

Download
memory/1688-468-0x0000000000000000-mapping.dmp

Download
memory/1688-679-0x0000000000000000-mapping.dmp

Download
memory/1688-111-0x0000000000000000-mapping.dmp

Download
memory/1688-542-0x0000000000000000-mapping.dmp

Download
memory/1688-870-0x0000000000000000-mapping.dmp

Download
memory/1688-61-0x0000000000000000-mapping.dmp

Download
memory/1696-762-0x0000000000000000-mapping.dmp

Download
memory/1696-736-0x0000000000000000-mapping.dmp

Download
memory/1700-507-0x0000000000000000-mapping.dmp

Download
memory/1700-454-0x0000000000000000-mapping.dmp

Download
memory/1700-152-0x0000000000000000-mapping.dmp

Download
memory/1700-472-0x0000000000000000-mapping.dmp

Download
memory/1700-415-0x0000000000000000-mapping.dmp

Download
memory/1700-582-0x0000000000000000-mapping.dmp

Download
memory/1700-562-0x0000000000000000-mapping.dmp

Download
memory/1700-725-0x0000000000000000-mapping.dmp

Download
memory/1700-622-0x0000000000000000-mapping.dmp

Download
memory/1704-264-0x0000000000000000-mapping.dmp

Download
memory/1708-267-0x0000000000000000-mapping.dmp

Download
memory/1712-96-0x0000000000000000-mapping.dmp

Download
memory/1712-233-0x0000000000000000-mapping.dmp

Download
memory/1716-594-0x0000000000000000-mapping.dmp

Download
memory/1716-574-0x0000000000000000-mapping.dmp

Download
memory/1716-867-0x0000000000000000-mapping.dmp

Download
memory/1716-432-0x0000000000000000-mapping.dmp

Download
memory/1716-553-0x0000000000000000-mapping.dmp

Download
memory/1716-764-0x0000000000000000-mapping.dmp

Download
memory/1716-352-0x0000000000000000-mapping.dmp

Download
memory/1716-334-0x0000000000000000-mapping.dmp

Download
memory/1716-816-0x0000000000000000-mapping.dmp

Download
memory/1716-790-0x0000000000000000-mapping.dmp

Download
memory/1716-634-0x0000000000000000-mapping.dmp

Download
memory/1720-231-0x0000000000000000-mapping.dmp

Download
memory/1720-365-0x0000000000000000-mapping.dmp

Download
memory/1720-404-0x0000000000000000-mapping.dmp

Download
memory/1720-473-0x0000000000000000-mapping.dmp

Download
memory/1720-898-0x0000000000000000-mapping.dmp

Download
memory/1720-455-0x0000000000000000-mapping.dmp

Download
memory/1720-314-0x0000000000000000-mapping.dmp

Download
memory/1724-265-0x0000000000000000-mapping.dmp

Download
memory/1732-749-0x0000000000000000-mapping.dmp

Download
memory/1732-403-0x0000000000000000-mapping.dmp

Download
memory/1732-442-0x0000000000000000-mapping.dmp

Download
memory/1732-279-0x0000000000000000-mapping.dmp

Download
memory/1732-624-0x0000000000000000-mapping.dmp

Download
memory/1736-697-0x0000000000000000-mapping.dmp

Download
memory/1736-115-0x0000000000000000-mapping.dmp

Download
memory/1736-203-0x0000000000000000-mapping.dmp

Download
memory/1736-614-0x0000000000000000-mapping.dmp

Download
memory/1736-286-0x0000000000000000-mapping.dmp

Download
memory/1736-232-0x0000000000000000-mapping.dmp

Download
memory/1736-146-0x0000000000000000-mapping.dmp

Download
memory/1740-752-0x0000000000000000-mapping.dmp

Download
memory/1740-128-0x0000000000000000-mapping.dmp

Download
memory/1740-724-0x0000000000000000-mapping.dmp

Download
memory/1740-212-0x0000000000000000-mapping.dmp

Download
memory/1744-895-0x0000000000000000-mapping.dmp

Download
memory/1744-173-0x0000000000000000-mapping.dmp

Download
memory/1744-661-0x0000000000000000-mapping.dmp

Download
memory/1744-821-0x0000000000000000-mapping.dmp

Download
memory/1744-378-0x0000000000000000-mapping.dmp

Download
memory/1744-312-0x0000000000000000-mapping.dmp

Download
memory/1744-342-0x0000000000000000-mapping.dmp

Download
memory/1744-437-0x0000000000000000-mapping.dmp

Download
memory/1744-420-0x0000000000000000-mapping.dmp

Download
memory/1744-523-0x0000000000000000-mapping.dmp

Download
memory/1748-758-0x0000000000000000-mapping.dmp

Download
memory/1748-431-0x0000000000000000-mapping.dmp

Download
memory/1748-810-0x0000000000000000-mapping.dmp

Download
memory/1748-783-0x0000000000000000-mapping.dmp

Download
memory/1748-886-0x0000000000000000-mapping.dmp

Download
memory/1748-394-0x0000000000000000-mapping.dmp

Download
memory/1748-732-0x0000000000000000-mapping.dmp

Download
memory/1748-125-0x0000000000000000-mapping.dmp

Download
memory/1752-706-0x0000000000000000-mapping.dmp

Download
memory/1752-779-0x0000000000000000-mapping.dmp

Download
memory/1752-28-0x0000000000000000-mapping.dmp

Download
memory/1752-641-0x0000000000000000-mapping.dmp

Download
memory/1760-95-0x0000000000000000-mapping.dmp

Download
memory/1764-315-0x0000000000000000-mapping.dmp

Download
memory/1764-698-0x0000000000000000-mapping.dmp

Download
memory/1764-841-0x0000000000000000-mapping.dmp

Download
memory/1764-675-0x0000000000000000-mapping.dmp

Download
memory/1768-888-0x0000000000000000-mapping.dmp

Download
memory/1772-154-0x0000000000000000-mapping.dmp

Download
memory/1772-240-0x0000000000000000-mapping.dmp

Download
memory/1772-124-0x0000000000000000-mapping.dmp

Download
memory/1772-183-0x0000000000000000-mapping.dmp

Download
memory/1772-296-0x0000000000000000-mapping.dmp

Download
memory/1776-181-0x0000000000000000-mapping.dmp

Download
memory/1776-153-0x0000000000000000-mapping.dmp

Download
memory/1780-812-0x0000000000000000-mapping.dmp

Download
memory/1780-234-0x0000000000000000-mapping.dmp

Download
memory/1780-331-0x0000000000000000-mapping.dmp

Download
memory/1780-711-0x0000000000000000-mapping.dmp

Download
memory/1780-482-0x0000000000000000-mapping.dmp

Download
memory/1780-409-0x0000000000000000-mapping.dmp

Download
memory/1780-351-0x0000000000000000-mapping.dmp

Download
memory/1784-184-0x0000000000000000-mapping.dmp

Download
memory/1784-127-0x0000000000000000-mapping.dmp

Download
memory/1784-156-0x0000000000000000-mapping.dmp

Download
memory/1788-121-0x0000000000000000-mapping.dmp

Download
memory/1788-204-0x0000000000000000-mapping.dmp

Download
memory/1788-259-0x0000000000000000-mapping.dmp

Download
memory/1796-369-0x0000000000000000-mapping.dmp

Download
memory/1796-628-0x0000000000000000-mapping.dmp

Download
memory/1796-607-0x0000000000000000-mapping.dmp

Download
memory/1796-715-0x0000000000000000-mapping.dmp

Download
memory/1796-201-0x0000000000000000-mapping.dmp

Download
memory/1796-444-0x0000000000000000-mapping.dmp

Download
memory/1796-91-0x0000000000000000-mapping.dmp

Download
memory/1804-831-0x0000000000000000-mapping.dmp

Download
memory/1812-636-0x0000000000000000-mapping.dmp

Download
memory/1812-354-0x0000000000000000-mapping.dmp

Download
memory/1812-392-0x0000000000000000-mapping.dmp

Download
memory/1812-109-0x0000000000000000-mapping.dmp

Download
memory/1812-166-0x0000000000000000-mapping.dmp

Download
memory/1812-413-0x0000000000000000-mapping.dmp

Download
memory/1812-504-0x0000000000000000-mapping.dmp

Download
memory/1812-658-0x0000000000000000-mapping.dmp

Download
memory/1812-799-0x0000000000000000-mapping.dmp

Download
memory/1812-247-0x0000000000000000-mapping.dmp

Download
memory/1812-307-0x0000000000000000-mapping.dmp

Download
memory/1820-652-0x0000000000000000-mapping.dmp

Download
memory/1824-227-0x0000000000000000-mapping.dmp

Download
memory/1824-372-0x0000000000000000-mapping.dmp

Download
memory/1824-510-0x0000000000000000-mapping.dmp

Download
memory/1824-822-0x0000000000000000-mapping.dmp

Download
memory/1824-85-0x0000000000000000-mapping.dmp

Download
memory/1824-639-0x0000000000000000-mapping.dmp

Download
memory/1824-565-0x0000000000000000-mapping.dmp

Download
memory/1832-682-0x0000000000000000-mapping.dmp

Download
memory/1832-899-0x0000000000000000-mapping.dmp

Download
memory/1836-805-0x0000000000000000-mapping.dmp

Download
memory/1836-705-0x0000000000000000-mapping.dmp

Download
memory/1836-662-0x0000000000000000-mapping.dmp

Download
memory/1836-278-0x0000000000000000-mapping.dmp

Download
memory/1836-456-0x0000000000000000-mapping.dmp

Download
memory/1844-828-0x0000000000000000-mapping.dmp

Download
memory/1844-367-0x0000000000000000-mapping.dmp

Download
memory/1844-549-0x0000000000000000-mapping.dmp

Download
memory/1844-252-0x0000000000000000-mapping.dmp

Download
memory/1844-167-0x0000000000000000-mapping.dmp

Download
memory/1844-139-0x0000000000000000-mapping.dmp

Download
memory/1844-707-0x0000000000000000-mapping.dmp

Download
memory/1844-346-0x0000000000000000-mapping.dmp

Download
memory/1848-211-0x0000000000000000-mapping.dmp

Download
memory/1848-291-0x0000000000000000-mapping.dmp

Download
memory/1848-130-0x0000000000000000-mapping.dmp

Download
memory/1852-162-0x0000000000000000-mapping.dmp

Download
memory/1856-433-0x0000000000000000-mapping.dmp

Download
memory/1856-376-0x0000000000000000-mapping.dmp

Download
memory/1856-198-0x0000000000000000-mapping.dmp

Download
memory/1856-500-0x0000000000000000-mapping.dmp

Download
memory/1856-396-0x0000000000000000-mapping.dmp

Download
memory/1856-355-0x0000000000000000-mapping.dmp

Download
memory/1872-714-0x0000000000000000-mapping.dmp

Download
memory/1872-381-0x0000000000000000-mapping.dmp

Download
memory/1872-866-0x0000000000000000-mapping.dmp

Download
memory/1872-157-0x0000000000000000-mapping.dmp

Download
memory/1872-435-0x0000000000000000-mapping.dmp

Download
memory/1872-361-0x0000000000000000-mapping.dmp

Download
memory/1872-129-0x0000000000000000-mapping.dmp

Download
memory/1872-840-0x0000000000000000-mapping.dmp

Download
memory/1872-186-0x0000000000000000-mapping.dmp

Download
memory/1872-93-0x0000000000000000-mapping.dmp

Download
memory/1880-140-0x0000000000000000-mapping.dmp

Download
memory/1880-401-0x0000000000000000-mapping.dmp

Download
memory/1880-276-0x0000000000000000-mapping.dmp

Download
memory/1880-306-0x0000000000000000-mapping.dmp

Download
memory/1880-223-0x0000000000000000-mapping.dmp

Download
memory/1900-270-0x0000000000000000-mapping.dmp

Download
memory/1900-421-0x0000000000000000-mapping.dmp

Download
memory/1900-493-0x0000000000000000-mapping.dmp

Download
memory/1900-400-0x0000000000000000-mapping.dmp

Download
memory/1900-132-0x0000000000000000-mapping.dmp

Download
memory/1900-589-0x0000000000000000-mapping.dmp

Download
memory/1900-871-0x0000000000000000-mapping.dmp

Download
memory/1900-568-0x0000000000000000-mapping.dmp

Download
memory/1904-207-0x0000000000000000-mapping.dmp

Download
memory/1904-833-0x0000000000000000-mapping.dmp

Download
memory/1904-859-0x0000000000000000-mapping.dmp

Download
memory/1916-299-0x0000000000000000-mapping.dmp

Download
memory/1916-193-0x0000000000000000-mapping.dmp

Download
memory/1920-741-0x0000000000000000-mapping.dmp

Download
memory/1920-767-0x0000000000000000-mapping.dmp

Download
memory/1920-693-0x0000000000000000-mapping.dmp

Download
memory/1920-386-0x0000000000000000-mapping.dmp

Download
memory/1920-844-0x0000000000000000-mapping.dmp

Download
memory/1920-347-0x0000000000000000-mapping.dmp

Download
memory/1924-708-0x0000000000000000-mapping.dmp

Download
memory/1924-214-0x0000000000000000-mapping.dmp

Download
memory/1924-879-0x0000000000000000-mapping.dmp

Download
memory/1968-326-0x0000000000000000-mapping.dmp

Download
memory/1968-147-0x0000000000000000-mapping.dmp

Download
memory/1968-397-0x0000000000000000-mapping.dmp

Download
memory/1980-80-0x0000000000000000-mapping.dmp

Download
memory/1980-316-0x00000000023D0000-0x00000000023E1000-memory.dmp

Filesize
68KB

Download
memory/1980-90-0x00000000009A0000-0x00000000009B1000-memory.dmp

Filesize
68KB

Download
memory/1980-88-0x00000000009A0000-0x00000000009B1000-memory.dmp

Filesize
68KB

Download
memory/1984-763-0x0000000000000000-mapping.dmp

Download
memory/1984-160-0x0000000000000000-mapping.dmp

Download
memory/1988-261-0x0000000000000000-mapping.dmp

Download
memory/1988-363-0x0000000000000000-mapping.dmp

Download
memory/1992-856-0x0000000000000000-mapping.dmp

Download
memory/1992-200-0x0000000000000000-mapping.dmp

Download
memory/1992-804-0x0000000000000000-mapping.dmp

Download
memory/1992-350-0x0000000000000000-mapping.dmp

Download
memory/1992-441-0x0000000000000000-mapping.dmp

Download
memory/1992-668-0x0000000000000000-mapping.dmp

Download
memory/1996-114-0x0000000000000000-mapping.dmp

Download
memory/1996-8-0x0000000000000000-mapping.dmp

Download
memory/1996-118-0x0000000000000000-mapping.dmp

Download
memory/1996-117-0x0000000000000000-mapping.dmp

Download
memory/1996-119-0x0000000000000000-mapping.dmp

Download
memory/2004-669-0x0000000000000000-mapping.dmp

Download
memory/2004-145-0x0000000000000000-mapping.dmp

Download
memory/2004-629-0x0000000000000000-mapping.dmp

Download
memory/2004-533-0x0000000000000000-mapping.dmp

Download
memory/2004-786-0x0000000000000000-mapping.dmp

Download
memory/2004-374-0x0000000000000000-mapping.dmp

Download
memory/2008-861-0x0000000000000000-mapping.dmp

Download
memory/2012-633-0x0000000000000000-mapping.dmp

Download
memory/2012-494-0x0000000000000000-mapping.dmp

Download
memory/2012-197-0x0000000000000000-mapping.dmp

Download
memory/2012-407-0x0000000000000000-mapping.dmp

Download
memory/2012-554-0x0000000000000000-mapping.dmp

Download
memory/2012-865-0x0000000000000000-mapping.dmp

Download
memory/2016-751-0x0000000000000000-mapping.dmp

Download
memory/2016-255-0x0000000000000000-mapping.dmp

Download
memory/2016-514-0x0000000000000000-mapping.dmp

Download
memory/2016-338-0x0000000000000000-mapping.dmp

Download
memory/2016-358-0x0000000000000000-mapping.dmp

Download
memory/2016-587-0x0000000000000000-mapping.dmp

Download
memory/2016-462-0x0000000000000000-mapping.dmp

Download
memory/2016-196-0x0000000000000000-mapping.dmp

Download
memory/2016-801-0x0000000000000000-mapping.dmp

Download
memory/2020-293-0x0000000000000000-mapping.dmp

Download
memory/2024-325-0x0000000000000000-mapping.dmp

Download
memory/2024-380-0x0000000000000000-mapping.dmp

Download
memory/2024-416-0x0000000000000000-mapping.dmp

Download
memory/2028-900-0x0000000000000000-mapping.dmp

Download
memory/2028-796-0x0000000000000000-mapping.dmp

Download
memory/2040-845-0x0000000000000000-mapping.dmp

Download
memory/2044-136-0x0000000000000000-mapping.dmp

Download
memory/2044-852-0x0000000000000000-mapping.dmp

Download
memory/2044-216-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads