fakeav | fc4eb33426c0f6f1758877b12abce501068b9b8bb9b8ff4acf5e21a1742b3a90

Analysis

max time kernel
151s
max time network
152s
platform
windows10_x64
resource
win10v20201028
submitted
14-12-2020 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c043da38e5a8e996ec0380701514bf0f.exe
Size

5.4MB
MD5

c043da38e5a8e996ec0380701514bf0f
SHA1

379e9084f3a129447ab4ddf99153f0faffca8ec3
SHA256

fc4eb33426c0f6f1758877b12abce501068b9b8bb9b8ff4acf5e21a1742b3a90
SHA512

b6ce22c495e32e1cf45d872ce442f3afb18d4dbe2535b0c4c8e2c17f4ca7e3cd1d865af021e3f44f67ae4530a6bf525e82fe22063e5e1d0c95671ff02f79c644

Score

10^/10

fakeav xmrig fakeav miner persistence spyware

Malware Config

Signatures

FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
fakeav spyware fakeav
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

FakeAV payload 2 IoCs

fakeav spyware

resource	yara_rule
behavioral2/files/0x000100000001ab84-10.dat	fakeav
behavioral2/files/0x000100000001ab84-8.dat	fakeav

Executes dropped EXE 215 IoCs

pid	Process
3432	srtsrv32.exe
3732	LSASSMGR.EXE
3016	lssmon.exe
936	LSASSMGR.EXE
2916	srtsrv32.exe
3320	srtsrv32.exe
2732	srtsrv32.exe
3944	LSASSMGR.EXE
2632	LSASSMGR.EXE
3916	LSASSMGR.EXE
4088	LSASSMGR.EXE
4068	LSASSMGR.EXE
2608	LSASSMGR.EXE
2124	LSASSMGR.EXE
3820	LSASSMGR.EXE
1996	LSASSMGR.EXE
3040	LSASSMGR.EXE
3936	LSASSMGR.EXE
3552	LSASSMGR.EXE
508	LSASSMGR.EXE
1404	LSASSMGR.EXE
2908	LSASSMGR.EXE
1500	LSASSMGR.EXE
3012	LSASSMGR.EXE
3028	LSASSMGR.EXE
412	LSASSMGR.EXE
3956	LSASSMGR.EXE
4060	LSASSMGR.EXE
3268	LSASSMGR.EXE
2300	LSASSMGR.EXE
3540	LSASSMGR.EXE
2128	LSASSMGR.EXE
2616	LSASSMGR.EXE
1892	LSASSMGR.EXE
3424	LSASSMGR.EXE
1616	LSASSMGR.EXE
3804	LSASSMGR.EXE
3652	LSASSMGR.EXE
3532	LSASSMGR.EXE
2244	LSASSMGR.EXE
4092	LSASSMGR.EXE
1288	LSASSMGR.EXE
2200	LSASSMGR.EXE
1324	LSASSMGR.EXE
692	LSASSMGR.EXE
2148	LSASSMGR.EXE
2540	LSASSMGR.EXE
2180	LSASSMGR.EXE
2108	LSASSMGR.EXE
3912	LSASSMGR.EXE
2748	LSASSMGR.EXE
3680	LSASSMGR.EXE
3112	LSASSMGR.EXE
3632	LSASSMGR.EXE
2252	LSASSMGR.EXE
3796	LSASSMGR.EXE
2228	LSASSMGR.EXE
3472	LSASSMGR.EXE
4000	LSASSMGR.EXE
644	LSASSMGR.EXE
3928	LSASSMGR.EXE
1592	LSASSMGR.EXE
736	LSASSMGR.EXE
2724	LSASSMGR.EXE
3136	LSASSMGR.EXE
4036	LSASSMGR.EXE
3556	LSASSMGR.EXE
1120	LSASSMGR.EXE
2212	LSASSMGR.EXE
416	LSASSMGR.EXE
1260	LSASSMGR.EXE
2648	LSASSMGR.EXE
2284	LSASSMGR.EXE
3636	LSASSMGR.EXE
3952	LSASSMGR.EXE
2220	LSASSMGR.EXE
1888	LSASSMGR.EXE
3932	LSASSMGR.EXE
3480	LSASSMGR.EXE
3780	LSASSMGR.EXE
1388	LSASSMGR.EXE
3960	LSASSMGR.EXE
3908	LSASSMGR.EXE
3948	LSASSMGR.EXE
2720	LSASSMGR.EXE
1264	LSASSMGR.EXE
2184	LSASSMGR.EXE
4120	LSASSMGR.EXE
4220	LSASSMGR.EXE
4232	LSASSMGR.EXE
4308	LSASSMGR.EXE
4336	LSASSMGR.EXE
4376	LSASSMGR.EXE
4404	LSASSMGR.EXE
4512	LSASSMGR.EXE
4500	LSASSMGR.EXE
4544	LSASSMGR.EXE
4588	LSASSMGR.EXE
4660	LSASSMGR.EXE
4672	LSASSMGR.EXE
4748	LSASSMGR.EXE
4756	LSASSMGR.EXE
4868	LSASSMGR.EXE
4880	LSASSMGR.EXE
4912	LSASSMGR.EXE
4940	LSASSMGR.EXE
5000	LSASSMGR.EXE
5016	LSASSMGR.EXE
1204	LSASSMGR.EXE
2380	LSASSMGR.EXE
512	LSASSMGR.EXE
684	LSASSMGR.EXE
4160	LSASSMGR.EXE
4168	LSASSMGR.EXE
3568	LSASSMGR.EXE
4316	LSASSMGR.EXE
4276	LSASSMGR.EXE
4412	LSASSMGR.EXE
4388	LSASSMGR.EXE
4420	LSASSMGR.EXE
4456	LSASSMGR.EXE
4632	LSASSMGR.EXE
4564	LSASSMGR.EXE
4524	LSASSMGR.EXE
4708	LSASSMGR.EXE
4788	LSASSMGR.EXE
4692	LSASSMGR.EXE
4816	LSASSMGR.EXE
4848	LSASSMGR.EXE
4980	LSASSMGR.EXE
4900	LSASSMGR.EXE
4996	LSASSMGR.EXE
5076	LSASSMGR.EXE
2280	LSASSMGR.EXE
2524	LSASSMGR.EXE
1064	LSASSMGR.EXE
4240	LSASSMGR.EXE
4200	LSASSMGR.EXE
4124	LSASSMGR.EXE
4344	LSASSMGR.EXE
1272	LSASSMGR.EXE
4428	LSASSMGR.EXE
4372	LSASSMGR.EXE
4508	LSASSMGR.EXE
4496	LSASSMGR.EXE
4652	LSASSMGR.EXE
4616	LSASSMGR.EXE
4732	LSASSMGR.EXE
4812	LSASSMGR.EXE
4736	LSASSMGR.EXE
4808	LSASSMGR.EXE
4772	LSASSMGR.EXE
5008	LSASSMGR.EXE
5092	LSASSMGR.EXE
3920	LSASSMGR.EXE
5044	LSASSMGR.EXE
4992	LSASSMGR.EXE
4116	LSASSMGR.EXE
3160	LSASSMGR.EXE
3128	LSASSMGR.EXE
4128	LSASSMGR.EXE
4132	LSASSMGR.EXE
4144	LSASSMGR.EXE
4384	LSASSMGR.EXE
4668	LSASSMGR.EXE
4600	LSASSMGR.EXE
4532	LSASSMGR.EXE
4768	LSASSMGR.EXE
4728	LSASSMGR.EXE
4580	LSASSMGR.EXE
4676	LSASSMGR.EXE
4836	LSASSMGR.EXE
4780	LSASSMGR.EXE
4824	LSASSMGR.EXE
5056	LSASSMGR.EXE
3800	LSASSMGR.EXE
5028	LSASSMGR.EXE
776	LSASSMGR.EXE
4288	LSASSMGR.EXE
4172	LSASSMGR.EXE
3972	LSASSMGR.EXE
4248	LSASSMGR.EXE
4484	LSASSMGR.EXE
4620	LSASSMGR.EXE
4448	LSASSMGR.EXE
4460	LSASSMGR.EXE
2452	LSASSMGR.EXE
1236	LSASSMGR.EXE
4892	LSASSMGR.EXE
4856	LSASSMGR.EXE
4612	LSASSMGR.EXE
4876	LSASSMGR.EXE
5048	LSASSMGR.EXE
5100	LSASSMGR.EXE
4592	LSASSMGR.EXE
5064	LSASSMGR.EXE
4176	LSASSMGR.EXE
652	LSASSMGR.EXE
2852	LSASSMGR.EXE
4320	LSASSMGR.EXE
4292	LSASSMGR.EXE
4280	LSASSMGR.EXE
4392	LSASSMGR.EXE
4648	LSASSMGR.EXE
4440	LSASSMGR.EXE
4572	LSASSMGR.EXE
1792	LSASSMGR.EXE
4860	LSASSMGR.EXE
4664	LSASSMGR.EXE
4684	LSASSMGR.EXE
5024	LSASSMGR.EXE
4896	LSASSMGR.EXE
5108	LSASSMGR.EXE
4724	LSASSMGR.EXE
636	LSASSMGR.EXE

Sets file execution options in registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Adds Run key to start application 2 TTPs 218 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	srtsrv32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	c043da38e5a8e996ec0380701514bf0f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe"	lssmon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	lssmon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe"	c043da38e5a8e996ec0380701514bf0f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	srtsrv32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	srtsrv32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	srtsrv32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE

Drops file in System32 directory 441 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	srtsrv32.exe
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	srtsrv32.exe
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\lssmon.exe	WerFault.exe
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\srtsrv32.exe	c043da38e5a8e996ec0380701514bf0f.exe
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	srtsrv32.exe
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	srtsrv32.exe
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	srtsrv32.exe
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	srtsrv32.exe
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\lssmon.exe	c043da38e5a8e996ec0380701514bf0f.exe
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	srtsrv32.exe
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	srtsrv32.exe
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	srtsrv32.exe
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\lssmon.exe	c043da38e5a8e996ec0380701514bf0f.exe
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\lssmon.exe	lssmon.exe
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE

Drops file in Program Files directory 430 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	srtsrv32.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	srtsrv32.exe
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	srtsrv32.exe
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	srtsrv32.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Internet Explorer\iexplor.exe	srtsrv32.exe
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Internet Explorer\iexplor.exe	srtsrv32.exe
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	srtsrv32.exe
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	srtsrv32.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\divx32.dll	c043da38e5a8e996ec0380701514bf0f.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3672	3016	WerFault.exe	76

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3672	WerFault.exe
3672	WerFault.exe
3672	WerFault.exe
3672	WerFault.exe
3672	WerFault.exe
3672	WerFault.exe
3672	WerFault.exe
3672	WerFault.exe
3672	WerFault.exe
3672	WerFault.exe
3672	WerFault.exe
3672	WerFault.exe
3672	WerFault.exe
3672	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	3672	WerFault.exe
Token: SeBackupPrivilege	3672	WerFault.exe
Token: SeDebugPrivilege	3672	WerFault.exe

Suspicious use of WriteProcessMemory 648 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 3432	3576	c043da38e5a8e996ec0380701514bf0f.exe	75
PID 3576 wrote to memory of 3432	3576	c043da38e5a8e996ec0380701514bf0f.exe	75
PID 3576 wrote to memory of 3432	3576	c043da38e5a8e996ec0380701514bf0f.exe	75
PID 3576 wrote to memory of 3016	3576	c043da38e5a8e996ec0380701514bf0f.exe	76
PID 3576 wrote to memory of 3016	3576	c043da38e5a8e996ec0380701514bf0f.exe	76
PID 3576 wrote to memory of 3016	3576	c043da38e5a8e996ec0380701514bf0f.exe	76
PID 3432 wrote to memory of 3732	3432	srtsrv32.exe	77
PID 3432 wrote to memory of 3732	3432	srtsrv32.exe	77
PID 3432 wrote to memory of 3732	3432	srtsrv32.exe	77
PID 3732 wrote to memory of 936	3732	LSASSMGR.EXE	80
PID 3732 wrote to memory of 936	3732	LSASSMGR.EXE	80
PID 3732 wrote to memory of 936	3732	LSASSMGR.EXE	80
PID 3016 wrote to memory of 2916	3016	lssmon.exe	78
PID 3016 wrote to memory of 2916	3016	lssmon.exe	78
PID 3016 wrote to memory of 2916	3016	lssmon.exe	78
PID 3016 wrote to memory of 3320	3016	lssmon.exe	79
PID 3016 wrote to memory of 3320	3016	lssmon.exe	79
PID 3016 wrote to memory of 3320	3016	lssmon.exe	79
PID 3016 wrote to memory of 2732	3016	lssmon.exe	81
PID 3016 wrote to memory of 2732	3016	lssmon.exe	81
PID 3016 wrote to memory of 2732	3016	lssmon.exe	81
PID 936 wrote to memory of 3944	936	LSASSMGR.EXE	84
PID 936 wrote to memory of 3944	936	LSASSMGR.EXE	84
PID 936 wrote to memory of 3944	936	LSASSMGR.EXE	84
PID 3320 wrote to memory of 2632	3320	srtsrv32.exe	83
PID 3320 wrote to memory of 2632	3320	srtsrv32.exe	83
PID 3320 wrote to memory of 2632	3320	srtsrv32.exe	83
PID 2916 wrote to memory of 3916	2916	srtsrv32.exe	85
PID 2916 wrote to memory of 3916	2916	srtsrv32.exe	85
PID 2916 wrote to memory of 3916	2916	srtsrv32.exe	85
PID 2732 wrote to memory of 4088	2732	srtsrv32.exe	87
PID 2732 wrote to memory of 4088	2732	srtsrv32.exe	87
PID 2732 wrote to memory of 4088	2732	srtsrv32.exe	87
PID 3944 wrote to memory of 4068	3944	LSASSMGR.EXE	89
PID 3944 wrote to memory of 4068	3944	LSASSMGR.EXE	89
PID 3944 wrote to memory of 4068	3944	LSASSMGR.EXE	89
PID 2632 wrote to memory of 2608	2632	LSASSMGR.EXE	88
PID 2632 wrote to memory of 2608	2632	LSASSMGR.EXE	88
PID 2632 wrote to memory of 2608	2632	LSASSMGR.EXE	88
PID 3916 wrote to memory of 2124	3916	LSASSMGR.EXE	91
PID 3916 wrote to memory of 2124	3916	LSASSMGR.EXE	91
PID 3916 wrote to memory of 2124	3916	LSASSMGR.EXE	91
PID 4088 wrote to memory of 3820	4088	LSASSMGR.EXE	90
PID 4088 wrote to memory of 3820	4088	LSASSMGR.EXE	90
PID 4088 wrote to memory of 3820	4088	LSASSMGR.EXE	90
PID 2608 wrote to memory of 1996	2608	LSASSMGR.EXE	92
PID 2608 wrote to memory of 1996	2608	LSASSMGR.EXE	92
PID 2608 wrote to memory of 1996	2608	LSASSMGR.EXE	92
PID 4068 wrote to memory of 3040	4068	LSASSMGR.EXE	93
PID 4068 wrote to memory of 3040	4068	LSASSMGR.EXE	93
PID 4068 wrote to memory of 3040	4068	LSASSMGR.EXE	93
PID 2124 wrote to memory of 3936	2124	LSASSMGR.EXE	95
PID 2124 wrote to memory of 3936	2124	LSASSMGR.EXE	95
PID 2124 wrote to memory of 3936	2124	LSASSMGR.EXE	95
PID 3820 wrote to memory of 3552	3820	LSASSMGR.EXE	94
PID 3820 wrote to memory of 3552	3820	LSASSMGR.EXE	94
PID 3820 wrote to memory of 3552	3820	LSASSMGR.EXE	94
PID 3936 wrote to memory of 1404	3936	LSASSMGR.EXE	97
PID 3936 wrote to memory of 1404	3936	LSASSMGR.EXE	97
PID 3936 wrote to memory of 1404	3936	LSASSMGR.EXE	97
PID 1996 wrote to memory of 508	1996	LSASSMGR.EXE	96
PID 1996 wrote to memory of 508	1996	LSASSMGR.EXE	96
PID 1996 wrote to memory of 508	1996	LSASSMGR.EXE	96
PID 3040 wrote to memory of 2908	3040	LSASSMGR.EXE	98
PID 3040 wrote to memory of 2908	3040	LSASSMGR.EXE	98
PID 3040 wrote to memory of 2908	3040	LSASSMGR.EXE	98
PID 3552 wrote to memory of 1500	3552	LSASSMGR.EXE	99
PID 3552 wrote to memory of 1500	3552	LSASSMGR.EXE	99
PID 3552 wrote to memory of 1500	3552	LSASSMGR.EXE	99
PID 508 wrote to memory of 3012	508	LSASSMGR.EXE	102
PID 508 wrote to memory of 3012	508	LSASSMGR.EXE	102
PID 508 wrote to memory of 3012	508	LSASSMGR.EXE	102
PID 1404 wrote to memory of 412	1404	LSASSMGR.EXE	101
PID 1404 wrote to memory of 412	1404	LSASSMGR.EXE	101
PID 1404 wrote to memory of 412	1404	LSASSMGR.EXE	101
PID 2908 wrote to memory of 3028	2908	LSASSMGR.EXE	100
PID 2908 wrote to memory of 3028	2908	LSASSMGR.EXE	100
PID 2908 wrote to memory of 3028	2908	LSASSMGR.EXE	100
PID 1500 wrote to memory of 3956	1500	LSASSMGR.EXE	103
PID 1500 wrote to memory of 3956	1500	LSASSMGR.EXE	103
PID 1500 wrote to memory of 3956	1500	LSASSMGR.EXE	103
PID 3012 wrote to memory of 4060	3012	LSASSMGR.EXE	104
PID 3012 wrote to memory of 4060	3012	LSASSMGR.EXE	104
PID 3012 wrote to memory of 4060	3012	LSASSMGR.EXE	104
PID 3028 wrote to memory of 3268	3028	LSASSMGR.EXE	105
PID 3028 wrote to memory of 3268	3028	LSASSMGR.EXE	105
PID 3028 wrote to memory of 3268	3028	LSASSMGR.EXE	105
PID 412 wrote to memory of 2300	412	LSASSMGR.EXE	106
PID 412 wrote to memory of 2300	412	LSASSMGR.EXE	106
PID 412 wrote to memory of 2300	412	LSASSMGR.EXE	106
PID 3956 wrote to memory of 3540	3956	LSASSMGR.EXE	107
PID 3956 wrote to memory of 3540	3956	LSASSMGR.EXE	107
PID 3956 wrote to memory of 3540	3956	LSASSMGR.EXE	107
PID 4060 wrote to memory of 2128	4060	LSASSMGR.EXE	108
PID 4060 wrote to memory of 2128	4060	LSASSMGR.EXE	108
PID 4060 wrote to memory of 2128	4060	LSASSMGR.EXE	108
PID 2300 wrote to memory of 1892	2300	LSASSMGR.EXE	110
PID 2300 wrote to memory of 1892	2300	LSASSMGR.EXE	110
PID 2300 wrote to memory of 1892	2300	LSASSMGR.EXE	110
PID 3268 wrote to memory of 2616	3268	LSASSMGR.EXE	109
PID 3268 wrote to memory of 2616	3268	LSASSMGR.EXE	109
PID 3268 wrote to memory of 2616	3268	LSASSMGR.EXE	109
PID 3540 wrote to memory of 3424	3540	LSASSMGR.EXE	111
PID 3540 wrote to memory of 3424	3540	LSASSMGR.EXE	111
PID 3540 wrote to memory of 3424	3540	LSASSMGR.EXE	111
PID 2616 wrote to memory of 1616	2616	LSASSMGR.EXE	114
PID 2616 wrote to memory of 1616	2616	LSASSMGR.EXE	114
PID 2616 wrote to memory of 1616	2616	LSASSMGR.EXE	114
PID 2128 wrote to memory of 3804	2128	LSASSMGR.EXE	113
PID 2128 wrote to memory of 3804	2128	LSASSMGR.EXE	113
PID 2128 wrote to memory of 3804	2128	LSASSMGR.EXE	113
PID 3424 wrote to memory of 3652	3424	LSASSMGR.EXE	115
PID 3424 wrote to memory of 3652	3424	LSASSMGR.EXE	115
PID 3424 wrote to memory of 3652	3424	LSASSMGR.EXE	115
PID 1892 wrote to memory of 3532	1892	LSASSMGR.EXE	112
PID 1892 wrote to memory of 3532	1892	LSASSMGR.EXE	112
PID 1892 wrote to memory of 3532	1892	LSASSMGR.EXE	112
PID 3532 wrote to memory of 2244	3532	LSASSMGR.EXE	116
PID 3532 wrote to memory of 2244	3532	LSASSMGR.EXE	116
PID 3532 wrote to memory of 2244	3532	LSASSMGR.EXE	116
PID 3804 wrote to memory of 4092	3804	LSASSMGR.EXE	117
PID 3804 wrote to memory of 4092	3804	LSASSMGR.EXE	117
PID 3804 wrote to memory of 4092	3804	LSASSMGR.EXE	117
PID 3652 wrote to memory of 1288	3652	LSASSMGR.EXE	118
PID 3652 wrote to memory of 1288	3652	LSASSMGR.EXE	118
PID 3652 wrote to memory of 1288	3652	LSASSMGR.EXE	118
PID 1616 wrote to memory of 2200	1616	LSASSMGR.EXE	119
PID 1616 wrote to memory of 2200	1616	LSASSMGR.EXE	119
PID 1616 wrote to memory of 2200	1616	LSASSMGR.EXE	119
PID 1288 wrote to memory of 1324	1288	LSASSMGR.EXE	120
PID 1288 wrote to memory of 1324	1288	LSASSMGR.EXE	120
PID 1288 wrote to memory of 1324	1288	LSASSMGR.EXE	120
PID 2200 wrote to memory of 2148	2200	LSASSMGR.EXE	123
PID 2200 wrote to memory of 2148	2200	LSASSMGR.EXE	123
PID 2200 wrote to memory of 2148	2200	LSASSMGR.EXE	123
PID 4092 wrote to memory of 692	4092	LSASSMGR.EXE	122
PID 4092 wrote to memory of 692	4092	LSASSMGR.EXE	122
PID 4092 wrote to memory of 692	4092	LSASSMGR.EXE	122
PID 2244 wrote to memory of 2540	2244	LSASSMGR.EXE	121
PID 2244 wrote to memory of 2540	2244	LSASSMGR.EXE	121
PID 2244 wrote to memory of 2540	2244	LSASSMGR.EXE	121
PID 692 wrote to memory of 2180	692	LSASSMGR.EXE	127
PID 692 wrote to memory of 2180	692	LSASSMGR.EXE	127
PID 692 wrote to memory of 2180	692	LSASSMGR.EXE	127
PID 2540 wrote to memory of 2108	2540	LSASSMGR.EXE	126
PID 2540 wrote to memory of 2108	2540	LSASSMGR.EXE	126
PID 2540 wrote to memory of 2108	2540	LSASSMGR.EXE	126
PID 1324 wrote to memory of 3912	1324	LSASSMGR.EXE	124
PID 1324 wrote to memory of 3912	1324	LSASSMGR.EXE	124
PID 1324 wrote to memory of 3912	1324	LSASSMGR.EXE	124
PID 2148 wrote to memory of 2748	2148	LSASSMGR.EXE	125
PID 2148 wrote to memory of 2748	2148	LSASSMGR.EXE	125
PID 2148 wrote to memory of 2748	2148	LSASSMGR.EXE	125
PID 3912 wrote to memory of 3680	3912	LSASSMGR.EXE	128
PID 3912 wrote to memory of 3680	3912	LSASSMGR.EXE	128
PID 3912 wrote to memory of 3680	3912	LSASSMGR.EXE	128
PID 2180 wrote to memory of 3112	2180	LSASSMGR.EXE	130
PID 2180 wrote to memory of 3112	2180	LSASSMGR.EXE	130
PID 2180 wrote to memory of 3112	2180	LSASSMGR.EXE	130
PID 2108 wrote to memory of 3632	2108	LSASSMGR.EXE	129
PID 2108 wrote to memory of 3632	2108	LSASSMGR.EXE	129
PID 2108 wrote to memory of 3632	2108	LSASSMGR.EXE	129
PID 2748 wrote to memory of 2252	2748	LSASSMGR.EXE	131
PID 2748 wrote to memory of 2252	2748	LSASSMGR.EXE	131
PID 2748 wrote to memory of 2252	2748	LSASSMGR.EXE	131
PID 3632 wrote to memory of 3796	3632	LSASSMGR.EXE	132
PID 3632 wrote to memory of 3796	3632	LSASSMGR.EXE	132
PID 3632 wrote to memory of 3796	3632	LSASSMGR.EXE	132
PID 3680 wrote to memory of 2228	3680	LSASSMGR.EXE	133
PID 3680 wrote to memory of 2228	3680	LSASSMGR.EXE	133
PID 3680 wrote to memory of 2228	3680	LSASSMGR.EXE	133
PID 3112 wrote to memory of 3472	3112	LSASSMGR.EXE	134
PID 3112 wrote to memory of 3472	3112	LSASSMGR.EXE	134
PID 3112 wrote to memory of 3472	3112	LSASSMGR.EXE	134
PID 2252 wrote to memory of 4000	2252	LSASSMGR.EXE	135
PID 2252 wrote to memory of 4000	2252	LSASSMGR.EXE	135
PID 2252 wrote to memory of 4000	2252	LSASSMGR.EXE	135
PID 3796 wrote to memory of 644	3796	LSASSMGR.EXE	138
PID 3796 wrote to memory of 644	3796	LSASSMGR.EXE	138
PID 3796 wrote to memory of 644	3796	LSASSMGR.EXE	138
PID 2228 wrote to memory of 1592	2228	LSASSMGR.EXE	137
PID 2228 wrote to memory of 1592	2228	LSASSMGR.EXE	137
PID 2228 wrote to memory of 1592	2228	LSASSMGR.EXE	137
PID 3472 wrote to memory of 3928	3472	LSASSMGR.EXE	136
PID 3472 wrote to memory of 3928	3472	LSASSMGR.EXE	136
PID 3472 wrote to memory of 3928	3472	LSASSMGR.EXE	136
PID 644 wrote to memory of 736	644	LSASSMGR.EXE	142
PID 644 wrote to memory of 736	644	LSASSMGR.EXE	142
PID 644 wrote to memory of 736	644	LSASSMGR.EXE	142
PID 4000 wrote to memory of 2724	4000	LSASSMGR.EXE	139
PID 4000 wrote to memory of 2724	4000	LSASSMGR.EXE	139
PID 4000 wrote to memory of 2724	4000	LSASSMGR.EXE	139
PID 3928 wrote to memory of 3136	3928	LSASSMGR.EXE	140
PID 3928 wrote to memory of 3136	3928	LSASSMGR.EXE	140
PID 3928 wrote to memory of 3136	3928	LSASSMGR.EXE	140
PID 1592 wrote to memory of 4036	1592	LSASSMGR.EXE	141
PID 1592 wrote to memory of 4036	1592	LSASSMGR.EXE	141
PID 1592 wrote to memory of 4036	1592	LSASSMGR.EXE	141
PID 3136 wrote to memory of 3556	3136	LSASSMGR.EXE	144
PID 3136 wrote to memory of 3556	3136	LSASSMGR.EXE	144
PID 3136 wrote to memory of 3556	3136	LSASSMGR.EXE	144
PID 2724 wrote to memory of 1120	2724	LSASSMGR.EXE	143
PID 2724 wrote to memory of 1120	2724	LSASSMGR.EXE	143
PID 2724 wrote to memory of 1120	2724	LSASSMGR.EXE	143
PID 736 wrote to memory of 2212	736	LSASSMGR.EXE	145
PID 736 wrote to memory of 2212	736	LSASSMGR.EXE	145
PID 736 wrote to memory of 2212	736	LSASSMGR.EXE	145
PID 4036 wrote to memory of 416	4036	LSASSMGR.EXE	146
PID 4036 wrote to memory of 416	4036	LSASSMGR.EXE	146
PID 4036 wrote to memory of 416	4036	LSASSMGR.EXE	146
PID 1120 wrote to memory of 1260	1120	LSASSMGR.EXE	147
PID 1120 wrote to memory of 1260	1120	LSASSMGR.EXE	147
PID 1120 wrote to memory of 1260	1120	LSASSMGR.EXE	147
PID 3556 wrote to memory of 2648	3556	LSASSMGR.EXE	148
PID 3556 wrote to memory of 2648	3556	LSASSMGR.EXE	148
PID 3556 wrote to memory of 2648	3556	LSASSMGR.EXE	148
PID 2212 wrote to memory of 2284	2212	LSASSMGR.EXE	149
PID 2212 wrote to memory of 2284	2212	LSASSMGR.EXE	149
PID 2212 wrote to memory of 2284	2212	LSASSMGR.EXE	149
PID 416 wrote to memory of 3636	416	LSASSMGR.EXE	151
PID 416 wrote to memory of 3636	416	LSASSMGR.EXE	151
PID 416 wrote to memory of 3636	416	LSASSMGR.EXE	151
PID 1260 wrote to memory of 3952	1260	LSASSMGR.EXE	150
PID 1260 wrote to memory of 3952	1260	LSASSMGR.EXE	150
PID 1260 wrote to memory of 3952	1260	LSASSMGR.EXE	150
PID 2648 wrote to memory of 2220	2648	LSASSMGR.EXE	152
PID 2648 wrote to memory of 2220	2648	LSASSMGR.EXE	152
PID 2648 wrote to memory of 2220	2648	LSASSMGR.EXE	152
PID 2284 wrote to memory of 1888	2284	LSASSMGR.EXE	153
PID 2284 wrote to memory of 1888	2284	LSASSMGR.EXE	153
PID 2284 wrote to memory of 1888	2284	LSASSMGR.EXE	153
PID 3636 wrote to memory of 3932	3636	LSASSMGR.EXE	154
PID 3636 wrote to memory of 3932	3636	LSASSMGR.EXE	154
PID 3636 wrote to memory of 3932	3636	LSASSMGR.EXE	154
PID 3952 wrote to memory of 3480	3952	LSASSMGR.EXE	155
PID 3952 wrote to memory of 3480	3952	LSASSMGR.EXE	155
PID 3952 wrote to memory of 3480	3952	LSASSMGR.EXE	155
PID 2220 wrote to memory of 1388	2220	LSASSMGR.EXE	157
PID 2220 wrote to memory of 1388	2220	LSASSMGR.EXE	157
PID 2220 wrote to memory of 1388	2220	LSASSMGR.EXE	157
PID 1888 wrote to memory of 3780	1888	LSASSMGR.EXE	156
PID 1888 wrote to memory of 3780	1888	LSASSMGR.EXE	156
PID 1888 wrote to memory of 3780	1888	LSASSMGR.EXE	156
PID 3932 wrote to memory of 3960	3932	LSASSMGR.EXE	158
PID 3932 wrote to memory of 3960	3932	LSASSMGR.EXE	158
PID 3932 wrote to memory of 3960	3932	LSASSMGR.EXE	158
PID 3480 wrote to memory of 3908	3480	LSASSMGR.EXE	159
PID 3480 wrote to memory of 3908	3480	LSASSMGR.EXE	159
PID 3480 wrote to memory of 3908	3480	LSASSMGR.EXE	159
PID 3780 wrote to memory of 3948	3780	LSASSMGR.EXE	160
PID 3780 wrote to memory of 3948	3780	LSASSMGR.EXE	160
PID 3780 wrote to memory of 3948	3780	LSASSMGR.EXE	160
PID 1388 wrote to memory of 2720	1388	LSASSMGR.EXE	161
PID 1388 wrote to memory of 2720	1388	LSASSMGR.EXE	161
PID 1388 wrote to memory of 2720	1388	LSASSMGR.EXE	161
PID 3960 wrote to memory of 1264	3960	LSASSMGR.EXE	162
PID 3960 wrote to memory of 1264	3960	LSASSMGR.EXE	162
PID 3960 wrote to memory of 1264	3960	LSASSMGR.EXE	162
PID 3908 wrote to memory of 2184	3908	LSASSMGR.EXE	163
PID 3908 wrote to memory of 2184	3908	LSASSMGR.EXE	163
PID 3908 wrote to memory of 2184	3908	LSASSMGR.EXE	163
PID 3948 wrote to memory of 4120	3948	LSASSMGR.EXE	164
PID 3948 wrote to memory of 4120	3948	LSASSMGR.EXE	164
PID 3948 wrote to memory of 4120	3948	LSASSMGR.EXE	164
PID 1264 wrote to memory of 4220	1264	LSASSMGR.EXE	166
PID 1264 wrote to memory of 4220	1264	LSASSMGR.EXE	166
PID 1264 wrote to memory of 4220	1264	LSASSMGR.EXE	166
PID 2720 wrote to memory of 4232	2720	LSASSMGR.EXE	165
PID 2720 wrote to memory of 4232	2720	LSASSMGR.EXE	165
PID 2720 wrote to memory of 4232	2720	LSASSMGR.EXE	165
PID 4120 wrote to memory of 4308	4120	LSASSMGR.EXE	167
PID 4120 wrote to memory of 4308	4120	LSASSMGR.EXE	167
PID 4120 wrote to memory of 4308	4120	LSASSMGR.EXE	167
PID 2184 wrote to memory of 4336	2184	LSASSMGR.EXE	168
PID 2184 wrote to memory of 4336	2184	LSASSMGR.EXE	168
PID 2184 wrote to memory of 4336	2184	LSASSMGR.EXE	168
PID 4220 wrote to memory of 4376	4220	LSASSMGR.EXE	169
PID 4220 wrote to memory of 4376	4220	LSASSMGR.EXE	169
PID 4220 wrote to memory of 4376	4220	LSASSMGR.EXE	169
PID 4232 wrote to memory of 4404	4232	LSASSMGR.EXE	170
PID 4232 wrote to memory of 4404	4232	LSASSMGR.EXE	170
PID 4232 wrote to memory of 4404	4232	LSASSMGR.EXE	170
PID 4308 wrote to memory of 4500	4308	LSASSMGR.EXE	172
PID 4308 wrote to memory of 4500	4308	LSASSMGR.EXE	172
PID 4308 wrote to memory of 4500	4308	LSASSMGR.EXE	172
PID 4336 wrote to memory of 4512	4336	LSASSMGR.EXE	171
PID 4336 wrote to memory of 4512	4336	LSASSMGR.EXE	171
PID 4336 wrote to memory of 4512	4336	LSASSMGR.EXE	171
PID 4376 wrote to memory of 4544	4376	LSASSMGR.EXE	173
PID 4376 wrote to memory of 4544	4376	LSASSMGR.EXE	173
PID 4376 wrote to memory of 4544	4376	LSASSMGR.EXE	173
PID 4404 wrote to memory of 4588	4404	LSASSMGR.EXE	174
PID 4404 wrote to memory of 4588	4404	LSASSMGR.EXE	174
PID 4404 wrote to memory of 4588	4404	LSASSMGR.EXE	174
PID 4512 wrote to memory of 4660	4512	LSASSMGR.EXE	175
PID 4512 wrote to memory of 4660	4512	LSASSMGR.EXE	175
PID 4512 wrote to memory of 4660	4512	LSASSMGR.EXE	175
PID 4500 wrote to memory of 4672	4500	LSASSMGR.EXE	176
PID 4500 wrote to memory of 4672	4500	LSASSMGR.EXE	176
PID 4500 wrote to memory of 4672	4500	LSASSMGR.EXE	176
PID 4588 wrote to memory of 4748	4588	LSASSMGR.EXE	178
PID 4588 wrote to memory of 4748	4588	LSASSMGR.EXE	178
PID 4588 wrote to memory of 4748	4588	LSASSMGR.EXE	178
PID 4544 wrote to memory of 4756	4544	LSASSMGR.EXE	177
PID 4544 wrote to memory of 4756	4544	LSASSMGR.EXE	177
PID 4544 wrote to memory of 4756	4544	LSASSMGR.EXE	177
PID 4672 wrote to memory of 4868	4672	LSASSMGR.EXE	179
PID 4672 wrote to memory of 4868	4672	LSASSMGR.EXE	179
PID 4672 wrote to memory of 4868	4672	LSASSMGR.EXE	179
PID 4660 wrote to memory of 4880	4660	LSASSMGR.EXE	180
PID 4660 wrote to memory of 4880	4660	LSASSMGR.EXE	180
PID 4660 wrote to memory of 4880	4660	LSASSMGR.EXE	180
PID 4748 wrote to memory of 4912	4748	LSASSMGR.EXE	181
PID 4748 wrote to memory of 4912	4748	LSASSMGR.EXE	181
PID 4748 wrote to memory of 4912	4748	LSASSMGR.EXE	181
PID 4756 wrote to memory of 4940	4756	LSASSMGR.EXE	182
PID 4756 wrote to memory of 4940	4756	LSASSMGR.EXE	182
PID 4756 wrote to memory of 4940	4756	LSASSMGR.EXE	182
PID 4868 wrote to memory of 5000	4868	LSASSMGR.EXE	183
PID 4868 wrote to memory of 5000	4868	LSASSMGR.EXE	183
PID 4868 wrote to memory of 5000	4868	LSASSMGR.EXE	183
PID 4880 wrote to memory of 5016	4880	LSASSMGR.EXE	184
PID 4880 wrote to memory of 5016	4880	LSASSMGR.EXE	184
PID 4880 wrote to memory of 5016	4880	LSASSMGR.EXE	184
PID 4912 wrote to memory of 1204	4912	LSASSMGR.EXE	188
PID 4912 wrote to memory of 1204	4912	LSASSMGR.EXE	188
PID 4912 wrote to memory of 1204	4912	LSASSMGR.EXE	188
PID 4940 wrote to memory of 512	4940	LSASSMGR.EXE	187
PID 4940 wrote to memory of 512	4940	LSASSMGR.EXE	187
PID 4940 wrote to memory of 512	4940	LSASSMGR.EXE	187
PID 5016 wrote to memory of 2380	5016	LSASSMGR.EXE	186
PID 5016 wrote to memory of 2380	5016	LSASSMGR.EXE	186
PID 5016 wrote to memory of 2380	5016	LSASSMGR.EXE	186
PID 5000 wrote to memory of 684	5000	LSASSMGR.EXE	185
PID 5000 wrote to memory of 684	5000	LSASSMGR.EXE	185
PID 5000 wrote to memory of 684	5000	LSASSMGR.EXE	185
PID 1204 wrote to memory of 4160	1204	LSASSMGR.EXE	189
PID 1204 wrote to memory of 4160	1204	LSASSMGR.EXE	189
PID 1204 wrote to memory of 4160	1204	LSASSMGR.EXE	189
PID 2380 wrote to memory of 3568	2380	LSASSMGR.EXE	192
PID 2380 wrote to memory of 3568	2380	LSASSMGR.EXE	192
PID 2380 wrote to memory of 3568	2380	LSASSMGR.EXE	192
PID 512 wrote to memory of 4168	512	LSASSMGR.EXE	190
PID 512 wrote to memory of 4168	512	LSASSMGR.EXE	190
PID 512 wrote to memory of 4168	512	LSASSMGR.EXE	190
PID 684 wrote to memory of 4316	684	LSASSMGR.EXE	191
PID 684 wrote to memory of 4316	684	LSASSMGR.EXE	191
PID 684 wrote to memory of 4316	684	LSASSMGR.EXE	191
PID 4160 wrote to memory of 4276	4160	LSASSMGR.EXE	193
PID 4160 wrote to memory of 4276	4160	LSASSMGR.EXE	193
PID 4160 wrote to memory of 4276	4160	LSASSMGR.EXE	193
PID 4168 wrote to memory of 4412	4168	LSASSMGR.EXE	194
PID 4168 wrote to memory of 4412	4168	LSASSMGR.EXE	194
PID 4168 wrote to memory of 4412	4168	LSASSMGR.EXE	194
PID 3568 wrote to memory of 4420	3568	LSASSMGR.EXE	196
PID 3568 wrote to memory of 4420	3568	LSASSMGR.EXE	196
PID 3568 wrote to memory of 4420	3568	LSASSMGR.EXE	196
PID 4316 wrote to memory of 4388	4316	LSASSMGR.EXE	195
PID 4316 wrote to memory of 4388	4316	LSASSMGR.EXE	195
PID 4316 wrote to memory of 4388	4316	LSASSMGR.EXE	195
PID 4276 wrote to memory of 4456	4276	LSASSMGR.EXE	197
PID 4276 wrote to memory of 4456	4276	LSASSMGR.EXE	197
PID 4276 wrote to memory of 4456	4276	LSASSMGR.EXE	197
PID 4420 wrote to memory of 4632	4420	LSASSMGR.EXE	198
PID 4420 wrote to memory of 4632	4420	LSASSMGR.EXE	198
PID 4420 wrote to memory of 4632	4420	LSASSMGR.EXE	198
PID 4412 wrote to memory of 4564	4412	LSASSMGR.EXE	199
PID 4412 wrote to memory of 4564	4412	LSASSMGR.EXE	199
PID 4412 wrote to memory of 4564	4412	LSASSMGR.EXE	199
PID 4388 wrote to memory of 4524	4388	LSASSMGR.EXE	200
PID 4388 wrote to memory of 4524	4388	LSASSMGR.EXE	200
PID 4388 wrote to memory of 4524	4388	LSASSMGR.EXE	200
PID 4456 wrote to memory of 4708	4456	LSASSMGR.EXE	201
PID 4456 wrote to memory of 4708	4456	LSASSMGR.EXE	201
PID 4456 wrote to memory of 4708	4456	LSASSMGR.EXE	201
PID 4632 wrote to memory of 4788	4632	LSASSMGR.EXE	203
PID 4632 wrote to memory of 4788	4632	LSASSMGR.EXE	203
PID 4632 wrote to memory of 4788	4632	LSASSMGR.EXE	203
PID 4564 wrote to memory of 4692	4564	LSASSMGR.EXE	202
PID 4564 wrote to memory of 4692	4564	LSASSMGR.EXE	202
PID 4564 wrote to memory of 4692	4564	LSASSMGR.EXE	202
PID 4524 wrote to memory of 4816	4524	LSASSMGR.EXE	205
PID 4524 wrote to memory of 4816	4524	LSASSMGR.EXE	205
PID 4524 wrote to memory of 4816	4524	LSASSMGR.EXE	205
PID 4708 wrote to memory of 4848	4708	LSASSMGR.EXE	204
PID 4708 wrote to memory of 4848	4708	LSASSMGR.EXE	204
PID 4708 wrote to memory of 4848	4708	LSASSMGR.EXE	204
PID 4816 wrote to memory of 4980	4816	LSASSMGR.EXE	207
PID 4816 wrote to memory of 4980	4816	LSASSMGR.EXE	207
PID 4816 wrote to memory of 4980	4816	LSASSMGR.EXE	207
PID 4692 wrote to memory of 4900	4692	LSASSMGR.EXE	206
PID 4692 wrote to memory of 4900	4692	LSASSMGR.EXE	206
PID 4692 wrote to memory of 4900	4692	LSASSMGR.EXE	206
PID 4788 wrote to memory of 4996	4788	LSASSMGR.EXE	209
PID 4788 wrote to memory of 4996	4788	LSASSMGR.EXE	209
PID 4788 wrote to memory of 4996	4788	LSASSMGR.EXE	209
PID 4848 wrote to memory of 5076	4848	LSASSMGR.EXE	208
PID 4848 wrote to memory of 5076	4848	LSASSMGR.EXE	208
PID 4848 wrote to memory of 5076	4848	LSASSMGR.EXE	208
PID 4980 wrote to memory of 2280	4980	LSASSMGR.EXE	212
PID 4980 wrote to memory of 2280	4980	LSASSMGR.EXE	212
PID 4980 wrote to memory of 2280	4980	LSASSMGR.EXE	212
PID 4900 wrote to memory of 2524	4900	LSASSMGR.EXE	210
PID 4900 wrote to memory of 2524	4900	LSASSMGR.EXE	210
PID 4900 wrote to memory of 2524	4900	LSASSMGR.EXE	210
PID 4996 wrote to memory of 1064	4996	LSASSMGR.EXE	211
PID 4996 wrote to memory of 1064	4996	LSASSMGR.EXE	211
PID 4996 wrote to memory of 1064	4996	LSASSMGR.EXE	211
PID 5076 wrote to memory of 4240	5076	LSASSMGR.EXE	213
PID 5076 wrote to memory of 4240	5076	LSASSMGR.EXE	213
PID 5076 wrote to memory of 4240	5076	LSASSMGR.EXE	213
PID 2280 wrote to memory of 4200	2280	LSASSMGR.EXE	215
PID 2280 wrote to memory of 4200	2280	LSASSMGR.EXE	215
PID 2280 wrote to memory of 4200	2280	LSASSMGR.EXE	215
PID 2524 wrote to memory of 4124	2524	LSASSMGR.EXE	214
PID 2524 wrote to memory of 4124	2524	LSASSMGR.EXE	214
PID 2524 wrote to memory of 4124	2524	LSASSMGR.EXE	214
PID 1064 wrote to memory of 4344	1064	LSASSMGR.EXE	216
PID 1064 wrote to memory of 4344	1064	LSASSMGR.EXE	216
PID 1064 wrote to memory of 4344	1064	LSASSMGR.EXE	216
PID 4240 wrote to memory of 1272	4240	LSASSMGR.EXE	217
PID 4240 wrote to memory of 1272	4240	LSASSMGR.EXE	217
PID 4240 wrote to memory of 1272	4240	LSASSMGR.EXE	217
PID 4200 wrote to memory of 4428	4200	LSASSMGR.EXE	218
PID 4200 wrote to memory of 4428	4200	LSASSMGR.EXE	218
PID 4200 wrote to memory of 4428	4200	LSASSMGR.EXE	218
PID 4344 wrote to memory of 4372	4344	LSASSMGR.EXE	220
PID 4344 wrote to memory of 4372	4344	LSASSMGR.EXE	220
PID 4344 wrote to memory of 4372	4344	LSASSMGR.EXE	220
PID 4124 wrote to memory of 4508	4124	LSASSMGR.EXE	219
PID 4124 wrote to memory of 4508	4124	LSASSMGR.EXE	219
PID 4124 wrote to memory of 4508	4124	LSASSMGR.EXE	219
PID 4428 wrote to memory of 4652	4428	LSASSMGR.EXE	221
PID 4428 wrote to memory of 4652	4428	LSASSMGR.EXE	221
PID 4428 wrote to memory of 4652	4428	LSASSMGR.EXE	221
PID 1272 wrote to memory of 4496	1272	LSASSMGR.EXE	222
PID 1272 wrote to memory of 4496	1272	LSASSMGR.EXE	222
PID 1272 wrote to memory of 4496	1272	LSASSMGR.EXE	222
PID 4372 wrote to memory of 4616	4372	LSASSMGR.EXE	223
PID 4372 wrote to memory of 4616	4372	LSASSMGR.EXE	223
PID 4372 wrote to memory of 4616	4372	LSASSMGR.EXE	223
PID 4508 wrote to memory of 4732	4508	LSASSMGR.EXE	224
PID 4508 wrote to memory of 4732	4508	LSASSMGR.EXE	224
PID 4508 wrote to memory of 4732	4508	LSASSMGR.EXE	224
PID 4652 wrote to memory of 4812	4652	LSASSMGR.EXE	226
PID 4652 wrote to memory of 4812	4652	LSASSMGR.EXE	226
PID 4652 wrote to memory of 4812	4652	LSASSMGR.EXE	226
PID 4496 wrote to memory of 4736	4496	LSASSMGR.EXE	225
PID 4496 wrote to memory of 4736	4496	LSASSMGR.EXE	225
PID 4496 wrote to memory of 4736	4496	LSASSMGR.EXE	225
PID 4616 wrote to memory of 4808	4616	LSASSMGR.EXE	227
PID 4616 wrote to memory of 4808	4616	LSASSMGR.EXE	227
PID 4616 wrote to memory of 4808	4616	LSASSMGR.EXE	227
PID 4732 wrote to memory of 4772	4732	LSASSMGR.EXE	228
PID 4732 wrote to memory of 4772	4732	LSASSMGR.EXE	228
PID 4732 wrote to memory of 4772	4732	LSASSMGR.EXE	228
PID 4812 wrote to memory of 5008	4812	LSASSMGR.EXE	229
PID 4812 wrote to memory of 5008	4812	LSASSMGR.EXE	229
PID 4812 wrote to memory of 5008	4812	LSASSMGR.EXE	229
PID 4808 wrote to memory of 5092	4808	LSASSMGR.EXE	230
PID 4808 wrote to memory of 5092	4808	LSASSMGR.EXE	230
PID 4808 wrote to memory of 5092	4808	LSASSMGR.EXE	230
PID 4736 wrote to memory of 3920	4736	LSASSMGR.EXE	231
PID 4736 wrote to memory of 3920	4736	LSASSMGR.EXE	231
PID 4736 wrote to memory of 3920	4736	LSASSMGR.EXE	231
PID 4772 wrote to memory of 5044	4772	LSASSMGR.EXE	233
PID 4772 wrote to memory of 5044	4772	LSASSMGR.EXE	233
PID 4772 wrote to memory of 5044	4772	LSASSMGR.EXE	233
PID 5008 wrote to memory of 4992	5008	LSASSMGR.EXE	232
PID 5008 wrote to memory of 4992	5008	LSASSMGR.EXE	232
PID 5008 wrote to memory of 4992	5008	LSASSMGR.EXE	232
PID 5092 wrote to memory of 4116	5092	LSASSMGR.EXE	234
PID 5092 wrote to memory of 4116	5092	LSASSMGR.EXE	234
PID 5092 wrote to memory of 4116	5092	LSASSMGR.EXE	234
PID 3920 wrote to memory of 3160	3920	LSASSMGR.EXE	235
PID 3920 wrote to memory of 3160	3920	LSASSMGR.EXE	235
PID 3920 wrote to memory of 3160	3920	LSASSMGR.EXE	235
PID 4992 wrote to memory of 3128	4992	LSASSMGR.EXE	237
PID 4992 wrote to memory of 3128	4992	LSASSMGR.EXE	237
PID 4992 wrote to memory of 3128	4992	LSASSMGR.EXE	237
PID 5044 wrote to memory of 4128	5044	LSASSMGR.EXE	236
PID 5044 wrote to memory of 4128	5044	LSASSMGR.EXE	236
PID 5044 wrote to memory of 4128	5044	LSASSMGR.EXE	236
PID 4116 wrote to memory of 4132	4116	LSASSMGR.EXE	238
PID 4116 wrote to memory of 4132	4116	LSASSMGR.EXE	238
PID 4116 wrote to memory of 4132	4116	LSASSMGR.EXE	238
PID 3160 wrote to memory of 4144	3160	LSASSMGR.EXE	239
PID 3160 wrote to memory of 4144	3160	LSASSMGR.EXE	239
PID 3160 wrote to memory of 4144	3160	LSASSMGR.EXE	239
PID 3128 wrote to memory of 4384	3128	LSASSMGR.EXE	241
PID 3128 wrote to memory of 4384	3128	LSASSMGR.EXE	241
PID 3128 wrote to memory of 4384	3128	LSASSMGR.EXE	241
PID 4128 wrote to memory of 4668	4128	LSASSMGR.EXE	240
PID 4128 wrote to memory of 4668	4128	LSASSMGR.EXE	240
PID 4128 wrote to memory of 4668	4128	LSASSMGR.EXE	240
PID 4132 wrote to memory of 4600	4132	LSASSMGR.EXE	242
PID 4132 wrote to memory of 4600	4132	LSASSMGR.EXE	242
PID 4132 wrote to memory of 4600	4132	LSASSMGR.EXE	242
PID 4144 wrote to memory of 4768	4144	LSASSMGR.EXE	246
PID 4144 wrote to memory of 4768	4144	LSASSMGR.EXE	246
PID 4144 wrote to memory of 4768	4144	LSASSMGR.EXE	246
PID 4668 wrote to memory of 4532	4668	LSASSMGR.EXE	243
PID 4668 wrote to memory of 4532	4668	LSASSMGR.EXE	243
PID 4668 wrote to memory of 4532	4668	LSASSMGR.EXE	243
PID 4384 wrote to memory of 4728	4384	LSASSMGR.EXE	245
PID 4384 wrote to memory of 4728	4384	LSASSMGR.EXE	245
PID 4384 wrote to memory of 4728	4384	LSASSMGR.EXE	245
PID 4600 wrote to memory of 4580	4600	LSASSMGR.EXE	244
PID 4600 wrote to memory of 4580	4600	LSASSMGR.EXE	244
PID 4600 wrote to memory of 4580	4600	LSASSMGR.EXE	244
PID 4580 wrote to memory of 4676	4580	LSASSMGR.EXE	247
PID 4580 wrote to memory of 4676	4580	LSASSMGR.EXE	247
PID 4580 wrote to memory of 4676	4580	LSASSMGR.EXE	247
PID 4728 wrote to memory of 4836	4728	LSASSMGR.EXE	248
PID 4728 wrote to memory of 4836	4728	LSASSMGR.EXE	248
PID 4728 wrote to memory of 4836	4728	LSASSMGR.EXE	248
PID 4768 wrote to memory of 4780	4768	LSASSMGR.EXE	250
PID 4768 wrote to memory of 4780	4768	LSASSMGR.EXE	250
PID 4768 wrote to memory of 4780	4768	LSASSMGR.EXE	250
PID 4532 wrote to memory of 4824	4532	LSASSMGR.EXE	249
PID 4532 wrote to memory of 4824	4532	LSASSMGR.EXE	249
PID 4532 wrote to memory of 4824	4532	LSASSMGR.EXE	249
PID 4676 wrote to memory of 5056	4676	LSASSMGR.EXE	252
PID 4676 wrote to memory of 5056	4676	LSASSMGR.EXE	252
PID 4676 wrote to memory of 5056	4676	LSASSMGR.EXE	252
PID 4836 wrote to memory of 3800	4836	LSASSMGR.EXE	251
PID 4836 wrote to memory of 3800	4836	LSASSMGR.EXE	251
PID 4836 wrote to memory of 3800	4836	LSASSMGR.EXE	251
PID 4824 wrote to memory of 5028	4824	LSASSMGR.EXE	254
PID 4824 wrote to memory of 5028	4824	LSASSMGR.EXE	254
PID 4824 wrote to memory of 5028	4824	LSASSMGR.EXE	254
PID 4780 wrote to memory of 776	4780	LSASSMGR.EXE	253
PID 4780 wrote to memory of 776	4780	LSASSMGR.EXE	253
PID 4780 wrote to memory of 776	4780	LSASSMGR.EXE	253
PID 5056 wrote to memory of 4288	5056	LSASSMGR.EXE	256
PID 5056 wrote to memory of 4288	5056	LSASSMGR.EXE	256
PID 5056 wrote to memory of 4288	5056	LSASSMGR.EXE	256
PID 3800 wrote to memory of 4172	3800	LSASSMGR.EXE	255
PID 3800 wrote to memory of 4172	3800	LSASSMGR.EXE	255
PID 3800 wrote to memory of 4172	3800	LSASSMGR.EXE	255
PID 776 wrote to memory of 3972	776	LSASSMGR.EXE	257
PID 776 wrote to memory of 3972	776	LSASSMGR.EXE	257
PID 776 wrote to memory of 3972	776	LSASSMGR.EXE	257
PID 5028 wrote to memory of 4248	5028	LSASSMGR.EXE	258
PID 5028 wrote to memory of 4248	5028	LSASSMGR.EXE	258
PID 5028 wrote to memory of 4248	5028	LSASSMGR.EXE	258
PID 4172 wrote to memory of 4484	4172	LSASSMGR.EXE	260
PID 4172 wrote to memory of 4484	4172	LSASSMGR.EXE	260
PID 4172 wrote to memory of 4484	4172	LSASSMGR.EXE	260
PID 4288 wrote to memory of 4620	4288	LSASSMGR.EXE	259
PID 4288 wrote to memory of 4620	4288	LSASSMGR.EXE	259
PID 4288 wrote to memory of 4620	4288	LSASSMGR.EXE	259
PID 3972 wrote to memory of 4448	3972	LSASSMGR.EXE	261
PID 3972 wrote to memory of 4448	3972	LSASSMGR.EXE	261
PID 3972 wrote to memory of 4448	3972	LSASSMGR.EXE	261
PID 4248 wrote to memory of 4460	4248	LSASSMGR.EXE	262
PID 4248 wrote to memory of 4460	4248	LSASSMGR.EXE	262
PID 4248 wrote to memory of 4460	4248	LSASSMGR.EXE	262
PID 4484 wrote to memory of 1236	4484	LSASSMGR.EXE	264
PID 4484 wrote to memory of 1236	4484	LSASSMGR.EXE	264
PID 4484 wrote to memory of 1236	4484	LSASSMGR.EXE	264
PID 4620 wrote to memory of 2452	4620	LSASSMGR.EXE	263
PID 4620 wrote to memory of 2452	4620	LSASSMGR.EXE	263
PID 4620 wrote to memory of 2452	4620	LSASSMGR.EXE	263
PID 4448 wrote to memory of 4892	4448	LSASSMGR.EXE	265
PID 4448 wrote to memory of 4892	4448	LSASSMGR.EXE	265
PID 4448 wrote to memory of 4892	4448	LSASSMGR.EXE	265
PID 4460 wrote to memory of 4856	4460	LSASSMGR.EXE	266
PID 4460 wrote to memory of 4856	4460	LSASSMGR.EXE	266
PID 4460 wrote to memory of 4856	4460	LSASSMGR.EXE	266
PID 2452 wrote to memory of 4612	2452	LSASSMGR.EXE	267
PID 2452 wrote to memory of 4612	2452	LSASSMGR.EXE	267
PID 2452 wrote to memory of 4612	2452	LSASSMGR.EXE	267
PID 1236 wrote to memory of 4876	1236	LSASSMGR.EXE	268
PID 1236 wrote to memory of 4876	1236	LSASSMGR.EXE	268
PID 1236 wrote to memory of 4876	1236	LSASSMGR.EXE	268
PID 4892 wrote to memory of 5048	4892	LSASSMGR.EXE	269
PID 4892 wrote to memory of 5048	4892	LSASSMGR.EXE	269
PID 4892 wrote to memory of 5048	4892	LSASSMGR.EXE	269
PID 4856 wrote to memory of 5100	4856	LSASSMGR.EXE	270
PID 4856 wrote to memory of 5100	4856	LSASSMGR.EXE	270
PID 4856 wrote to memory of 5100	4856	LSASSMGR.EXE	270
PID 4612 wrote to memory of 4592	4612	LSASSMGR.EXE	271
PID 4612 wrote to memory of 4592	4612	LSASSMGR.EXE	271
PID 4612 wrote to memory of 4592	4612	LSASSMGR.EXE	271
PID 4876 wrote to memory of 5064	4876	LSASSMGR.EXE	272
PID 4876 wrote to memory of 5064	4876	LSASSMGR.EXE	272
PID 4876 wrote to memory of 5064	4876	LSASSMGR.EXE	272
PID 5048 wrote to memory of 4176	5048	LSASSMGR.EXE	273
PID 5048 wrote to memory of 4176	5048	LSASSMGR.EXE	273
PID 5048 wrote to memory of 4176	5048	LSASSMGR.EXE	273
PID 5100 wrote to memory of 652	5100	LSASSMGR.EXE	274
PID 5100 wrote to memory of 652	5100	LSASSMGR.EXE	274
PID 5100 wrote to memory of 652	5100	LSASSMGR.EXE	274
PID 4592 wrote to memory of 2852	4592	LSASSMGR.EXE	275
PID 4592 wrote to memory of 2852	4592	LSASSMGR.EXE	275
PID 4592 wrote to memory of 2852	4592	LSASSMGR.EXE	275
PID 5064 wrote to memory of 4320	5064	LSASSMGR.EXE	276
PID 5064 wrote to memory of 4320	5064	LSASSMGR.EXE	276
PID 5064 wrote to memory of 4320	5064	LSASSMGR.EXE	276
PID 4176 wrote to memory of 4292	4176	LSASSMGR.EXE	277
PID 4176 wrote to memory of 4292	4176	LSASSMGR.EXE	277
PID 4176 wrote to memory of 4292	4176	LSASSMGR.EXE	277
PID 652 wrote to memory of 4280	652	LSASSMGR.EXE	278
PID 652 wrote to memory of 4280	652	LSASSMGR.EXE	278
PID 652 wrote to memory of 4280	652	LSASSMGR.EXE	278
PID 4280 wrote to memory of 4648	4280	LSASSMGR.EXE	280
PID 4280 wrote to memory of 4648	4280	LSASSMGR.EXE	280
PID 4280 wrote to memory of 4648	4280	LSASSMGR.EXE	280
PID 2852 wrote to memory of 4392	2852	LSASSMGR.EXE	279
PID 2852 wrote to memory of 4392	2852	LSASSMGR.EXE	279
PID 2852 wrote to memory of 4392	2852	LSASSMGR.EXE	279
PID 4292 wrote to memory of 4572	4292	LSASSMGR.EXE	282
PID 4292 wrote to memory of 4572	4292	LSASSMGR.EXE	282
PID 4292 wrote to memory of 4572	4292	LSASSMGR.EXE	282
PID 4320 wrote to memory of 4440	4320	LSASSMGR.EXE	281
PID 4320 wrote to memory of 4440	4320	LSASSMGR.EXE	281
PID 4320 wrote to memory of 4440	4320	LSASSMGR.EXE	281
PID 4392 wrote to memory of 1792	4392	LSASSMGR.EXE	283
PID 4392 wrote to memory of 1792	4392	LSASSMGR.EXE	283
PID 4392 wrote to memory of 1792	4392	LSASSMGR.EXE	283
PID 4440 wrote to memory of 4860	4440	LSASSMGR.EXE	284
PID 4440 wrote to memory of 4860	4440	LSASSMGR.EXE	284
PID 4440 wrote to memory of 4860	4440	LSASSMGR.EXE	284
PID 4572 wrote to memory of 4664	4572	LSASSMGR.EXE	286
PID 4572 wrote to memory of 4664	4572	LSASSMGR.EXE	286
PID 4572 wrote to memory of 4664	4572	LSASSMGR.EXE	286
PID 4648 wrote to memory of 4684	4648	LSASSMGR.EXE	285
PID 4648 wrote to memory of 4684	4648	LSASSMGR.EXE	285
PID 4648 wrote to memory of 4684	4648	LSASSMGR.EXE	285
PID 1792 wrote to memory of 5024	1792	LSASSMGR.EXE	287
PID 1792 wrote to memory of 5024	1792	LSASSMGR.EXE	287
PID 1792 wrote to memory of 5024	1792	LSASSMGR.EXE	287
PID 4860 wrote to memory of 4896	4860	LSASSMGR.EXE	288
PID 4860 wrote to memory of 4896	4860	LSASSMGR.EXE	288
PID 4860 wrote to memory of 4896	4860	LSASSMGR.EXE	288
PID 4684 wrote to memory of 5108	4684	LSASSMGR.EXE	289
PID 4684 wrote to memory of 5108	4684	LSASSMGR.EXE	289
PID 4684 wrote to memory of 5108	4684	LSASSMGR.EXE	289
PID 5024 wrote to memory of 636	5024	LSASSMGR.EXE	290
PID 5024 wrote to memory of 636	5024	LSASSMGR.EXE	290
PID 5024 wrote to memory of 636	5024	LSASSMGR.EXE	290
PID 4664 wrote to memory of 4724	4664	LSASSMGR.EXE	291
PID 4664 wrote to memory of 4724	4664	LSASSMGR.EXE	291
PID 4664 wrote to memory of 4724	4664	LSASSMGR.EXE	291
PID 4896 wrote to memory of 3856	4896	LSASSMGR.EXE	292
PID 4896 wrote to memory of 3856	4896	LSASSMGR.EXE	292
PID 4896 wrote to memory of 3856	4896	LSASSMGR.EXE	292

C:\Users\Admin\AppData\Local\Temp\c043da38e5a8e996ec0380701514bf0f.exe
"C:\Users\Admin\AppData\Local\Temp\c043da38e5a8e996ec0380701514bf0f.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Windows\SysWOW64\srtsrv32.exe
  "C:\Windows\system32\srtsrv32.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:3432
- - C:\Windows\SysWOW64\LSASSMGR.EXE
    "C:\Windows\system32\LSASSMGR.EXE"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:3732
  - - C:\Windows\SysWOW64\LSASSMGR.EXE
      "C:\Windows\system32\LSASSMGR.EXE"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Drops file in System32 directory
      Drops file in Program Files directory
      Suspicious use of WriteProcessMemory
      PID:936
    - - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:3944
      - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4068
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2908
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        9⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3028
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        10⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:3268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        11⤵
        Executes dropped EXE
        
        PID:2616
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1616
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        13⤵
        Executes dropped EXE
        
        PID:2200
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        14⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:2148
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        15⤵
        Executes dropped EXE
        
        PID:2748
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:2252
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        17⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:4000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        18⤵
        Executes dropped EXE
        
        PID:2724
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        19⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        20⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        21⤵
        Adds Run key to start application
        
        PID:3952
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        22⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        23⤵
        Adds Run key to start application
        
        PID:3908
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        24⤵
        Drops file in System32 directory
        
        PID:2184
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        25⤵
        Drops file in Program Files directory
        
        PID:4336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        26⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        27⤵
        Drops file in System32 directory
        
        PID:4660
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        28⤵
        Drops file in System32 directory
        
        PID:4880
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        29⤵
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:5016
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        30⤵
        Drops file in System32 directory
        
        PID:2380
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        31⤵
        Drops file in Program Files directory
        
        PID:3568
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        32⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        33⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        34⤵
        Drops file in Program Files directory
        
        PID:4788
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        35⤵
        Drops file in Program Files directory
        
        PID:4996
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        36⤵
        Adds Run key to start application
        
        PID:1064
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        37⤵
        Drops file in System32 directory
        
        PID:4344
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        38⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4372
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        39⤵
        Adds Run key to start application
        
        PID:4616
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        40⤵
        Drops file in System32 directory
        
        PID:4808
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        41⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        42⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        43⤵
        Drops file in System32 directory
        
        PID:4132
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        44⤵
        Adds Run key to start application
        
        PID:4600
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        45⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        46⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        47⤵
        Adds Run key to start application
        
        PID:5056
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        48⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        49⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        50⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        51⤵
        Adds Run key to start application
        
        PID:4612
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        52⤵
        Drops file in System32 directory
        
        PID:4592
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        53⤵
        Drops file in System32 directory
        
        PID:2852
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        54⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        55⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        56⤵
        Adds Run key to start application
        
        PID:5024
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        57⤵
        Drops file in System32 directory
        
        PID:636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        58⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        59⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        60⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        61⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        62⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        63⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        64⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        65⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        66⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        67⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        68⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        69⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        70⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        71⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        72⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        73⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        74⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        75⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        76⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        77⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        78⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        79⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        80⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        81⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        82⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        83⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        84⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        85⤵
        
        PID:804
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        86⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        87⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        88⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        89⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        90⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        91⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        92⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        93⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        94⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        95⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        96⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        97⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        98⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        99⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        100⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        101⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        102⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        103⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        104⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        105⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        106⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        107⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        108⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        109⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        110⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        111⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        112⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        113⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        114⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        115⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        116⤵
        
        PID:496
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        117⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        118⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        119⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        120⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        121⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        122⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        123⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        124⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        125⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        126⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        127⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        128⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        129⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        130⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        131⤵
        
        PID:740
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        132⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        133⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        134⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        135⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        136⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        137⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        138⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        139⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        140⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        141⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        142⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        143⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        144⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        145⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        146⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        147⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        148⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        149⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        150⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        151⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        152⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        153⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        154⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        155⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        156⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        157⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        158⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        159⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        160⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        161⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        162⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        163⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        164⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        165⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        166⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        167⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        168⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        169⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        170⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        171⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        172⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        173⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        174⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        175⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        176⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        177⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        178⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        179⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        180⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        181⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        182⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        183⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        184⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        185⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        186⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        187⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        188⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        189⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        190⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        191⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        192⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        193⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        194⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        195⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        196⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        197⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        198⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        199⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        200⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        201⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        202⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        203⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        204⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        205⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        206⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        207⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        208⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        209⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        210⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        211⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        212⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        213⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        214⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        215⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        216⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        217⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        218⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        219⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        220⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        221⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        222⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        223⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        224⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        225⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        226⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        227⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        228⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        229⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        230⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        231⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        232⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        233⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        234⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        235⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        236⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        237⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        238⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        239⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        240⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        241⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        242⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        243⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        244⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        245⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        246⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        247⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        248⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        249⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        250⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        251⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        252⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        253⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        254⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        255⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        256⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        257⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        258⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        259⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        260⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        261⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        262⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        263⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        264⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        265⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        266⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        267⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        268⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        269⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        270⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        271⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        272⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        273⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        274⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        275⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        276⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        277⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        278⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        279⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        280⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        281⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        282⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        283⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        284⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        285⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        286⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        287⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        288⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        289⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        290⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        291⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        292⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        293⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        294⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        295⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        296⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        297⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        298⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        299⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        300⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        301⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        302⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        303⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        304⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        305⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        306⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        307⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        308⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        309⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        310⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        311⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        312⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        313⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        314⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        315⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        316⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        317⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        318⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        319⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        320⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        321⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        322⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        323⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        324⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        325⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        326⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        327⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        328⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        329⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        330⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        331⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        332⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        333⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        334⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        335⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        336⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        337⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        338⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        339⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        340⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        341⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        342⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        343⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        344⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        345⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        346⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        347⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        348⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        349⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        350⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        351⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        352⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        353⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        354⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        355⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        356⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        357⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        358⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        359⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        360⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        361⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        362⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        363⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        364⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        365⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        366⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        367⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        368⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        369⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        370⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        371⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        372⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        373⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        374⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        375⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        376⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        377⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        378⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        379⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        380⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        381⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        382⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        383⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        384⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        385⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        386⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        387⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        388⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        389⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        390⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        391⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        392⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        393⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        394⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        395⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        396⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        397⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        398⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        399⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        400⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        401⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        402⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        403⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        404⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        405⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        406⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        407⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        408⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        409⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        410⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        411⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        412⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        413⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        414⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        415⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        416⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        417⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        418⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        419⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        420⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        421⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        422⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        423⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        424⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        425⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        426⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        427⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        428⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        429⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        430⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        431⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        432⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        433⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        434⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        435⤵
        
        PID:11204
- C:\Windows\SysWOW64\lssmon.exe
  "C:\Windows\system32\lssmon.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Windows\SysWOW64\srtsrv32.exe
    "C:\Windows\system32\srtsrv32.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2916
  - - C:\Windows\SysWOW64\LSASSMGR.EXE
      "C:\Windows\system32\LSASSMGR.EXE"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Drops file in System32 directory
      Drops file in Program Files directory
      Suspicious use of WriteProcessMemory
      PID:3916
    - - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious use of WriteProcessMemory
        
        PID:2124
      - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:3936
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        7⤵
        Executes dropped EXE
        
        PID:1404
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:412
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        9⤵
        Executes dropped EXE
        
        PID:2300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        10⤵
        Executes dropped EXE
        
        PID:1892
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        11⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3532
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2244
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        13⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:2540
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2108
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        15⤵
        Executes dropped EXE
        
        PID:3632
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3796
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        17⤵
        Executes dropped EXE
        
        PID:644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        18⤵
        Executes dropped EXE
        
        PID:736
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        19⤵
        Adds Run key to start application
        
        PID:2212
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        20⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        21⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        22⤵
        Adds Run key to start application
        
        PID:3780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        23⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:3948
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        24⤵
        Drops file in Program Files directory
        
        PID:4120
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        25⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4308
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        26⤵
        Drops file in Program Files directory
        
        PID:4500
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        27⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        28⤵
        Adds Run key to start application
        
        PID:4868
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        29⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        30⤵
        Drops file in System32 directory
        
        PID:684
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        31⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        32⤵
        Drops file in Program Files directory
        
        PID:4388
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        33⤵
        Drops file in Program Files directory
        
        PID:4524
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        34⤵
        Adds Run key to start application
        
        PID:4816
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        35⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        36⤵
        Adds Run key to start application
        
        PID:2280
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        37⤵
        Drops file in Program Files directory
        
        PID:4200
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        38⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        39⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        40⤵
        Drops file in Program Files directory
        
        PID:4812
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        41⤵
        Drops file in Program Files directory
        
        PID:5008
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        42⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:4992
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        43⤵
        Adds Run key to start application
        
        PID:3128
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        44⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4384
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        45⤵
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:4728
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        46⤵
        Drops file in System32 directory
        
        PID:4836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        47⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        48⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        49⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:4484
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        50⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        51⤵
        Drops file in Program Files directory
        
        PID:4876
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        52⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        53⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        54⤵
        Adds Run key to start application
        
        PID:4440
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        55⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        56⤵
        Adds Run key to start application
        
        PID:4896
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        57⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        58⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        59⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        60⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        61⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        62⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        63⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        64⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        65⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        66⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        67⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        68⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        69⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        70⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        71⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        72⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        73⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        74⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        75⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        76⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        77⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        78⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        79⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        80⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        81⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        82⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        83⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        84⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        85⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        86⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        87⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        88⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        89⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        90⤵
        
        PID:580
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        91⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        92⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        93⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        94⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        95⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        96⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        97⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        98⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        99⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        100⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        101⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        102⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        103⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        104⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        105⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        106⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        107⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        108⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        109⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        110⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        111⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        112⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        113⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        114⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        115⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        116⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        117⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        118⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        119⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        120⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        121⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        122⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        123⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        124⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        125⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        126⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        127⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        128⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        129⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        130⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        131⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        132⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        133⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        134⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        135⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        136⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        137⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        138⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        139⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        140⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        141⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        142⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        143⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        144⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        145⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        146⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        147⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        148⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        149⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        150⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        151⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        152⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        153⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        154⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        155⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        156⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        157⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        158⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        159⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        160⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        161⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        162⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        163⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        164⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        165⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        166⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        167⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        168⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        169⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        170⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        171⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        172⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        173⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        174⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        175⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        176⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        177⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        178⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        179⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        180⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        181⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        182⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        183⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        184⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        185⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        186⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        187⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        188⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        189⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        190⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        191⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        192⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        193⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        194⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        195⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        196⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        197⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        198⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        199⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        200⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        201⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        202⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        203⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        204⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        205⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        206⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        207⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        208⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        209⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        210⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        211⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        212⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        213⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        214⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        215⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        216⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        217⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        218⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        219⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        220⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        221⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        222⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        223⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        224⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        225⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        226⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        227⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        228⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        229⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        230⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        231⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        232⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        233⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        234⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        235⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        236⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        237⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        238⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        239⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        240⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        241⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        242⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        243⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        244⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        245⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        246⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        247⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        248⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        249⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        250⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        251⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        252⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        253⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        254⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        255⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        256⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        257⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        258⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        259⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        260⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        261⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        262⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        263⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        264⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        265⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        266⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        267⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        268⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        269⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        270⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        271⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        272⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        273⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        274⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        275⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        276⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        277⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        278⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        279⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        280⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        281⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        282⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        283⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        284⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        285⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        286⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        287⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        288⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        289⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        290⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        291⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        292⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        293⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        294⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        295⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        296⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        297⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        298⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        299⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        300⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        301⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        302⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        303⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        304⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        305⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        306⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        307⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        308⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        309⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        310⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        311⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        312⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        313⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        314⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        315⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        316⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        317⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        318⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        319⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        320⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        321⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        322⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        323⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        324⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        325⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        326⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        327⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        328⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        329⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        330⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        331⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        332⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        333⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        334⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        335⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        336⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        337⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        338⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        339⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        340⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        341⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        342⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        343⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        344⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        345⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        346⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        347⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        348⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        349⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        350⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        351⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        352⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        353⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        354⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        355⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        356⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        357⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        358⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        359⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        360⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        361⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        362⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        363⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        364⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        365⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        366⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        367⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        368⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        369⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        370⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        371⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        372⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        373⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        374⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        375⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        376⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        377⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        378⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        379⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        380⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        381⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        382⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        383⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        384⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        385⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        386⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        387⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        388⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        389⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        390⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        391⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        392⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        393⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        394⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        395⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        396⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        397⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        398⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        399⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        400⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        401⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        402⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        403⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        404⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        405⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        406⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        407⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        408⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        409⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        410⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        411⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        412⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        413⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        414⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        415⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        416⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        417⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        418⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        419⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        420⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        421⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        422⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        423⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        424⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        425⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        426⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        427⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        428⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        429⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        430⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        431⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        432⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        433⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        434⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        435⤵
        
        PID:11236
- - C:\Windows\SysWOW64\srtsrv32.exe
    "C:\Windows\system32\srtsrv32.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:3320
  - - C:\Windows\SysWOW64\LSASSMGR.EXE
      "C:\Windows\system32\LSASSMGR.EXE"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious use of WriteProcessMemory
        
        PID:2608
      - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1996
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        7⤵
        Executes dropped EXE
        
        PID:508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        8⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:3012
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        9⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:4060
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        10⤵
        Executes dropped EXE
        
        PID:2128
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        11⤵
        Executes dropped EXE
        
        PID:3804
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:4092
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        13⤵
        Executes dropped EXE
        
        PID:692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        14⤵
        Executes dropped EXE
        
        PID:2180
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        15⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3472
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        17⤵
        Executes dropped EXE
        
        PID:3928
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        18⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3136
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        19⤵
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:3556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        20⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        21⤵
        Adds Run key to start application
        
        PID:2220
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        22⤵
        Adds Run key to start application
        
        PID:1388
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        23⤵
        Drops file in Program Files directory
        
        PID:2720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        24⤵
        Drops file in Program Files directory
        
        PID:4232
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        25⤵
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:4404
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        26⤵
        Drops file in System32 directory
        
        PID:4588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        27⤵
        Drops file in System32 directory
        
        PID:4748
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        28⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        29⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        30⤵
        Drops file in System32 directory
        
        PID:4160
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        31⤵
        Drops file in Program Files directory
        
        PID:4276
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        32⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4456
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        33⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        34⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        35⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:5076
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        36⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        37⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1272
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        38⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        39⤵
        Drops file in Program Files directory
        
        PID:4736
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        40⤵
        Drops file in Program Files directory
        
        PID:3920
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        41⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        42⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4144
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        43⤵
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:4768
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        44⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        45⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        46⤵
        Drops file in System32 directory
        
        PID:3972
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        47⤵
        Drops file in Program Files directory
        
        PID:4448
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        48⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4892
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        49⤵
        Drops file in Program Files directory
        
        PID:5048
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        50⤵
        Drops file in Program Files directory
        
        PID:4176
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        51⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        52⤵
        Drops file in Program Files directory
        
        PID:4572
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        53⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        54⤵
        Adds Run key to start application
        
        PID:4724
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        55⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        56⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        57⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        58⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        59⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        60⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        61⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        62⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        63⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        64⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        65⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        66⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        67⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        68⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        69⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        70⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        71⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        72⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        73⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        74⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        75⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        76⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        77⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        78⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        79⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        80⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        81⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        82⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        83⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        84⤵
        
        PID:3412
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        85⤵
        
        PID:424
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        86⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        87⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        88⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        89⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        90⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        91⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        92⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        93⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        94⤵
        
        PID:940
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        95⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        96⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        97⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        98⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        99⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        100⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        101⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        102⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        103⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        104⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        105⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        106⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        107⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        108⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        109⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        110⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        111⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        112⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        113⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        114⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        115⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        116⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        117⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        118⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        119⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        120⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        121⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        122⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        123⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        124⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        125⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        126⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        127⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        128⤵
        
        PID:584
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        129⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        130⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        131⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        132⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        133⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        134⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        135⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        136⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        137⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        138⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        139⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        140⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        141⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        142⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        143⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        144⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        145⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        146⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        147⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        148⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        149⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        150⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        151⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        152⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        153⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        154⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        155⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        156⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        157⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        158⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        159⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        160⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        161⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        162⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        163⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        164⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        165⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        166⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        167⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        168⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        169⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        170⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        171⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        172⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        173⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        174⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        175⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        176⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        177⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        178⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        179⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        180⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        181⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        182⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        183⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        184⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        185⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        186⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        187⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        188⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        189⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        190⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        191⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        192⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        193⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        194⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        195⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        196⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        197⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        198⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        199⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        200⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        201⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        202⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        203⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        204⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        205⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        206⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        207⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        208⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        209⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        210⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        211⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        212⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        213⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        214⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        215⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        216⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        217⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        218⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        219⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        220⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        221⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        222⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        223⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        224⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        225⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        226⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        227⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        228⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        229⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        230⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        231⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        232⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        233⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        234⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        235⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        236⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        237⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        238⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        239⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        240⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        241⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        242⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        243⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        244⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        245⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        246⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        247⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        248⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        249⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        250⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        251⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        252⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        253⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        254⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        255⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        256⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        257⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        258⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        259⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        260⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        261⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        262⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        263⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        264⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        265⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        266⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        267⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        268⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        269⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        270⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        271⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        272⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        273⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        274⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        275⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        276⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        277⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        278⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        279⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        280⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        281⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        282⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        283⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        284⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        285⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        286⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        287⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        288⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        289⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        290⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        291⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        292⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        293⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        294⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        295⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        296⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        297⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        298⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        299⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        300⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        301⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        302⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        303⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        304⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        305⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        306⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        307⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        308⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        309⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        310⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        311⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        312⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        313⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        314⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        315⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        316⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        317⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        318⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        319⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        320⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        321⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        322⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        323⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        324⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        325⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        326⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        327⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        328⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        329⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        330⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        331⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        332⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        333⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        334⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        335⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        336⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        337⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        338⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        339⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        340⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        341⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        342⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        343⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        344⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        345⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        346⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        347⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        348⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        349⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        350⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        351⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        352⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        353⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        354⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        355⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        356⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        357⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        358⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        359⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        360⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        361⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        362⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        363⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        364⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        365⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        366⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        367⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        368⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        369⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        370⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        371⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        372⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        373⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        374⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        375⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        376⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        377⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        378⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        379⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        380⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        381⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        382⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        383⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        384⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        385⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        386⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        387⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        388⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        389⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        390⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        391⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        392⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        393⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        394⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        395⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        396⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        397⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        398⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        399⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        400⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        401⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        402⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        403⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        404⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        405⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        406⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        407⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        408⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        409⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        410⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        411⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        412⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        413⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        414⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        415⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        416⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        417⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        418⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        419⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        420⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        421⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        422⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        423⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        424⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        425⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        426⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        427⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        428⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        429⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        430⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        431⤵
        
        PID:11128
- - C:\Windows\SysWOW64\srtsrv32.exe
    "C:\Windows\system32\srtsrv32.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Windows\SysWOW64\LSASSMGR.EXE
      "C:\Windows\system32\LSASSMGR.EXE"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:4088
    - - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:3820
      - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3552
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        7⤵
        Executes dropped EXE
        
        PID:1500
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        8⤵
        Executes dropped EXE
        
        PID:3956
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3540
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        10⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3424
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        11⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:3652
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        12⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:1288
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        13⤵
        Executes dropped EXE
        
        PID:1324
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3912
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        15⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:2228
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        17⤵
        Executes dropped EXE
        
        PID:1592
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        18⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        19⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:416
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        20⤵
        Drops file in Program Files directory
        
        PID:3636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        21⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        22⤵
        Drops file in Program Files directory
        
        PID:3960
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        23⤵
        Drops file in System32 directory
        
        PID:1264
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        24⤵
        Drops file in System32 directory
        
        PID:4220
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        25⤵
        Drops file in Program Files directory
        
        PID:4376
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        26⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        27⤵
        Drops file in Program Files directory
        
        PID:4756
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        28⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        29⤵
        
        PID:512
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        30⤵
        Drops file in Program Files directory
        
        PID:4168
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        31⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        32⤵
        Adds Run key to start application
        
        PID:4564
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        33⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        34⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        35⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        36⤵
        Drops file in Program Files directory
        
        PID:4124
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        37⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        38⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        39⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        40⤵
        Drops file in System32 directory
        
        PID:5044
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        41⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        42⤵
        Drops file in System32 directory
        
        PID:4668
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        43⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:4532
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        44⤵
        Drops file in System32 directory
        
        PID:4824
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        45⤵
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:5028
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        46⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        47⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        48⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        49⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        50⤵
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:652
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        51⤵
        Drops file in System32 directory
        
        PID:4280
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        52⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        53⤵
        Adds Run key to start application
        
        PID:4684
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        54⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        55⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        56⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        57⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        58⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        59⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        60⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        61⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        62⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        63⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        64⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        65⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        66⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        67⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        68⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        69⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        70⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        71⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        72⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        73⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        74⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        75⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        76⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        77⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        78⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        79⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        80⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        81⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        82⤵
        
        PID:752
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        83⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        84⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        85⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        86⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        87⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        88⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        89⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        90⤵
        
        PID:964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        91⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        92⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        93⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        94⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        95⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        96⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        97⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        98⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        99⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        100⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        101⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        102⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        103⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        104⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        105⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        106⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        107⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        108⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        109⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        110⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        111⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        112⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        113⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        114⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        115⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        116⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        117⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        118⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        119⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        120⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        121⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        122⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        123⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        124⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        125⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        126⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        127⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        128⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        129⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        130⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        131⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        132⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        133⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        134⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        135⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        136⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        137⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        138⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        139⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        140⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        141⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        142⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        143⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        144⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        145⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        146⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        147⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        148⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        149⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        150⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        151⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        152⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        153⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        154⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        155⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        156⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        157⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        158⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        159⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        160⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        161⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        162⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        163⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        164⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        165⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        166⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        167⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        168⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        169⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        170⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        171⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        172⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        173⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        174⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        175⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        176⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        177⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        178⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        179⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        180⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        181⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        182⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        183⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        184⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        185⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        186⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        187⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        188⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        189⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        190⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        191⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        192⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        193⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        194⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        195⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        196⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        197⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        198⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        199⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        200⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        201⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        202⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        203⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        204⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        205⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        206⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        207⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        208⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        209⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        210⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        211⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        212⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        213⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        214⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        215⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        216⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        217⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        218⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        219⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        220⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        221⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        222⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        223⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        224⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        225⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        226⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        227⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        228⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        229⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        230⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        231⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        232⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        233⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        234⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        235⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        236⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        237⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        238⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        239⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        240⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        241⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        242⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        243⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        244⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        245⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        246⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        247⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        248⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        249⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        250⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        251⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        252⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        253⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        254⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        255⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        256⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        257⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        258⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        259⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        260⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        261⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        262⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        263⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        264⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        265⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        266⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        267⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        268⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        269⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        270⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        271⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        272⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        273⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        274⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        275⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        276⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        277⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        278⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        279⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        280⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        281⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        282⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        283⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        284⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        285⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        286⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        287⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        288⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        289⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        290⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        291⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        292⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        293⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        294⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        295⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        296⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        297⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        298⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        299⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        300⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        301⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        302⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        303⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        304⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        305⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        306⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        307⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        308⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        309⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        310⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        311⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        312⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        313⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        314⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        315⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        316⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        317⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        318⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        319⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        320⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        321⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        322⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        323⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        324⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        325⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        326⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        327⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        328⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        329⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        330⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        331⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        332⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        333⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        334⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        335⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        336⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        337⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        338⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        339⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        340⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        341⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        342⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        343⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        344⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        345⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        346⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        347⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        348⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        349⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        350⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        351⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        352⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        353⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        354⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        355⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        356⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        357⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        358⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        359⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        360⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        361⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        362⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        363⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        364⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        365⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        366⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        367⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        368⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        369⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        370⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        371⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        372⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        373⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        374⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        375⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        376⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        377⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        378⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        379⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        380⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        381⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        382⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        383⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        384⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        385⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        386⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        387⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        388⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        389⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        390⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        391⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        392⤵
        
        PID:10064
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        393⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        394⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        395⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        396⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        397⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        398⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        399⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        400⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        401⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        402⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        403⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        404⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        405⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        406⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        407⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        408⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        409⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        410⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        411⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        412⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        413⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        414⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        415⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        416⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        417⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        418⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        419⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        420⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        421⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        422⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        423⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        424⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        425⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        426⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        427⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        428⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        429⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        430⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        431⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        432⤵
        
        PID:11192
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 1060
    3⤵
    - Drops file in System32 directory
    - Program crash
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3672

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3672-72-0x00000000049C0000-0x00000000049C1000-memory.dmp

Filesize
4KB

Download
memory/3672-117-0x00000000052D0000-0x00000000052D1000-memory.dmp

Filesize
4KB

Download