Analysis
-
max time kernel
151s -
max time network
139s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-12-2020 16:38
Behavioral task
behavioral1
Sample
cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe
-
Size
5.4MB
-
MD5
cfac0fedbb2f5e8d8f1c1bd27fe74cb1
-
SHA1
8428f346686bfa3ff01627497b22a35d32992806
-
SHA256
ccf1261bd2cb9a4f4a5ab144481dc52a3c8eec2e672a46a69ce0031e16ac9231
-
SHA512
4d48cf5a3ff7efbededbd2b19df45de73d3e3bcc88b645322b00647e5df316282f3d607fd151ede645b963cafa6b0cbc01ff99694c61b9e53b3b2408ae9446db
Malware Config
Signatures
-
resource yara_rule behavioral2/files/0x000200000001ab69-13.dat fakeav behavioral2/files/0x000200000001ab69-14.dat fakeav -
Executes dropped EXE 175 IoCs
pid Process 3268 srtsrv32.exe 2900 LSASSMGR.EXE 2076 LSASSMGR.EXE 2292 lssmon.exe 488 LSASSMGR.EXE 3464 srtsrv32.exe 1520 LSASSMGR.EXE 3440 srtsrv32.exe 588 srtsrv32.exe 3064 LSASSMGR.EXE 2180 LSASSMGR.EXE 3168 LSASSMGR.EXE 4012 LSASSMGR.EXE 3620 LSASSMGR.EXE 1968 LSASSMGR.EXE 520 LSASSMGR.EXE 1328 LSASSMGR.EXE 4020 LSASSMGR.EXE 4028 LSASSMGR.EXE 204 LSASSMGR.EXE 1708 LSASSMGR.EXE 3460 LSASSMGR.EXE 2284 LSASSMGR.EXE 808 LSASSMGR.EXE 3840 LSASSMGR.EXE 2288 LSASSMGR.EXE 3880 LSASSMGR.EXE 2236 LSASSMGR.EXE 2872 LSASSMGR.EXE 652 LSASSMGR.EXE 644 LSASSMGR.EXE 2128 LSASSMGR.EXE 3956 LSASSMGR.EXE 3888 LSASSMGR.EXE 2908 LSASSMGR.EXE 2256 LSASSMGR.EXE 900 LSASSMGR.EXE 3616 LSASSMGR.EXE 3884 LSASSMGR.EXE 1600 LSASSMGR.EXE 428 LSASSMGR.EXE 3948 LSASSMGR.EXE 1308 LSASSMGR.EXE 3520 LSASSMGR.EXE 2892 LSASSMGR.EXE 4052 LSASSMGR.EXE 2252 LSASSMGR.EXE 2092 LSASSMGR.EXE 1172 LSASSMGR.EXE 2220 LSASSMGR.EXE 3480 LSASSMGR.EXE 720 LSASSMGR.EXE 3352 LSASSMGR.EXE 3524 LSASSMGR.EXE 896 LSASSMGR.EXE 3808 LSASSMGR.EXE 1176 LSASSMGR.EXE 2760 LSASSMGR.EXE 4032 LSASSMGR.EXE 212 LSASSMGR.EXE 2456 LSASSMGR.EXE 1192 LSASSMGR.EXE 2880 LSASSMGR.EXE 1856 LSASSMGR.EXE 1288 LSASSMGR.EXE 1428 LSASSMGR.EXE 3488 LSASSMGR.EXE 3712 LSASSMGR.EXE 2796 LSASSMGR.EXE 752 LSASSMGR.EXE 4068 LSASSMGR.EXE 2324 LSASSMGR.EXE 3180 LSASSMGR.EXE 804 LSASSMGR.EXE 932 LSASSMGR.EXE 968 LSASSMGR.EXE 1884 LSASSMGR.EXE 2360 LSASSMGR.EXE 3296 LSASSMGR.EXE 3696 LSASSMGR.EXE 420 LSASSMGR.EXE 2136 LSASSMGR.EXE 4108 LSASSMGR.EXE 4128 LSASSMGR.EXE 4252 LSASSMGR.EXE 4272 LSASSMGR.EXE 4296 LSASSMGR.EXE 4312 LSASSMGR.EXE 4380 LSASSMGR.EXE 4416 LSASSMGR.EXE 4472 LSASSMGR.EXE 4544 LSASSMGR.EXE 4556 LSASSMGR.EXE 4612 LSASSMGR.EXE 4644 LSASSMGR.EXE 4756 LSASSMGR.EXE 4748 LSASSMGR.EXE 4824 LSASSMGR.EXE 4832 LSASSMGR.EXE 4880 LSASSMGR.EXE 4904 LSASSMGR.EXE 5028 LSASSMGR.EXE 5016 LSASSMGR.EXE 5052 LSASSMGR.EXE 5092 LSASSMGR.EXE 1000 LSASSMGR.EXE 1380 LSASSMGR.EXE 3928 LSASSMGR.EXE 4204 LSASSMGR.EXE 4176 LSASSMGR.EXE 4120 LSASSMGR.EXE 4244 LSASSMGR.EXE 4324 LSASSMGR.EXE 4424 LSASSMGR.EXE 4400 LSASSMGR.EXE 4500 LSASSMGR.EXE 4532 LSASSMGR.EXE 4576 LSASSMGR.EXE 4596 LSASSMGR.EXE 4688 LSASSMGR.EXE 4708 LSASSMGR.EXE 4712 LSASSMGR.EXE 4792 LSASSMGR.EXE 4856 LSASSMGR.EXE 4828 LSASSMGR.EXE 4952 LSASSMGR.EXE 4988 LSASSMGR.EXE 4976 LSASSMGR.EXE 5068 LSASSMGR.EXE 5100 LSASSMGR.EXE 5116 LSASSMGR.EXE 2448 LSASSMGR.EXE 1424 LSASSMGR.EXE 672 LSASSMGR.EXE 4180 LSASSMGR.EXE 4212 LSASSMGR.EXE 4156 LSASSMGR.EXE 4220 LSASSMGR.EXE 4388 LSASSMGR.EXE 4360 LSASSMGR.EXE 4448 LSASSMGR.EXE 4580 LSASSMGR.EXE 4452 LSASSMGR.EXE 4840 LSASSMGR.EXE 4736 LSASSMGR.EXE 4772 LSASSMGR.EXE 4812 LSASSMGR.EXE 4916 LSASSMGR.EXE 4876 LSASSMGR.EXE 4964 LSASSMGR.EXE 3740 LSASSMGR.EXE 5084 LSASSMGR.EXE 4992 LSASSMGR.EXE 584 LSASSMGR.EXE 4308 LSASSMGR.EXE 4160 LSASSMGR.EXE 4104 LSASSMGR.EXE 4228 LSASSMGR.EXE 4328 LSASSMGR.EXE 4460 LSASSMGR.EXE 4292 LSASSMGR.EXE 4408 LSASSMGR.EXE 4524 LSASSMGR.EXE 4568 LSASSMGR.EXE 4896 LSASSMGR.EXE 4548 LSASSMGR.EXE 4608 LSASSMGR.EXE 4744 LSASSMGR.EXE 4956 LSASSMGR.EXE 4864 LSASSMGR.EXE 3916 LSASSMGR.EXE 3204 LSASSMGR.EXE 3200 LSASSMGR.EXE 3748 LSASSMGR.EXE 388 LSASSMGR.EXE -
Sets file execution options in registry 2 TTPs
-
Adds Run key to start application 2 TTPs 178 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" srtsrv32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" srtsrv32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" srtsrv32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe" cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run lssmon.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" srtsrv32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe" lssmon.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" LSASSMGR.EXE -
Drops file in System32 directory 358 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\lssmon.exe WerFault.exe File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe srtsrv32.exe File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE srtsrv32.exe File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\spool.exe srtsrv32.exe File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\srtsrv32.exe cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe srtsrv32.exe File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE srtsrv32.exe File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\lssmon.exe lssmon.exe File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\lssmon.exe cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\lssmon.exe cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE srtsrv32.exe File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE srtsrv32.exe File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe srtsrv32.exe File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File created C:\Windows\SysWOW64\LSASSMGR.EXE LSASSMGR.EXE File opened for modification C:\Windows\SysWOW64\spool.exe srtsrv32.exe -
Drops file in Program Files directory 353 IoCs
description ioc Process File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe srtsrv32.exe File created C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe srtsrv32.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe srtsrv32.exe File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe srtsrv32.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Internet Explorer\iexplor.exe srtsrv32.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe srtsrv32.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe srtsrv32.exe File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe LSASSMGR.EXE File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe srtsrv32.exe File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe LSASSMGR.EXE -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\divx32.dll cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 3952 2292 WerFault.exe 78 -
Suspicious behavior: EnumeratesProcesses 15 IoCs
pid Process 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe 3952 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeRestorePrivilege 3952 WerFault.exe Token: SeBackupPrivilege 3952 WerFault.exe Token: SeDebugPrivilege 3952 WerFault.exe -
Suspicious use of WriteProcessMemory 525 IoCs
description pid Process procid_target PID 616 wrote to memory of 3268 616 cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe 76 PID 616 wrote to memory of 3268 616 cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe 76 PID 616 wrote to memory of 3268 616 cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe 76 PID 3268 wrote to memory of 2900 3268 srtsrv32.exe 77 PID 3268 wrote to memory of 2900 3268 srtsrv32.exe 77 PID 3268 wrote to memory of 2900 3268 srtsrv32.exe 77 PID 616 wrote to memory of 2292 616 cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe 78 PID 616 wrote to memory of 2292 616 cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe 78 PID 616 wrote to memory of 2292 616 cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe 78 PID 2900 wrote to memory of 2076 2900 LSASSMGR.EXE 79 PID 2900 wrote to memory of 2076 2900 LSASSMGR.EXE 79 PID 2900 wrote to memory of 2076 2900 LSASSMGR.EXE 79 PID 2076 wrote to memory of 488 2076 LSASSMGR.EXE 80 PID 2076 wrote to memory of 488 2076 LSASSMGR.EXE 80 PID 2076 wrote to memory of 488 2076 LSASSMGR.EXE 80 PID 2292 wrote to memory of 3464 2292 lssmon.exe 81 PID 2292 wrote to memory of 3464 2292 lssmon.exe 81 PID 2292 wrote to memory of 3464 2292 lssmon.exe 81 PID 488 wrote to memory of 1520 488 LSASSMGR.EXE 82 PID 488 wrote to memory of 1520 488 LSASSMGR.EXE 82 PID 488 wrote to memory of 1520 488 LSASSMGR.EXE 82 PID 2292 wrote to memory of 3440 2292 lssmon.exe 84 PID 2292 wrote to memory of 3440 2292 lssmon.exe 84 PID 2292 wrote to memory of 3440 2292 lssmon.exe 84 PID 2292 wrote to memory of 588 2292 lssmon.exe 83 PID 2292 wrote to memory of 588 2292 lssmon.exe 83 PID 2292 wrote to memory of 588 2292 lssmon.exe 83 PID 3464 wrote to memory of 3064 3464 srtsrv32.exe 85 PID 3464 wrote to memory of 3064 3464 srtsrv32.exe 85 PID 3464 wrote to memory of 3064 3464 srtsrv32.exe 85 PID 3440 wrote to memory of 2180 3440 srtsrv32.exe 86 PID 3440 wrote to memory of 2180 3440 srtsrv32.exe 86 PID 3440 wrote to memory of 2180 3440 srtsrv32.exe 86 PID 1520 wrote to memory of 3168 1520 LSASSMGR.EXE 87 PID 1520 wrote to memory of 3168 1520 LSASSMGR.EXE 87 PID 1520 wrote to memory of 3168 1520 LSASSMGR.EXE 87 PID 588 wrote to memory of 4012 588 srtsrv32.exe 89 PID 588 wrote to memory of 4012 588 srtsrv32.exe 89 PID 588 wrote to memory of 4012 588 srtsrv32.exe 89 PID 3064 wrote to memory of 3620 3064 LSASSMGR.EXE 91 PID 3064 wrote to memory of 3620 3064 LSASSMGR.EXE 91 PID 3064 wrote to memory of 3620 3064 LSASSMGR.EXE 91 PID 2180 wrote to memory of 1968 2180 LSASSMGR.EXE 90 PID 2180 wrote to memory of 1968 2180 LSASSMGR.EXE 90 PID 2180 wrote to memory of 1968 2180 LSASSMGR.EXE 90 PID 3168 wrote to memory of 1328 3168 LSASSMGR.EXE 97 PID 3168 wrote to memory of 1328 3168 LSASSMGR.EXE 97 PID 3168 wrote to memory of 1328 3168 LSASSMGR.EXE 97 PID 4012 wrote to memory of 520 4012 LSASSMGR.EXE 96 PID 4012 wrote to memory of 520 4012 LSASSMGR.EXE 96 PID 4012 wrote to memory of 520 4012 LSASSMGR.EXE 96 PID 3620 wrote to memory of 4020 3620 LSASSMGR.EXE 95 PID 3620 wrote to memory of 4020 3620 LSASSMGR.EXE 95 PID 3620 wrote to memory of 4020 3620 LSASSMGR.EXE 95 PID 1968 wrote to memory of 4028 1968 LSASSMGR.EXE 94 PID 1968 wrote to memory of 4028 1968 LSASSMGR.EXE 94 PID 1968 wrote to memory of 4028 1968 LSASSMGR.EXE 94 PID 520 wrote to memory of 204 520 LSASSMGR.EXE 93 PID 520 wrote to memory of 204 520 LSASSMGR.EXE 93 PID 520 wrote to memory of 204 520 LSASSMGR.EXE 93 PID 4028 wrote to memory of 3460 4028 LSASSMGR.EXE 101 PID 4028 wrote to memory of 3460 4028 LSASSMGR.EXE 101 PID 4028 wrote to memory of 3460 4028 LSASSMGR.EXE 101 PID 1328 wrote to memory of 1708 1328 LSASSMGR.EXE 98 PID 1328 wrote to memory of 1708 1328 LSASSMGR.EXE 98 PID 1328 wrote to memory of 1708 1328 LSASSMGR.EXE 98 PID 4020 wrote to memory of 2284 4020 LSASSMGR.EXE 99 PID 4020 wrote to memory of 2284 4020 LSASSMGR.EXE 99 PID 4020 wrote to memory of 2284 4020 LSASSMGR.EXE 99 PID 204 wrote to memory of 808 204 LSASSMGR.EXE 100 PID 204 wrote to memory of 808 204 LSASSMGR.EXE 100 PID 204 wrote to memory of 808 204 LSASSMGR.EXE 100 PID 1708 wrote to memory of 2288 1708 LSASSMGR.EXE 105 PID 1708 wrote to memory of 2288 1708 LSASSMGR.EXE 105 PID 1708 wrote to memory of 2288 1708 LSASSMGR.EXE 105 PID 2284 wrote to memory of 3840 2284 LSASSMGR.EXE 104 PID 2284 wrote to memory of 3840 2284 LSASSMGR.EXE 104 PID 2284 wrote to memory of 3840 2284 LSASSMGR.EXE 104 PID 3460 wrote to memory of 2236 3460 LSASSMGR.EXE 103 PID 3460 wrote to memory of 2236 3460 LSASSMGR.EXE 103 PID 3460 wrote to memory of 2236 3460 LSASSMGR.EXE 103 PID 808 wrote to memory of 3880 808 LSASSMGR.EXE 102 PID 808 wrote to memory of 3880 808 LSASSMGR.EXE 102 PID 808 wrote to memory of 3880 808 LSASSMGR.EXE 102 PID 2288 wrote to memory of 2872 2288 LSASSMGR.EXE 106 PID 2288 wrote to memory of 2872 2288 LSASSMGR.EXE 106 PID 2288 wrote to memory of 2872 2288 LSASSMGR.EXE 106 PID 2236 wrote to memory of 652 2236 LSASSMGR.EXE 107 PID 2236 wrote to memory of 652 2236 LSASSMGR.EXE 107 PID 2236 wrote to memory of 652 2236 LSASSMGR.EXE 107 PID 3880 wrote to memory of 644 3880 LSASSMGR.EXE 109 PID 3880 wrote to memory of 644 3880 LSASSMGR.EXE 109 PID 3880 wrote to memory of 644 3880 LSASSMGR.EXE 109 PID 3840 wrote to memory of 2128 3840 LSASSMGR.EXE 108 PID 3840 wrote to memory of 2128 3840 LSASSMGR.EXE 108 PID 3840 wrote to memory of 2128 3840 LSASSMGR.EXE 108 PID 644 wrote to memory of 3956 644 LSASSMGR.EXE 111 PID 644 wrote to memory of 3956 644 LSASSMGR.EXE 111 PID 644 wrote to memory of 3956 644 LSASSMGR.EXE 111 PID 2872 wrote to memory of 3888 2872 LSASSMGR.EXE 110 PID 2872 wrote to memory of 3888 2872 LSASSMGR.EXE 110 PID 2872 wrote to memory of 3888 2872 LSASSMGR.EXE 110 PID 2128 wrote to memory of 2908 2128 LSASSMGR.EXE 113 PID 2128 wrote to memory of 2908 2128 LSASSMGR.EXE 113 PID 2128 wrote to memory of 2908 2128 LSASSMGR.EXE 113 PID 652 wrote to memory of 2256 652 LSASSMGR.EXE 112 PID 652 wrote to memory of 2256 652 LSASSMGR.EXE 112 PID 652 wrote to memory of 2256 652 LSASSMGR.EXE 112 PID 2908 wrote to memory of 900 2908 LSASSMGR.EXE 114 PID 2908 wrote to memory of 900 2908 LSASSMGR.EXE 114 PID 2908 wrote to memory of 900 2908 LSASSMGR.EXE 114 PID 2256 wrote to memory of 3616 2256 LSASSMGR.EXE 115 PID 2256 wrote to memory of 3616 2256 LSASSMGR.EXE 115 PID 2256 wrote to memory of 3616 2256 LSASSMGR.EXE 115 PID 3956 wrote to memory of 1600 3956 LSASSMGR.EXE 117 PID 3956 wrote to memory of 1600 3956 LSASSMGR.EXE 117 PID 3956 wrote to memory of 1600 3956 LSASSMGR.EXE 117 PID 3888 wrote to memory of 3884 3888 LSASSMGR.EXE 116 PID 3888 wrote to memory of 3884 3888 LSASSMGR.EXE 116 PID 3888 wrote to memory of 3884 3888 LSASSMGR.EXE 116 PID 3884 wrote to memory of 428 3884 LSASSMGR.EXE 118 PID 3884 wrote to memory of 428 3884 LSASSMGR.EXE 118 PID 3884 wrote to memory of 428 3884 LSASSMGR.EXE 118 PID 3616 wrote to memory of 3948 3616 LSASSMGR.EXE 119 PID 3616 wrote to memory of 3948 3616 LSASSMGR.EXE 119 PID 3616 wrote to memory of 3948 3616 LSASSMGR.EXE 119 PID 900 wrote to memory of 1308 900 LSASSMGR.EXE 121 PID 900 wrote to memory of 1308 900 LSASSMGR.EXE 121 PID 900 wrote to memory of 1308 900 LSASSMGR.EXE 121 PID 1600 wrote to memory of 3520 1600 LSASSMGR.EXE 120 PID 1600 wrote to memory of 3520 1600 LSASSMGR.EXE 120 PID 1600 wrote to memory of 3520 1600 LSASSMGR.EXE 120 PID 428 wrote to memory of 2892 428 LSASSMGR.EXE 123 PID 428 wrote to memory of 2892 428 LSASSMGR.EXE 123 PID 428 wrote to memory of 2892 428 LSASSMGR.EXE 123 PID 3948 wrote to memory of 4052 3948 LSASSMGR.EXE 122 PID 3948 wrote to memory of 4052 3948 LSASSMGR.EXE 122 PID 3948 wrote to memory of 4052 3948 LSASSMGR.EXE 122 PID 3520 wrote to memory of 2252 3520 LSASSMGR.EXE 124 PID 3520 wrote to memory of 2252 3520 LSASSMGR.EXE 124 PID 3520 wrote to memory of 2252 3520 LSASSMGR.EXE 124 PID 1308 wrote to memory of 2092 1308 LSASSMGR.EXE 125 PID 1308 wrote to memory of 2092 1308 LSASSMGR.EXE 125 PID 1308 wrote to memory of 2092 1308 LSASSMGR.EXE 125 PID 4052 wrote to memory of 2220 4052 LSASSMGR.EXE 127 PID 4052 wrote to memory of 2220 4052 LSASSMGR.EXE 127 PID 4052 wrote to memory of 2220 4052 LSASSMGR.EXE 127 PID 2892 wrote to memory of 1172 2892 LSASSMGR.EXE 126 PID 2892 wrote to memory of 1172 2892 LSASSMGR.EXE 126 PID 2892 wrote to memory of 1172 2892 LSASSMGR.EXE 126 PID 2092 wrote to memory of 3480 2092 LSASSMGR.EXE 128 PID 2092 wrote to memory of 3480 2092 LSASSMGR.EXE 128 PID 2092 wrote to memory of 3480 2092 LSASSMGR.EXE 128 PID 2252 wrote to memory of 720 2252 LSASSMGR.EXE 129 PID 2252 wrote to memory of 720 2252 LSASSMGR.EXE 129 PID 2252 wrote to memory of 720 2252 LSASSMGR.EXE 129 PID 2220 wrote to memory of 3352 2220 LSASSMGR.EXE 131 PID 2220 wrote to memory of 3352 2220 LSASSMGR.EXE 131 PID 2220 wrote to memory of 3352 2220 LSASSMGR.EXE 131 PID 1172 wrote to memory of 3524 1172 LSASSMGR.EXE 130 PID 1172 wrote to memory of 3524 1172 LSASSMGR.EXE 130 PID 1172 wrote to memory of 3524 1172 LSASSMGR.EXE 130 PID 720 wrote to memory of 896 720 LSASSMGR.EXE 133 PID 720 wrote to memory of 896 720 LSASSMGR.EXE 133 PID 720 wrote to memory of 896 720 LSASSMGR.EXE 133 PID 3480 wrote to memory of 3808 3480 LSASSMGR.EXE 132 PID 3480 wrote to memory of 3808 3480 LSASSMGR.EXE 132 PID 3480 wrote to memory of 3808 3480 LSASSMGR.EXE 132 PID 3524 wrote to memory of 2760 3524 LSASSMGR.EXE 135 PID 3524 wrote to memory of 2760 3524 LSASSMGR.EXE 135 PID 3524 wrote to memory of 2760 3524 LSASSMGR.EXE 135 PID 3352 wrote to memory of 1176 3352 LSASSMGR.EXE 134 PID 3352 wrote to memory of 1176 3352 LSASSMGR.EXE 134 PID 3352 wrote to memory of 1176 3352 LSASSMGR.EXE 134 PID 896 wrote to memory of 4032 896 LSASSMGR.EXE 137 PID 896 wrote to memory of 4032 896 LSASSMGR.EXE 137 PID 896 wrote to memory of 4032 896 LSASSMGR.EXE 137 PID 3808 wrote to memory of 212 3808 LSASSMGR.EXE 136 PID 3808 wrote to memory of 212 3808 LSASSMGR.EXE 136 PID 3808 wrote to memory of 212 3808 LSASSMGR.EXE 136 PID 1176 wrote to memory of 2456 1176 LSASSMGR.EXE 138 PID 1176 wrote to memory of 2456 1176 LSASSMGR.EXE 138 PID 1176 wrote to memory of 2456 1176 LSASSMGR.EXE 138 PID 2760 wrote to memory of 1192 2760 LSASSMGR.EXE 139 PID 2760 wrote to memory of 1192 2760 LSASSMGR.EXE 139 PID 2760 wrote to memory of 1192 2760 LSASSMGR.EXE 139 PID 212 wrote to memory of 2880 212 LSASSMGR.EXE 141 PID 212 wrote to memory of 2880 212 LSASSMGR.EXE 141 PID 212 wrote to memory of 2880 212 LSASSMGR.EXE 141 PID 1192 wrote to memory of 1856 1192 LSASSMGR.EXE 143 PID 1192 wrote to memory of 1856 1192 LSASSMGR.EXE 143 PID 1192 wrote to memory of 1856 1192 LSASSMGR.EXE 143 PID 4032 wrote to memory of 1288 4032 LSASSMGR.EXE 140 PID 4032 wrote to memory of 1288 4032 LSASSMGR.EXE 140 PID 4032 wrote to memory of 1288 4032 LSASSMGR.EXE 140 PID 2456 wrote to memory of 1428 2456 LSASSMGR.EXE 142 PID 2456 wrote to memory of 1428 2456 LSASSMGR.EXE 142 PID 2456 wrote to memory of 1428 2456 LSASSMGR.EXE 142 PID 1428 wrote to memory of 3488 1428 LSASSMGR.EXE 147 PID 1428 wrote to memory of 3488 1428 LSASSMGR.EXE 147 PID 1428 wrote to memory of 3488 1428 LSASSMGR.EXE 147 PID 2880 wrote to memory of 3712 2880 LSASSMGR.EXE 144 PID 2880 wrote to memory of 3712 2880 LSASSMGR.EXE 144 PID 2880 wrote to memory of 3712 2880 LSASSMGR.EXE 144 PID 1856 wrote to memory of 2796 1856 LSASSMGR.EXE 145 PID 1856 wrote to memory of 2796 1856 LSASSMGR.EXE 145 PID 1856 wrote to memory of 2796 1856 LSASSMGR.EXE 145 PID 1288 wrote to memory of 752 1288 LSASSMGR.EXE 146 PID 1288 wrote to memory of 752 1288 LSASSMGR.EXE 146 PID 1288 wrote to memory of 752 1288 LSASSMGR.EXE 146 PID 3712 wrote to memory of 2324 3712 LSASSMGR.EXE 151 PID 3712 wrote to memory of 2324 3712 LSASSMGR.EXE 151 PID 3712 wrote to memory of 2324 3712 LSASSMGR.EXE 151 PID 752 wrote to memory of 4068 752 LSASSMGR.EXE 148 PID 752 wrote to memory of 4068 752 LSASSMGR.EXE 148 PID 752 wrote to memory of 4068 752 LSASSMGR.EXE 148 PID 2796 wrote to memory of 3180 2796 LSASSMGR.EXE 150 PID 2796 wrote to memory of 3180 2796 LSASSMGR.EXE 150 PID 2796 wrote to memory of 3180 2796 LSASSMGR.EXE 150 PID 3488 wrote to memory of 804 3488 LSASSMGR.EXE 149 PID 3488 wrote to memory of 804 3488 LSASSMGR.EXE 149 PID 3488 wrote to memory of 804 3488 LSASSMGR.EXE 149 PID 2324 wrote to memory of 968 2324 LSASSMGR.EXE 153 PID 2324 wrote to memory of 968 2324 LSASSMGR.EXE 153 PID 2324 wrote to memory of 968 2324 LSASSMGR.EXE 153 PID 3180 wrote to memory of 932 3180 LSASSMGR.EXE 152 PID 3180 wrote to memory of 932 3180 LSASSMGR.EXE 152 PID 3180 wrote to memory of 932 3180 LSASSMGR.EXE 152 PID 4068 wrote to memory of 2360 4068 LSASSMGR.EXE 155 PID 4068 wrote to memory of 2360 4068 LSASSMGR.EXE 155 PID 4068 wrote to memory of 2360 4068 LSASSMGR.EXE 155 PID 804 wrote to memory of 1884 804 LSASSMGR.EXE 154 PID 804 wrote to memory of 1884 804 LSASSMGR.EXE 154 PID 804 wrote to memory of 1884 804 LSASSMGR.EXE 154 PID 932 wrote to memory of 3296 932 LSASSMGR.EXE 156 PID 932 wrote to memory of 3296 932 LSASSMGR.EXE 156 PID 932 wrote to memory of 3296 932 LSASSMGR.EXE 156 PID 968 wrote to memory of 3696 968 LSASSMGR.EXE 157 PID 968 wrote to memory of 3696 968 LSASSMGR.EXE 157 PID 968 wrote to memory of 3696 968 LSASSMGR.EXE 157 PID 2360 wrote to memory of 420 2360 LSASSMGR.EXE 159 PID 2360 wrote to memory of 420 2360 LSASSMGR.EXE 159 PID 2360 wrote to memory of 420 2360 LSASSMGR.EXE 159 PID 1884 wrote to memory of 2136 1884 LSASSMGR.EXE 158 PID 1884 wrote to memory of 2136 1884 LSASSMGR.EXE 158 PID 1884 wrote to memory of 2136 1884 LSASSMGR.EXE 158 PID 3296 wrote to memory of 4108 3296 LSASSMGR.EXE 160 PID 3296 wrote to memory of 4108 3296 LSASSMGR.EXE 160 PID 3296 wrote to memory of 4108 3296 LSASSMGR.EXE 160 PID 3696 wrote to memory of 4128 3696 LSASSMGR.EXE 161 PID 3696 wrote to memory of 4128 3696 LSASSMGR.EXE 161 PID 3696 wrote to memory of 4128 3696 LSASSMGR.EXE 161 PID 2136 wrote to memory of 4252 2136 LSASSMGR.EXE 162 PID 2136 wrote to memory of 4252 2136 LSASSMGR.EXE 162 PID 2136 wrote to memory of 4252 2136 LSASSMGR.EXE 162 PID 420 wrote to memory of 4272 420 LSASSMGR.EXE 163 PID 420 wrote to memory of 4272 420 LSASSMGR.EXE 163 PID 420 wrote to memory of 4272 420 LSASSMGR.EXE 163 PID 4128 wrote to memory of 4296 4128 LSASSMGR.EXE 164 PID 4128 wrote to memory of 4296 4128 LSASSMGR.EXE 164 PID 4128 wrote to memory of 4296 4128 LSASSMGR.EXE 164 PID 4108 wrote to memory of 4312 4108 LSASSMGR.EXE 165 PID 4108 wrote to memory of 4312 4108 LSASSMGR.EXE 165 PID 4108 wrote to memory of 4312 4108 LSASSMGR.EXE 165 PID 4252 wrote to memory of 4380 4252 LSASSMGR.EXE 166 PID 4252 wrote to memory of 4380 4252 LSASSMGR.EXE 166 PID 4252 wrote to memory of 4380 4252 LSASSMGR.EXE 166 PID 4272 wrote to memory of 4416 4272 LSASSMGR.EXE 167 PID 4272 wrote to memory of 4416 4272 LSASSMGR.EXE 167 PID 4272 wrote to memory of 4416 4272 LSASSMGR.EXE 167 PID 4312 wrote to memory of 4472 4312 LSASSMGR.EXE 168 PID 4312 wrote to memory of 4472 4312 LSASSMGR.EXE 168 PID 4312 wrote to memory of 4472 4312 LSASSMGR.EXE 168 PID 4380 wrote to memory of 4544 4380 LSASSMGR.EXE 170 PID 4380 wrote to memory of 4544 4380 LSASSMGR.EXE 170 PID 4380 wrote to memory of 4544 4380 LSASSMGR.EXE 170 PID 4296 wrote to memory of 4556 4296 LSASSMGR.EXE 169 PID 4296 wrote to memory of 4556 4296 LSASSMGR.EXE 169 PID 4296 wrote to memory of 4556 4296 LSASSMGR.EXE 169 PID 4416 wrote to memory of 4612 4416 LSASSMGR.EXE 171 PID 4416 wrote to memory of 4612 4416 LSASSMGR.EXE 171 PID 4416 wrote to memory of 4612 4416 LSASSMGR.EXE 171 PID 4472 wrote to memory of 4644 4472 LSASSMGR.EXE 172 PID 4472 wrote to memory of 4644 4472 LSASSMGR.EXE 172 PID 4472 wrote to memory of 4644 4472 LSASSMGR.EXE 172 PID 4544 wrote to memory of 4748 4544 LSASSMGR.EXE 174 PID 4544 wrote to memory of 4748 4544 LSASSMGR.EXE 174 PID 4544 wrote to memory of 4748 4544 LSASSMGR.EXE 174 PID 4556 wrote to memory of 4756 4556 LSASSMGR.EXE 173 PID 4556 wrote to memory of 4756 4556 LSASSMGR.EXE 173 PID 4556 wrote to memory of 4756 4556 LSASSMGR.EXE 173 PID 4612 wrote to memory of 4824 4612 LSASSMGR.EXE 176 PID 4612 wrote to memory of 4824 4612 LSASSMGR.EXE 176 PID 4612 wrote to memory of 4824 4612 LSASSMGR.EXE 176 PID 4644 wrote to memory of 4832 4644 LSASSMGR.EXE 175 PID 4644 wrote to memory of 4832 4644 LSASSMGR.EXE 175 PID 4644 wrote to memory of 4832 4644 LSASSMGR.EXE 175 PID 4748 wrote to memory of 4880 4748 LSASSMGR.EXE 177 PID 4748 wrote to memory of 4880 4748 LSASSMGR.EXE 177 PID 4748 wrote to memory of 4880 4748 LSASSMGR.EXE 177 PID 4756 wrote to memory of 4904 4756 LSASSMGR.EXE 178 PID 4756 wrote to memory of 4904 4756 LSASSMGR.EXE 178 PID 4756 wrote to memory of 4904 4756 LSASSMGR.EXE 178 PID 4832 wrote to memory of 5016 4832 LSASSMGR.EXE 180 PID 4832 wrote to memory of 5016 4832 LSASSMGR.EXE 180 PID 4832 wrote to memory of 5016 4832 LSASSMGR.EXE 180 PID 4824 wrote to memory of 5028 4824 LSASSMGR.EXE 179 PID 4824 wrote to memory of 5028 4824 LSASSMGR.EXE 179 PID 4824 wrote to memory of 5028 4824 LSASSMGR.EXE 179 PID 4880 wrote to memory of 5052 4880 LSASSMGR.EXE 181 PID 4880 wrote to memory of 5052 4880 LSASSMGR.EXE 181 PID 4880 wrote to memory of 5052 4880 LSASSMGR.EXE 181 PID 4904 wrote to memory of 5092 4904 LSASSMGR.EXE 182 PID 4904 wrote to memory of 5092 4904 LSASSMGR.EXE 182 PID 4904 wrote to memory of 5092 4904 LSASSMGR.EXE 182 PID 5016 wrote to memory of 1380 5016 LSASSMGR.EXE 184 PID 5016 wrote to memory of 1380 5016 LSASSMGR.EXE 184 PID 5016 wrote to memory of 1380 5016 LSASSMGR.EXE 184 PID 5028 wrote to memory of 1000 5028 LSASSMGR.EXE 183 PID 5028 wrote to memory of 1000 5028 LSASSMGR.EXE 183 PID 5028 wrote to memory of 1000 5028 LSASSMGR.EXE 183 PID 5052 wrote to memory of 3928 5052 LSASSMGR.EXE 185 PID 5052 wrote to memory of 3928 5052 LSASSMGR.EXE 185 PID 5052 wrote to memory of 3928 5052 LSASSMGR.EXE 185 PID 5092 wrote to memory of 4176 5092 LSASSMGR.EXE 189 PID 5092 wrote to memory of 4176 5092 LSASSMGR.EXE 189 PID 5092 wrote to memory of 4176 5092 LSASSMGR.EXE 189 PID 1380 wrote to memory of 4204 1380 LSASSMGR.EXE 186 PID 1380 wrote to memory of 4204 1380 LSASSMGR.EXE 186 PID 1380 wrote to memory of 4204 1380 LSASSMGR.EXE 186 PID 1000 wrote to memory of 4120 1000 LSASSMGR.EXE 187 PID 1000 wrote to memory of 4120 1000 LSASSMGR.EXE 187 PID 1000 wrote to memory of 4120 1000 LSASSMGR.EXE 187 PID 3928 wrote to memory of 4244 3928 LSASSMGR.EXE 188 PID 3928 wrote to memory of 4244 3928 LSASSMGR.EXE 188 PID 3928 wrote to memory of 4244 3928 LSASSMGR.EXE 188 PID 4120 wrote to memory of 4324 4120 LSASSMGR.EXE 191 PID 4120 wrote to memory of 4324 4120 LSASSMGR.EXE 191 PID 4120 wrote to memory of 4324 4120 LSASSMGR.EXE 191 PID 4204 wrote to memory of 4424 4204 LSASSMGR.EXE 190 PID 4204 wrote to memory of 4424 4204 LSASSMGR.EXE 190 PID 4204 wrote to memory of 4424 4204 LSASSMGR.EXE 190 PID 4176 wrote to memory of 4400 4176 LSASSMGR.EXE 192 PID 4176 wrote to memory of 4400 4176 LSASSMGR.EXE 192 PID 4176 wrote to memory of 4400 4176 LSASSMGR.EXE 192 PID 4244 wrote to memory of 4500 4244 LSASSMGR.EXE 193 PID 4244 wrote to memory of 4500 4244 LSASSMGR.EXE 193 PID 4244 wrote to memory of 4500 4244 LSASSMGR.EXE 193 PID 4424 wrote to memory of 4576 4424 LSASSMGR.EXE 195 PID 4424 wrote to memory of 4576 4424 LSASSMGR.EXE 195 PID 4424 wrote to memory of 4576 4424 LSASSMGR.EXE 195 PID 4400 wrote to memory of 4532 4400 LSASSMGR.EXE 194 PID 4400 wrote to memory of 4532 4400 LSASSMGR.EXE 194 PID 4400 wrote to memory of 4532 4400 LSASSMGR.EXE 194 PID 4500 wrote to memory of 4596 4500 LSASSMGR.EXE 197 PID 4500 wrote to memory of 4596 4500 LSASSMGR.EXE 197 PID 4500 wrote to memory of 4596 4500 LSASSMGR.EXE 197 PID 4324 wrote to memory of 4688 4324 LSASSMGR.EXE 196 PID 4324 wrote to memory of 4688 4324 LSASSMGR.EXE 196 PID 4324 wrote to memory of 4688 4324 LSASSMGR.EXE 196 PID 4532 wrote to memory of 4708 4532 LSASSMGR.EXE 199 PID 4532 wrote to memory of 4708 4532 LSASSMGR.EXE 199 PID 4532 wrote to memory of 4708 4532 LSASSMGR.EXE 199 PID 4576 wrote to memory of 4712 4576 LSASSMGR.EXE 198 PID 4576 wrote to memory of 4712 4576 LSASSMGR.EXE 198 PID 4576 wrote to memory of 4712 4576 LSASSMGR.EXE 198 PID 4596 wrote to memory of 4856 4596 LSASSMGR.EXE 201 PID 4596 wrote to memory of 4856 4596 LSASSMGR.EXE 201 PID 4596 wrote to memory of 4856 4596 LSASSMGR.EXE 201 PID 4688 wrote to memory of 4792 4688 LSASSMGR.EXE 200 PID 4688 wrote to memory of 4792 4688 LSASSMGR.EXE 200 PID 4688 wrote to memory of 4792 4688 LSASSMGR.EXE 200 PID 4792 wrote to memory of 4828 4792 LSASSMGR.EXE 203 PID 4792 wrote to memory of 4828 4792 LSASSMGR.EXE 203 PID 4792 wrote to memory of 4828 4792 LSASSMGR.EXE 203 PID 4708 wrote to memory of 4952 4708 LSASSMGR.EXE 202 PID 4708 wrote to memory of 4952 4708 LSASSMGR.EXE 202 PID 4708 wrote to memory of 4952 4708 LSASSMGR.EXE 202 PID 4712 wrote to memory of 4988 4712 LSASSMGR.EXE 205 PID 4712 wrote to memory of 4988 4712 LSASSMGR.EXE 205 PID 4712 wrote to memory of 4988 4712 LSASSMGR.EXE 205 PID 4856 wrote to memory of 4976 4856 LSASSMGR.EXE 204 PID 4856 wrote to memory of 4976 4856 LSASSMGR.EXE 204 PID 4856 wrote to memory of 4976 4856 LSASSMGR.EXE 204 PID 4828 wrote to memory of 5068 4828 LSASSMGR.EXE 206 PID 4828 wrote to memory of 5068 4828 LSASSMGR.EXE 206 PID 4828 wrote to memory of 5068 4828 LSASSMGR.EXE 206 PID 4952 wrote to memory of 5116 4952 LSASSMGR.EXE 208 PID 4952 wrote to memory of 5116 4952 LSASSMGR.EXE 208 PID 4952 wrote to memory of 5116 4952 LSASSMGR.EXE 208 PID 4988 wrote to memory of 5100 4988 LSASSMGR.EXE 207 PID 4988 wrote to memory of 5100 4988 LSASSMGR.EXE 207 PID 4988 wrote to memory of 5100 4988 LSASSMGR.EXE 207 PID 4976 wrote to memory of 2448 4976 LSASSMGR.EXE 209 PID 4976 wrote to memory of 2448 4976 LSASSMGR.EXE 209 PID 4976 wrote to memory of 2448 4976 LSASSMGR.EXE 209 PID 5100 wrote to memory of 672 5100 LSASSMGR.EXE 212 PID 5100 wrote to memory of 672 5100 LSASSMGR.EXE 212 PID 5100 wrote to memory of 672 5100 LSASSMGR.EXE 212 PID 5116 wrote to memory of 1424 5116 LSASSMGR.EXE 210 PID 5116 wrote to memory of 1424 5116 LSASSMGR.EXE 210 PID 5116 wrote to memory of 1424 5116 LSASSMGR.EXE 210 PID 5068 wrote to memory of 4180 5068 LSASSMGR.EXE 211 PID 5068 wrote to memory of 4180 5068 LSASSMGR.EXE 211 PID 5068 wrote to memory of 4180 5068 LSASSMGR.EXE 211 PID 2448 wrote to memory of 4212 2448 LSASSMGR.EXE 214 PID 2448 wrote to memory of 4212 2448 LSASSMGR.EXE 214 PID 2448 wrote to memory of 4212 2448 LSASSMGR.EXE 214 PID 1424 wrote to memory of 4156 1424 LSASSMGR.EXE 213 PID 1424 wrote to memory of 4156 1424 LSASSMGR.EXE 213 PID 1424 wrote to memory of 4156 1424 LSASSMGR.EXE 213 PID 672 wrote to memory of 4220 672 LSASSMGR.EXE 216 PID 672 wrote to memory of 4220 672 LSASSMGR.EXE 216 PID 672 wrote to memory of 4220 672 LSASSMGR.EXE 216 PID 4180 wrote to memory of 4388 4180 LSASSMGR.EXE 215 PID 4180 wrote to memory of 4388 4180 LSASSMGR.EXE 215 PID 4180 wrote to memory of 4388 4180 LSASSMGR.EXE 215 PID 4212 wrote to memory of 4360 4212 LSASSMGR.EXE 218 PID 4212 wrote to memory of 4360 4212 LSASSMGR.EXE 218 PID 4212 wrote to memory of 4360 4212 LSASSMGR.EXE 218 PID 4156 wrote to memory of 4448 4156 LSASSMGR.EXE 217 PID 4156 wrote to memory of 4448 4156 LSASSMGR.EXE 217 PID 4156 wrote to memory of 4448 4156 LSASSMGR.EXE 217 PID 4388 wrote to memory of 4580 4388 LSASSMGR.EXE 220 PID 4388 wrote to memory of 4580 4388 LSASSMGR.EXE 220 PID 4388 wrote to memory of 4580 4388 LSASSMGR.EXE 220 PID 4220 wrote to memory of 4452 4220 LSASSMGR.EXE 219 PID 4220 wrote to memory of 4452 4220 LSASSMGR.EXE 219 PID 4220 wrote to memory of 4452 4220 LSASSMGR.EXE 219 PID 4448 wrote to memory of 4840 4448 LSASSMGR.EXE 221 PID 4448 wrote to memory of 4840 4448 LSASSMGR.EXE 221 PID 4448 wrote to memory of 4840 4448 LSASSMGR.EXE 221 PID 4360 wrote to memory of 4736 4360 LSASSMGR.EXE 222 PID 4360 wrote to memory of 4736 4360 LSASSMGR.EXE 222 PID 4360 wrote to memory of 4736 4360 LSASSMGR.EXE 222 PID 4580 wrote to memory of 4772 4580 LSASSMGR.EXE 225 PID 4580 wrote to memory of 4772 4580 LSASSMGR.EXE 225 PID 4580 wrote to memory of 4772 4580 LSASSMGR.EXE 225 PID 4452 wrote to memory of 4812 4452 LSASSMGR.EXE 223 PID 4452 wrote to memory of 4812 4452 LSASSMGR.EXE 223 PID 4452 wrote to memory of 4812 4452 LSASSMGR.EXE 223 PID 4840 wrote to memory of 4916 4840 LSASSMGR.EXE 224 PID 4840 wrote to memory of 4916 4840 LSASSMGR.EXE 224 PID 4840 wrote to memory of 4916 4840 LSASSMGR.EXE 224 PID 4772 wrote to memory of 4876 4772 LSASSMGR.EXE 226 PID 4772 wrote to memory of 4876 4772 LSASSMGR.EXE 226 PID 4772 wrote to memory of 4876 4772 LSASSMGR.EXE 226 PID 4736 wrote to memory of 4964 4736 LSASSMGR.EXE 227 PID 4736 wrote to memory of 4964 4736 LSASSMGR.EXE 227 PID 4736 wrote to memory of 4964 4736 LSASSMGR.EXE 227 PID 4876 wrote to memory of 5084 4876 LSASSMGR.EXE 228 PID 4876 wrote to memory of 5084 4876 LSASSMGR.EXE 228 PID 4876 wrote to memory of 5084 4876 LSASSMGR.EXE 228 PID 4812 wrote to memory of 3740 4812 LSASSMGR.EXE 229 PID 4812 wrote to memory of 3740 4812 LSASSMGR.EXE 229 PID 4812 wrote to memory of 3740 4812 LSASSMGR.EXE 229 PID 4916 wrote to memory of 4992 4916 LSASSMGR.EXE 230 PID 4916 wrote to memory of 4992 4916 LSASSMGR.EXE 230 PID 4916 wrote to memory of 4992 4916 LSASSMGR.EXE 230 PID 4964 wrote to memory of 584 4964 LSASSMGR.EXE 231 PID 4964 wrote to memory of 584 4964 LSASSMGR.EXE 231 PID 4964 wrote to memory of 584 4964 LSASSMGR.EXE 231 PID 4992 wrote to memory of 4308 4992 LSASSMGR.EXE 233 PID 4992 wrote to memory of 4308 4992 LSASSMGR.EXE 233 PID 4992 wrote to memory of 4308 4992 LSASSMGR.EXE 233 PID 5084 wrote to memory of 4160 5084 LSASSMGR.EXE 235 PID 5084 wrote to memory of 4160 5084 LSASSMGR.EXE 235 PID 5084 wrote to memory of 4160 5084 LSASSMGR.EXE 235 PID 3740 wrote to memory of 4104 3740 LSASSMGR.EXE 232 PID 3740 wrote to memory of 4104 3740 LSASSMGR.EXE 232 PID 3740 wrote to memory of 4104 3740 LSASSMGR.EXE 232 PID 584 wrote to memory of 4228 584 LSASSMGR.EXE 234 PID 584 wrote to memory of 4228 584 LSASSMGR.EXE 234 PID 584 wrote to memory of 4228 584 LSASSMGR.EXE 234 PID 4308 wrote to memory of 4328 4308 LSASSMGR.EXE 236 PID 4308 wrote to memory of 4328 4308 LSASSMGR.EXE 236 PID 4308 wrote to memory of 4328 4308 LSASSMGR.EXE 236 PID 4228 wrote to memory of 4460 4228 LSASSMGR.EXE 237 PID 4228 wrote to memory of 4460 4228 LSASSMGR.EXE 237 PID 4228 wrote to memory of 4460 4228 LSASSMGR.EXE 237 PID 4160 wrote to memory of 4292 4160 LSASSMGR.EXE 238 PID 4160 wrote to memory of 4292 4160 LSASSMGR.EXE 238 PID 4160 wrote to memory of 4292 4160 LSASSMGR.EXE 238 PID 4104 wrote to memory of 4408 4104 LSASSMGR.EXE 239 PID 4104 wrote to memory of 4408 4104 LSASSMGR.EXE 239 PID 4104 wrote to memory of 4408 4104 LSASSMGR.EXE 239 PID 4328 wrote to memory of 4524 4328 LSASSMGR.EXE 240 PID 4328 wrote to memory of 4524 4328 LSASSMGR.EXE 240 PID 4328 wrote to memory of 4524 4328 LSASSMGR.EXE 240 PID 4460 wrote to memory of 4568 4460 LSASSMGR.EXE 241 PID 4460 wrote to memory of 4568 4460 LSASSMGR.EXE 241 PID 4460 wrote to memory of 4568 4460 LSASSMGR.EXE 241 PID 4408 wrote to memory of 4896 4408 LSASSMGR.EXE 242 PID 4408 wrote to memory of 4896 4408 LSASSMGR.EXE 242 PID 4408 wrote to memory of 4896 4408 LSASSMGR.EXE 242 PID 4292 wrote to memory of 4548 4292 LSASSMGR.EXE 243 PID 4292 wrote to memory of 4548 4292 LSASSMGR.EXE 243 PID 4292 wrote to memory of 4548 4292 LSASSMGR.EXE 243 PID 4524 wrote to memory of 4608 4524 LSASSMGR.EXE 245 PID 4524 wrote to memory of 4608 4524 LSASSMGR.EXE 245 PID 4524 wrote to memory of 4608 4524 LSASSMGR.EXE 245 PID 4568 wrote to memory of 4744 4568 LSASSMGR.EXE 244 PID 4568 wrote to memory of 4744 4568 LSASSMGR.EXE 244 PID 4568 wrote to memory of 4744 4568 LSASSMGR.EXE 244 PID 4896 wrote to memory of 4956 4896 LSASSMGR.EXE 246 PID 4896 wrote to memory of 4956 4896 LSASSMGR.EXE 246 PID 4896 wrote to memory of 4956 4896 LSASSMGR.EXE 246 PID 4608 wrote to memory of 4864 4608 LSASSMGR.EXE 247 PID 4608 wrote to memory of 4864 4608 LSASSMGR.EXE 247 PID 4608 wrote to memory of 4864 4608 LSASSMGR.EXE 247 PID 4548 wrote to memory of 3916 4548 LSASSMGR.EXE 248 PID 4548 wrote to memory of 3916 4548 LSASSMGR.EXE 248 PID 4548 wrote to memory of 3916 4548 LSASSMGR.EXE 248 PID 4744 wrote to memory of 3204 4744 LSASSMGR.EXE 249 PID 4744 wrote to memory of 3204 4744 LSASSMGR.EXE 249 PID 4744 wrote to memory of 3204 4744 LSASSMGR.EXE 249 PID 4956 wrote to memory of 3200 4956 LSASSMGR.EXE 252 PID 4956 wrote to memory of 3200 4956 LSASSMGR.EXE 252 PID 4956 wrote to memory of 3200 4956 LSASSMGR.EXE 252 PID 4864 wrote to memory of 3748 4864 LSASSMGR.EXE 250 PID 4864 wrote to memory of 3748 4864 LSASSMGR.EXE 250 PID 4864 wrote to memory of 3748 4864 LSASSMGR.EXE 250 PID 3916 wrote to memory of 388 3916 LSASSMGR.EXE 251 PID 3916 wrote to memory of 388 3916 LSASSMGR.EXE 251 PID 3916 wrote to memory of 388 3916 LSASSMGR.EXE 251
Processes
-
C:\Users\Admin\AppData\Local\Temp\cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe"C:\Users\Admin\AppData\Local\Temp\cfac0fedbb2f5e8d8f1c1bd27fe74cb1.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:616 -
C:\Windows\SysWOW64\srtsrv32.exe"C:\Windows\system32\srtsrv32.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3268 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2076 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:488 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"6⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1520 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3168 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1328 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1708 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"10⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2288 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"11⤵
- Executes dropped EXE
PID:2872 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"12⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3888 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"13⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:3884 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"14⤵
- Executes dropped EXE
PID:428 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"15⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:2892 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"16⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1172 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"17⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3524 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"18⤵
- Executes dropped EXE
PID:2760 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"19⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1192 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"20⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1856 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"21⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:2796 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"22⤵
- Adds Run key to start application
PID:3180 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"23⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:932 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"24⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:3296 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"25⤵PID:4108
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"26⤵PID:4312
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"27⤵
- Drops file in System32 directory
PID:4472 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"28⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:4644 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"29⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:4832 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"30⤵PID:5016
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"31⤵PID:1380
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"32⤵PID:4204
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"33⤵
- Adds Run key to start application
PID:4424 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"34⤵
- Drops file in System32 directory
PID:4576 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"35⤵
- Drops file in System32 directory
PID:4712 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"36⤵
- Drops file in System32 directory
- Drops file in Program Files directory
PID:4988 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"37⤵
- Drops file in System32 directory
PID:5100 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"38⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:672 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"39⤵
- Adds Run key to start application
PID:4220 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"40⤵
- Drops file in Program Files directory
PID:4452 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"41⤵PID:4812
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"42⤵
- Drops file in System32 directory
- Drops file in Program Files directory
PID:3740 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"43⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:4104 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"44⤵PID:4408
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"45⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:4896 -
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"46⤵PID:4956
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"47⤵PID:3200
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"48⤵PID:4100
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"49⤵PID:4356
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"50⤵PID:5024
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"51⤵PID:4884
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"52⤵PID:4404
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"53⤵PID:2780
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"54⤵PID:4820
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"55⤵PID:4780
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"56⤵PID:1920
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"57⤵PID:2192
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"58⤵PID:4540
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"59⤵PID:4684
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"60⤵PID:692
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"61⤵PID:4604
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"62⤵PID:4692
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"63⤵PID:5072
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"64⤵PID:4268
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"65⤵PID:4168
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"66⤵PID:3292
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"67⤵PID:4256
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"68⤵PID:4972
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"69⤵PID:4136
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"70⤵PID:4648
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"71⤵PID:4464
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"72⤵PID:1440
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"73⤵PID:4216
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"74⤵PID:4716
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"75⤵PID:4860
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"76⤵PID:4188
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"77⤵PID:3424
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"78⤵PID:1404
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"79⤵PID:4696
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"80⤵PID:4520
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"81⤵PID:2772
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"82⤵PID:5008
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"83⤵PID:4700
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"84⤵PID:4232
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"85⤵PID:196
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"86⤵PID:4260
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"87⤵PID:4704
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"88⤵PID:3392
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"89⤵PID:4348
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"90⤵PID:4340
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"91⤵PID:4932
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"92⤵PID:4372
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"93⤵PID:5292
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"94⤵PID:5432
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"95⤵PID:5568
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"96⤵PID:5700
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"97⤵PID:5876
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"98⤵PID:6088
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"99⤵PID:5128
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"100⤵PID:5368
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"101⤵PID:5524
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"102⤵PID:5564
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"103⤵PID:5788
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"104⤵PID:6080
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"105⤵PID:4752
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"106⤵PID:5252
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"107⤵PID:5360
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"108⤵PID:5648
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"109⤵PID:5784
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"110⤵PID:2160
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"111⤵PID:6100
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"112⤵PID:5284
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"113⤵PID:3508
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"114⤵PID:5604
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"115⤵PID:5840
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"116⤵PID:1676
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"117⤵PID:4428
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"118⤵PID:5204
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"119⤵PID:5640
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"120⤵PID:6044
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"121⤵PID:5924
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-