8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

Analysis

max time kernel
151s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6.exe
Size

5KB
MD5

f59c3bfcb353328cd568304219d0fd1a
SHA1

ff3ccdabe43999e1edefad716b52ca14bc52bbf8
SHA256

8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6
SHA512

6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f
SSDEEP

96:B+gPsFnrAq2/I3oXxs9oLqzydlQahSlxuJuEL5lpSxbuZ:B+gPspJ2/ILOLXnaarSbuZ

Score

8^/10

persistence

Malware Config

Signatures

Adds policy Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\brl = "\"C:\\Windows\\system32\\dll\\lsass.exe\""	lsass.exe

Executes dropped EXE 64 IoCs

pid	Process
3164	lsass.exe
1436	lsass.exe
1704	lsass.exe
3404	lsass.exe
648	lsass.exe
2248	lsass.exe
4232	lsass.exe
4532	lsass.exe
628	lsass.exe
3736	lsass.exe
3472	lsass.exe
400	lsass.exe
3980	lsass.exe
2388	lsass.exe
3224	lsass.exe
888	lsass.exe
1796	lsass.exe
4864	lsass.exe
2592	lsass.exe
4212	lsass.exe
1768	lsass.exe
4412	lsass.exe
4552	lsass.exe
5000	lsass.exe
3324	lsass.exe
4868	lsass.exe
220	lsass.exe
3148	lsass.exe
3064	lsass.exe
4600	lsass.exe
4224	lsass.exe
3104	lsass.exe
4188	lsass.exe
3632	lsass.exe
4204	lsass.exe
3984	lsass.exe
2080	lsass.exe
3224	lsass.exe
2220	lsass.exe
1556	lsass.exe
3368	lsass.exe
2592	lsass.exe
4212	lsass.exe
1768	lsass.exe
2236	lsass.exe
4768	lsass.exe
5000	lsass.exe
2896	lsass.exe
4036	lsass.exe
2924	lsass.exe
556	lsass.exe
1668	lsass.exe
3712	lsass.exe
3032	lsass.exe
4476	lsass.exe
1616	lsass.exe
1564	lsass.exe
2336	lsass.exe
4248	lsass.exe
4280	lsass.exe
4032	lsass.exe
4560	lsass.exe
4972	lsass.exe
4888	lsass.exe

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	lsass.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll\lsass.exe	8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File created	C:\Windows\SysWOW64\dll\lsass.exe	lsass.exe
File opened for modification	C:\Windows\SysWOW64\dll	lsass.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 3164	4904	8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6.exe	82
PID 4904 wrote to memory of 3164	4904	8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6.exe	82
PID 4904 wrote to memory of 3164	4904	8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6.exe	82
PID 3164 wrote to memory of 1436	3164	lsass.exe	84
PID 3164 wrote to memory of 1436	3164	lsass.exe	84
PID 3164 wrote to memory of 1436	3164	lsass.exe	84
PID 1436 wrote to memory of 1704	1436	lsass.exe	86
PID 1436 wrote to memory of 1704	1436	lsass.exe	86
PID 1436 wrote to memory of 1704	1436	lsass.exe	86
PID 1704 wrote to memory of 3404	1704	lsass.exe	88
PID 1704 wrote to memory of 3404	1704	lsass.exe	88
PID 1704 wrote to memory of 3404	1704	lsass.exe	88
PID 3404 wrote to memory of 648	3404	lsass.exe	90
PID 3404 wrote to memory of 648	3404	lsass.exe	90
PID 3404 wrote to memory of 648	3404	lsass.exe	90
PID 648 wrote to memory of 2248	648	lsass.exe	92
PID 648 wrote to memory of 2248	648	lsass.exe	92
PID 648 wrote to memory of 2248	648	lsass.exe	92
PID 2248 wrote to memory of 4232	2248	lsass.exe	94
PID 2248 wrote to memory of 4232	2248	lsass.exe	94
PID 2248 wrote to memory of 4232	2248	lsass.exe	94
PID 4232 wrote to memory of 4532	4232	lsass.exe	96
PID 4232 wrote to memory of 4532	4232	lsass.exe	96
PID 4232 wrote to memory of 4532	4232	lsass.exe	96
PID 4532 wrote to memory of 628	4532	lsass.exe	98
PID 4532 wrote to memory of 628	4532	lsass.exe	98
PID 4532 wrote to memory of 628	4532	lsass.exe	98
PID 628 wrote to memory of 3736	628	lsass.exe	100
PID 628 wrote to memory of 3736	628	lsass.exe	100
PID 628 wrote to memory of 3736	628	lsass.exe	100
PID 3736 wrote to memory of 3472	3736	lsass.exe	103
PID 3736 wrote to memory of 3472	3736	lsass.exe	103
PID 3736 wrote to memory of 3472	3736	lsass.exe	103
PID 3472 wrote to memory of 400	3472	lsass.exe	104
PID 3472 wrote to memory of 400	3472	lsass.exe	104
PID 3472 wrote to memory of 400	3472	lsass.exe	104
PID 400 wrote to memory of 3980	400	lsass.exe	106
PID 400 wrote to memory of 3980	400	lsass.exe	106
PID 400 wrote to memory of 3980	400	lsass.exe	106
PID 3980 wrote to memory of 2388	3980	lsass.exe	108
PID 3980 wrote to memory of 2388	3980	lsass.exe	108
PID 3980 wrote to memory of 2388	3980	lsass.exe	108
PID 2388 wrote to memory of 3224	2388	lsass.exe	110
PID 2388 wrote to memory of 3224	2388	lsass.exe	110
PID 2388 wrote to memory of 3224	2388	lsass.exe	110
PID 3224 wrote to memory of 888	3224	lsass.exe	112
PID 3224 wrote to memory of 888	3224	lsass.exe	112
PID 3224 wrote to memory of 888	3224	lsass.exe	112
PID 888 wrote to memory of 1796	888	lsass.exe	114
PID 888 wrote to memory of 1796	888	lsass.exe	114
PID 888 wrote to memory of 1796	888	lsass.exe	114
PID 1796 wrote to memory of 4864	1796	lsass.exe	116
PID 1796 wrote to memory of 4864	1796	lsass.exe	116
PID 1796 wrote to memory of 4864	1796	lsass.exe	116
PID 4864 wrote to memory of 2592	4864	lsass.exe	118
PID 4864 wrote to memory of 2592	4864	lsass.exe	118
PID 4864 wrote to memory of 2592	4864	lsass.exe	118
PID 2592 wrote to memory of 4212	2592	lsass.exe	120
PID 2592 wrote to memory of 4212	2592	lsass.exe	120
PID 2592 wrote to memory of 4212	2592	lsass.exe	120
PID 4212 wrote to memory of 1768	4212	lsass.exe	122
PID 4212 wrote to memory of 1768	4212	lsass.exe	122
PID 4212 wrote to memory of 1768	4212	lsass.exe	122
PID 1768 wrote to memory of 4412	1768	lsass.exe	124

C:\Users\Admin\AppData\Local\Temp\8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6.exe
"C:\Users\Admin\AppData\Local\Temp\8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Windows\SysWOW64\dll\lsass.exe
  "C:\Windows\system32\dll\lsass.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3164
- - C:\Windows\SysWOW64\dll\lsass.exe
    "C:\Windows\system32\dll\lsass.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1436
  - - C:\Windows\SysWOW64\dll\lsass.exe
      "C:\Windows\system32\dll\lsass.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1704
    - - C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3404
      - C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        6⤵
        Adds policy Run key to start application
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:648
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2248
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        8⤵
        Adds policy Run key to start application
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4232
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        9⤵
        Adds policy Run key to start application
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4532
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:628
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3736
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3472
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:400
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3980
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        15⤵
        Executes dropped EXE
        Checks computer location settings
        Suspicious use of WriteProcessMemory
        
        PID:2388
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3224
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:888
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1796
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4864
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2592
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4212
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1768
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        23⤵
        Executes dropped EXE
        
        PID:4412
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        24⤵
        Executes dropped EXE
        
        PID:4552
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        25⤵
        Executes dropped EXE
        
        PID:5000
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        26⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3324
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        27⤵
        Executes dropped EXE
        
        PID:4868
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        28⤵
        Executes dropped EXE
        
        PID:220
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        29⤵
        Executes dropped EXE
        
        PID:3148
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3064
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        31⤵
        Executes dropped EXE
        
        PID:4600
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        32⤵
        Executes dropped EXE
        
        PID:4224
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        33⤵
        Executes dropped EXE
        
        PID:3104
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        34⤵
        Executes dropped EXE
        
        PID:4188
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3632
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        36⤵
        Executes dropped EXE
        
        PID:4204
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        37⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3984
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        38⤵
        Executes dropped EXE
        
        PID:2080
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        39⤵
        Executes dropped EXE
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3224
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        40⤵
        Executes dropped EXE
        
        PID:2220
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        41⤵
        Executes dropped EXE
        
        PID:1556
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        42⤵
        Executes dropped EXE
        
        PID:3368
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        43⤵
        Executes dropped EXE
        
        PID:2592
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        44⤵
        Executes dropped EXE
        
        PID:4212
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        45⤵
        Executes dropped EXE
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1768
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        46⤵
        Adds policy Run key to start application
        Executes dropped EXE
        
        PID:2236
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        47⤵
        Executes dropped EXE
        
        PID:4768
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        48⤵
        Executes dropped EXE
        
        PID:5000
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        49⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2896
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        50⤵
        Executes dropped EXE
        
        PID:4036
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        51⤵
        Executes dropped EXE
        
        PID:2924
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        52⤵
        Adds policy Run key to start application
        Executes dropped EXE
        
        PID:556
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        53⤵
        Executes dropped EXE
        
        PID:1668
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        54⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3712
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        55⤵
        Executes dropped EXE
        
        PID:3032
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        56⤵
        Executes dropped EXE
        
        PID:4476
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        57⤵
        Executes dropped EXE
        
        PID:1616
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        58⤵
        Executes dropped EXE
        
        PID:1564
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        59⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:2336
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        60⤵
        Executes dropped EXE
        
        PID:4248
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        61⤵
        Executes dropped EXE
        
        PID:4280
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        62⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:4032
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        63⤵
        Executes dropped EXE
        
        PID:4560
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        64⤵
        Adds policy Run key to start application
        Executes dropped EXE
        
        PID:4972
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        65⤵
        Executes dropped EXE
        
        PID:4888
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        66⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        67⤵
        Adds policy Run key to start application
        
        PID:4044
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        68⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        69⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        70⤵
        
        PID:1140
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        71⤵
        Checks computer location settings
        
        PID:4524
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        72⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        73⤵
        Drops file in System32 directory
        
        PID:5036
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        74⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        75⤵
        Checks computer location settings
        
        PID:2248
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        76⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        77⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        78⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        79⤵
        
        PID:980
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        80⤵
        Adds policy Run key to start application
        
        PID:4188
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        81⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        82⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        83⤵
        Drops file in System32 directory
        
        PID:3984
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        84⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        85⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        86⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        87⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        88⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        89⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        90⤵
        
        PID:752
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        91⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        92⤵
        Drops file in System32 directory
        
        PID:4556
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        93⤵
        Checks computer location settings
        
        PID:4904
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        94⤵
        Adds policy Run key to start application
        
        PID:4912
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        95⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        96⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        97⤵
        Drops file in System32 directory
        
        PID:2784
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        98⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        99⤵
        Checks computer location settings
        
        PID:748
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        100⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        101⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        102⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        103⤵
        
        PID:932
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        104⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        105⤵
        Drops file in System32 directory
        
        PID:1616
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        106⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        107⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        108⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        109⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        110⤵
        Adds policy Run key to start application
        
        PID:4280
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        111⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        112⤵
        Drops file in System32 directory
        
        PID:560
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        113⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        114⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        115⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        116⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        117⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        118⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        119⤵
        Checks computer location settings
        
        PID:3172
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        120⤵
        Adds policy Run key to start application
        
        PID:4192
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        121⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        122⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        123⤵
        Drops file in System32 directory
        
        PID:4572
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        124⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        125⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        126⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        127⤵
        Adds policy Run key to start application
        
        PID:1008
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        128⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        129⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        130⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        131⤵
        Checks computer location settings
        
        PID:2548
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        132⤵
        Adds policy Run key to start application
        
        PID:1308
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        133⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        134⤵
        Checks computer location settings
        
        PID:3924
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        135⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        136⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        137⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        138⤵
        Checks computer location settings
        
        PID:1160
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        139⤵
        Checks computer location settings
        
        PID:4560
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        140⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        141⤵
        Adds policy Run key to start application
        
        PID:1476
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        142⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        143⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        144⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        145⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        146⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        147⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3324
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        148⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        149⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        150⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        151⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        152⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        153⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        154⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        155⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        156⤵
        Drops file in System32 directory
        
        PID:2644
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        157⤵
        
        PID:784
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        158⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        159⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        160⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        161⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        162⤵
        
        PID:828
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        163⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        164⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        165⤵
        Adds policy Run key to start application
        Drops file in System32 directory
        
        PID:1560
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        166⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        167⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        168⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        169⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        170⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        171⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        172⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        173⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        174⤵
        Adds policy Run key to start application
        Drops file in System32 directory
        
        PID:4820
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        175⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        176⤵
        Adds policy Run key to start application
        
        PID:3104
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        177⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        178⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        179⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        180⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        181⤵
        Checks computer location settings
        
        PID:4788
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        182⤵
        Checks computer location settings
        
        PID:3572
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        183⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        184⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        185⤵
        Adds policy Run key to start application
        
        PID:2004
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        186⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        187⤵
        
        PID:444
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        188⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        189⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        190⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        191⤵
        Adds policy Run key to start application
        
        PID:1560
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        192⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        193⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        194⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        195⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        196⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        197⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        198⤵
        
        PID:944
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        199⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        200⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        201⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        202⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        203⤵
        
        PID:392
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        204⤵
        Drops file in System32 directory
        
        PID:3480
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        205⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        206⤵
        Checks computer location settings
        
        PID:1996
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        207⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        208⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        209⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        210⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        211⤵
        
        PID:448
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        212⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        213⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        214⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        215⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        216⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        217⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        218⤵
        Checks computer location settings
        
        PID:4412
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        219⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        220⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        221⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        222⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        223⤵
        
        PID:652
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        224⤵
        Checks computer location settings
        
        PID:4820
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        225⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        226⤵
        Checks computer location settings
        
        PID:3312
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        227⤵
        Drops file in System32 directory
        
        PID:3060
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        228⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        229⤵
        Adds policy Run key to start application
        
        PID:1616
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        230⤵
        
        PID:1144
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        231⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        232⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        233⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        234⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        235⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        236⤵
        Checks computer location settings
        
        PID:700
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        237⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        238⤵
        Checks computer location settings
        
        PID:3092
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        239⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        240⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        241⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        242⤵
        Checks computer location settings
        
        PID:4904
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        243⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        244⤵
        Adds policy Run key to start application
        
        PID:1212
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        245⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        246⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        247⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        248⤵
        
        PID:572
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        249⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        250⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        251⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        252⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        253⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        254⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        255⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        256⤵
        
        PID:888
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        257⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        258⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        259⤵
        
        PID:820
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        260⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        261⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        262⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        263⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        264⤵
        Drops file in System32 directory
        
        PID:4556
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        265⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        266⤵
        Checks computer location settings
        
        PID:3016
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        267⤵
        Adds policy Run key to start application
        
        PID:4756
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        268⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        269⤵
        Adds policy Run key to start application
        
        PID:4868
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        270⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        271⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        272⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        273⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        274⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        275⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        276⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        277⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        278⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        279⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        280⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        281⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        282⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        283⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        284⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        285⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        286⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        287⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        288⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        289⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        290⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        291⤵
        Adds policy Run key to start application
        Checks computer location settings
        
        PID:1872
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        292⤵
        
        PID:728
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        293⤵
        Adds policy Run key to start application
        
        PID:3332
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        294⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        295⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        296⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        297⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        298⤵
        Drops file in System32 directory
        
        PID:480
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        299⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        300⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        301⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        302⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        303⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        304⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        305⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        306⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        307⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        308⤵
        Adds policy Run key to start application
        
        PID:2000
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        309⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        310⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        311⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        312⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        313⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        314⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        315⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        316⤵
        Checks computer location settings
        
        PID:572
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        317⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        318⤵
        Adds policy Run key to start application
        Drops file in System32 directory
        
        PID:2328
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        319⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        320⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        321⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        322⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        323⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        324⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        325⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        326⤵
        Checks computer location settings
        
        PID:856
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        327⤵
        Drops file in System32 directory
        
        PID:3820
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        328⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        329⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        330⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        331⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        332⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        333⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        334⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        335⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        336⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        337⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        338⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        339⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        340⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        341⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        342⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        343⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        344⤵
        Checks computer location settings
        
        PID:2964
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        345⤵
        
        PID:836
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        346⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        347⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        348⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        349⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        350⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        351⤵
        Adds policy Run key to start application
        
        PID:4648
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        352⤵
        Checks computer location settings
        
        PID:2776
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        353⤵
        Checks computer location settings
        
        PID:372
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        354⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        355⤵
        Drops file in System32 directory
        
        PID:3564
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        356⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        357⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        358⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        359⤵
        Drops file in System32 directory
        
        PID:4252
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        360⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        361⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        362⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        363⤵
        Adds policy Run key to start application
        
        PID:4968
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        364⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        365⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        366⤵
        
        PID:8
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        367⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        368⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        369⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        370⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        371⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        372⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        373⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        374⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        375⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        376⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        377⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        378⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        379⤵
        
        PID:648
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        380⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        381⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        382⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        383⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        384⤵
        Drops file in System32 directory
        
        PID:2184
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        385⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        386⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        387⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        388⤵
        Adds policy Run key to start application
        
        PID:2864
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        389⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        390⤵
        
        PID:888
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        391⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        392⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        393⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        394⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        395⤵
        
        PID:820
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        396⤵
        Adds policy Run key to start application
        
        PID:4052
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        397⤵
        Drops file in System32 directory
        
        PID:4972
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        398⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        399⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        400⤵
        Checks computer location settings
        
        PID:3460
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        401⤵
        
        PID:636
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        402⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        403⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        404⤵
        
        PID:728
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        405⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        406⤵
        Checks computer location settings
        
        PID:1304
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        407⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        408⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        409⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        410⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        411⤵
        Checks computer location settings
        
        PID:2644
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        412⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        413⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        414⤵
        Adds policy Run key to start application
        
        PID:1856
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        415⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        416⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        417⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        418⤵
        
        PID:856
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        419⤵
        
        PID:820
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        420⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        421⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        422⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        423⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        424⤵
        Drops file in System32 directory
        
        PID:3460
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        425⤵
        
        PID:748
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        426⤵
        Drops file in System32 directory
        
        PID:4980
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        427⤵
        Drops file in System32 directory
        
        PID:3172
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        428⤵
        
        PID:556
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        429⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        430⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        431⤵
        
        PID:360
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        432⤵
        Adds policy Run key to start application
        
        PID:2320
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        433⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        434⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        435⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        436⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        437⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        438⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        439⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        440⤵
        Checks computer location settings
        
        PID:3328
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        441⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        442⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        443⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        444⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        445⤵
        Adds policy Run key to start application
        
        PID:5112
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        446⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        447⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        448⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        449⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        450⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        451⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        452⤵
        Adds policy Run key to start application
        
        PID:4548
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        453⤵
        Drops file in System32 directory
        
        PID:3644
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        454⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        455⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        456⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        457⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        458⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        459⤵
        
        PID:888
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        460⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        461⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        462⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        463⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        464⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        465⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        466⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        467⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        468⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        469⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        470⤵
        Adds policy Run key to start application
        
        PID:3556
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        471⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        472⤵
        Drops file in System32 directory
        
        PID:2672
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        473⤵
        Adds policy Run key to start application
        
        PID:4224
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        474⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        475⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        476⤵
        
        PID:832
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        477⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        478⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        479⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        480⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3916
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        481⤵
        
        PID:896
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        482⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        483⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        484⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        485⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        486⤵
        Drops file in System32 directory
        
        PID:3088
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        487⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        488⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        489⤵
        Drops file in System32 directory
        
        PID:4676
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        490⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        491⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        492⤵
        
        PID:372
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        493⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        494⤵
        Checks computer location settings
        
        PID:2312
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        495⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        496⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        497⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        498⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        499⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        500⤵
        Drops file in System32 directory
        
        PID:3980
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        501⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        502⤵
        Adds policy Run key to start application
        
        PID:1832
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        503⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        504⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        505⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        506⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        507⤵
        Drops file in System32 directory
        
        PID:5028
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        508⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        509⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        510⤵
        
        PID:956
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        511⤵
        Adds policy Run key to start application
        
        PID:3440
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        512⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        513⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        514⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        515⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        516⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4352
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        517⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        518⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        519⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        520⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        521⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        522⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        523⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        524⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        525⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        526⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        527⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        528⤵
        Checks computer location settings
        
        PID:3508
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        529⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        530⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        531⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        532⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        533⤵
        Checks computer location settings
        
        PID:4300
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        534⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        535⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        536⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        537⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        538⤵
        Drops file in System32 directory
        
        PID:2776
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        539⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        540⤵
        Drops file in System32 directory
        
        PID:3096
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        541⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        542⤵
        
        PID:728
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        543⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        544⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        545⤵
        Adds policy Run key to start application
        
        PID:3264
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        546⤵
        Drops file in System32 directory
        
        PID:1904
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        547⤵
        Checks computer location settings
        
        PID:1008
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        548⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        549⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        550⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        551⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        552⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        553⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        554⤵
        Drops file in System32 directory
        
        PID:1604
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        555⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        556⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        557⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        558⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        559⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        560⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        561⤵
        Drops file in System32 directory
        
        PID:4216
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        562⤵
        
        PID:224
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        563⤵
        Drops file in System32 directory
        
        PID:2344
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        564⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        565⤵
        Checks computer location settings
        
        PID:652
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        566⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        567⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        568⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        569⤵
        
        PID:392
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        570⤵
        Checks computer location settings
        
        PID:3480
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        571⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        572⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        573⤵
        
        PID:888
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        574⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        575⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        576⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        577⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        578⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        579⤵
        
        PID:856
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        580⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        581⤵
        Adds policy Run key to start application
        Checks computer location settings
        
        PID:1416
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        582⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        583⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        584⤵
        
        PID:372
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        585⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        586⤵
        
        PID:3556
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        587⤵
        Drops file in System32 directory
        
        PID:3740
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        588⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        589⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        590⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        591⤵
        Checks computer location settings
        
        PID:3136
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        592⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        593⤵
        Drops file in System32 directory
        
        PID:5044
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        594⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        595⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        596⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        597⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        598⤵
        Adds policy Run key to start application
        
        PID:2388
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        599⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        600⤵
        Checks computer location settings
        
        PID:4280
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        601⤵
        
        PID:820
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        602⤵
        Checks computer location settings
        
        PID:956
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        603⤵
        Checks computer location settings
        
        PID:4268
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        604⤵
        Adds policy Run key to start application
        
        PID:4932
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        605⤵
        Drops file in System32 directory
        
        PID:1012
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        606⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        607⤵
        Adds policy Run key to start application
        
        PID:5076
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        608⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        609⤵
        
        PID:216
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        610⤵
        
        PID:308
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        611⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        612⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        613⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        614⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        615⤵
        
        PID:360
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        616⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        617⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        618⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        619⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        620⤵
        Drops file in System32 directory
        
        PID:3924
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        621⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        622⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        623⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        624⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        625⤵
        Adds policy Run key to start application
        
        PID:4856
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        626⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        627⤵
        
        PID:956
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        628⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        629⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        630⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        631⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        632⤵
        Adds policy Run key to start application
        
        PID:2092
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        633⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        634⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        635⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        636⤵
        Adds policy Run key to start application
        
        PID:3740
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        637⤵
        Checks computer location settings
        
        PID:1364
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        638⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        639⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        640⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        641⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        642⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        643⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        644⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        645⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        646⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        647⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        648⤵
        Drops file in System32 directory
        
        PID:2936
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        649⤵
        Checks computer location settings
        
        PID:2760
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        650⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        651⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        652⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        653⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        654⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        655⤵
        
        PID:1840
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        656⤵
        Checks computer location settings
        
        PID:4132
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        657⤵
        Adds policy Run key to start application
        
        PID:3776
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        658⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        659⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        660⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        661⤵
        Adds policy Run key to start application
        
        PID:3592
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        662⤵
        
        PID:220
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        663⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        664⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        665⤵
        
        PID:360
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        666⤵
        Drops file in System32 directory
        
        PID:4220
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        667⤵
        
        PID:3632
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        668⤵
        Drops file in System32 directory
        
        PID:3608
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        669⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        670⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        671⤵
        Drops file in System32 directory
        
        PID:1732
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        672⤵
        Adds policy Run key to start application
        Checks computer location settings
        
        PID:2640
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        673⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        674⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        675⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        676⤵
        Checks computer location settings
        
        PID:3688
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        677⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        678⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        679⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        680⤵
        Adds policy Run key to start application
        
        PID:4348
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        681⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        682⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        683⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        684⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        685⤵
        Adds policy Run key to start application
        
        PID:3460
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        686⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        687⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        688⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        689⤵
        Adds policy Run key to start application
        
        PID:2216
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        690⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        691⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        692⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        693⤵
        
        PID:964
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        694⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        695⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        696⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        697⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        698⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        699⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        700⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        701⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        702⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        703⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        704⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        705⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        706⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        707⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        708⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        709⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        710⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        711⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        712⤵
        Drops file in System32 directory
        
        PID:220
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        713⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        714⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        715⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        716⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        717⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        718⤵
        
        PID:756
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        719⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        720⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        721⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        722⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        723⤵
        Adds policy Run key to start application
        
        PID:2188
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        724⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        725⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        726⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        727⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        728⤵
        Adds policy Run key to start application
        
        PID:524
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        729⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        730⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        731⤵
        Adds policy Run key to start application
        Drops file in System32 directory
        
        PID:3016
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        732⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        733⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        734⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        735⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        736⤵
        
        PID:556
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        737⤵
        Drops file in System32 directory
        
        PID:2668
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        738⤵
        Adds policy Run key to start application
        
        PID:2896
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        739⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        740⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        741⤵
        Adds policy Run key to start application
        
        PID:3408
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        742⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        743⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        744⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        745⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        746⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        747⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        748⤵
        Checks computer location settings
        
        PID:4888
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        749⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        750⤵
        Drops file in System32 directory
        
        PID:4080
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        751⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        752⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        753⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        754⤵
        Adds policy Run key to start application
        
        PID:4748
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        755⤵
        Checks computer location settings
        
        PID:1704
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        756⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        757⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        758⤵
        Adds policy Run key to start application
        
        PID:5000
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        759⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        760⤵
        Checks computer location settings
        
        PID:1076
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        761⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        762⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        763⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        764⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        765⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        766⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        767⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        768⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        769⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        770⤵
        Adds policy Run key to start application
        Checks computer location settings
        
        PID:2324
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        771⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        772⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        773⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        774⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        775⤵
        
        PID:784
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        776⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        777⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        778⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        779⤵
        Checks computer location settings
        
        PID:4700
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        780⤵
        
        PID:768
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        781⤵
        Checks computer location settings
        
        PID:4348
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        782⤵
        Drops file in System32 directory
        
        PID:1028
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        783⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        784⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        785⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        786⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        787⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        788⤵
        Adds policy Run key to start application
        
        PID:1908
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        789⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        790⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        791⤵
        Checks computer location settings
        
        PID:4852
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        792⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        793⤵
        Adds policy Run key to start application
        
        PID:1308
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        794⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        795⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        796⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        797⤵
        Drops file in System32 directory
        
        PID:4924
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        798⤵
        Adds policy Run key to start application
        
        PID:2676
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        799⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        800⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        801⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        802⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        803⤵
        Checks computer location settings
        
        PID:1712
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        804⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        805⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        806⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        807⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        808⤵
        Checks computer location settings
        
        PID:2424
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        809⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        810⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1352
        
        C:\Windows\SysWOW64\dll\lsass.exe
        
        "C:\Windows\system32\dll\lsass.exe"
        811⤵
        
        PID:2704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
C:\Windows\SysWOW64\dll\lsass.exe

Filesize
5KB

MD5
f59c3bfcb353328cd568304219d0fd1a

SHA1
ff3ccdabe43999e1edefad716b52ca14bc52bbf8

SHA256
8de3ed4f09558ad0d5a58c98b18213e520ef3f86f88c2ae4fe682b1934396be6

SHA512
6de1189f7fd88ee5d945aef430a7c53d59615e5ac2b9e6492f548118d5715b64897ed5dac3c86eab46d50157a9797b3c5a0a8753a9d9a3dd0cc9b7426430fb2f

Download Submit
memory/220-217-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/400-172-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/628-163-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/648-150-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/888-184-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1232-319-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1436-139-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1556-253-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1564-303-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1616-300-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1668-287-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1704-144-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1768-267-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1768-199-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1796-187-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2080-246-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2220-252-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2248-153-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2308-322-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2336-306-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2388-178-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2592-193-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2592-261-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2896-278-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2924-284-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3032-295-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3104-231-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3164-138-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3224-249-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3224-181-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3324-211-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3368-258-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3404-147-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3472-169-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3632-237-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3712-292-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3736-166-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3980-173-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3984-243-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4036-281-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4188-234-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4204-238-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4212-196-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4212-264-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4224-228-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4232-156-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4248-309-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4280-312-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4412-202-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4532-160-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4532-157-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4552-205-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4560-317-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4600-222-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4600-225-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4768-272-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4864-190-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4868-214-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/4904-132-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/5000-206-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/5000-275-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/5032-321-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/5036-323-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/5112-320-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download