fakeav | 59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e

Analysis

max time kernel
66s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe
Size

724KB
MD5

067febe3636e8699874c4c38362683b0
SHA1

3a45e3662c20586d540b33fa18c9ce5c2c78144c
SHA256

59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e
SHA512

1c9be6b499b7454ac390d395e240d323c573490e1e58c2b0f1cfb0fd580fe2359a73708050d114cb82b7b2f01f2263e6988c1c1b4a608872f1025b10a2227f8f
SSDEEP

12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dgN6X+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdXE6o

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Signatures

FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
fakeav spyware fakeav

FakeAV payload 3 IoCs

fakeav spyware

resource	yara_rule
behavioral1/files/0x0007000000014b5d-60.dat	fakeav
behavioral1/files/0x0007000000014b5d-64.dat	fakeav
behavioral1/files/0x0007000000014b5d-86.dat	fakeav

Executes dropped EXE 64 IoCs

pid	Process
1972	srtsrv32.exe
1928	lssmon.exe
864	LSASSMGR.EXE
776	LSASSMGR.EXE
828	srtsrv32.exe
1816	LSASSMGR.EXE
1456	LSASSMGR.EXE
1884	LSASSMGR.EXE
1692	LSASSMGR.EXE
1860	LSASSMGR.EXE
1828	LSASSMGR.EXE
1160	LSASSMGR.EXE
944	LSASSMGR.EXE
1728	LSASSMGR.EXE
1824	LSASSMGR.EXE
2020	LSASSMGR.EXE
764	LSASSMGR.EXE
336	LSASSMGR.EXE
1496	LSASSMGR.EXE
1872	LSASSMGR.EXE
1660	srtsrv32.exe
1792	LSASSMGR.EXE
1868	LSASSMGR.EXE
1900	LSASSMGR.EXE
644	LSASSMGR.EXE
1632	LSASSMGR.EXE
1732	LSASSMGR.EXE
1664	LSASSMGR.EXE
428	LSASSMGR.EXE
1804	LSASSMGR.EXE
1884	LSASSMGR.EXE
1132	LSASSMGR.EXE
1988	LSASSMGR.EXE
2036	LSASSMGR.EXE
1740	LSASSMGR.EXE
548	srtsrv32.exe
1380	LSASSMGR.EXE
1300	LSASSMGR.EXE
1716	LSASSMGR.EXE
1492	LSASSMGR.EXE
904	LSASSMGR.EXE
1000	LSASSMGR.EXE
1076	LSASSMGR.EXE
692	LSASSMGR.EXE
1092	LSASSMGR.EXE
924	LSASSMGR.EXE
1496	LSASSMGR.EXE
832	LSASSMGR.EXE
1036	LSASSMGR.EXE
1204	LSASSMGR.EXE
1868	LSASSMGR.EXE
1112	LSASSMGR.EXE
1672	LSASSMGR.EXE
1664	LSASSMGR.EXE
428	LSASSMGR.EXE
836	LSASSMGR.EXE
1680	LSASSMGR.EXE
628	LSASSMGR.EXE
956	LSASSMGR.EXE
2036	LSASSMGR.EXE
1056	LSASSMGR.EXE
944	LSASSMGR.EXE
580	LSASSMGR.EXE
1380	LSASSMGR.EXE

Sets file execution options in registry 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe"	LSASSMGR.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe	LSASSMGR.EXE

Loads dropped DLL 64 IoCs

pid	Process
2020	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe
2020	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe
2020	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe
1972	srtsrv32.exe
1972	srtsrv32.exe
864	LSASSMGR.EXE
864	LSASSMGR.EXE
1928	lssmon.exe
776	LSASSMGR.EXE
1928	lssmon.exe
776	LSASSMGR.EXE
828	srtsrv32.exe
828	srtsrv32.exe
1816	LSASSMGR.EXE
1816	LSASSMGR.EXE
1456	LSASSMGR.EXE
1456	LSASSMGR.EXE
1884	LSASSMGR.EXE
1884	LSASSMGR.EXE
1692	LSASSMGR.EXE
1692	LSASSMGR.EXE
1860	LSASSMGR.EXE
1860	LSASSMGR.EXE
1828	LSASSMGR.EXE
1828	LSASSMGR.EXE
1160	LSASSMGR.EXE
1160	LSASSMGR.EXE
944	LSASSMGR.EXE
944	LSASSMGR.EXE
1728	LSASSMGR.EXE
1728	LSASSMGR.EXE
1824	LSASSMGR.EXE
1824	LSASSMGR.EXE
2020	LSASSMGR.EXE
2020	LSASSMGR.EXE
764	LSASSMGR.EXE
764	LSASSMGR.EXE
336	LSASSMGR.EXE
336	LSASSMGR.EXE
1928	lssmon.exe
1496	LSASSMGR.EXE
1496	LSASSMGR.EXE
1928	lssmon.exe
1872	LSASSMGR.EXE
1872	LSASSMGR.EXE
1660	srtsrv32.exe
1660	srtsrv32.exe
1792	LSASSMGR.EXE
1792	LSASSMGR.EXE
1868	LSASSMGR.EXE
1868	LSASSMGR.EXE
644	LSASSMGR.EXE
644	LSASSMGR.EXE
1900	LSASSMGR.EXE
1900	LSASSMGR.EXE
1632	LSASSMGR.EXE
1632	LSASSMGR.EXE
1732	LSASSMGR.EXE
1732	LSASSMGR.EXE
1664	LSASSMGR.EXE
1664	LSASSMGR.EXE
428	LSASSMGR.EXE
428	LSASSMGR.EXE
1804	LSASSMGR.EXE

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	srtsrv32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE"	LSASSMGR.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe"	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	srtsrv32.exe
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File created	C:\Windows\SysWOW64\LSASSMGR.EXE	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE
File opened for modification	C:\Windows\SysWOW64\spool.exe	srtsrv32.exe
File created	C:\Windows\SysWOW64\spool.exe	LSASSMGR.EXE

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE
File created	C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe	LSASSMGR.EXE
File opened for modification	C:\Program Files (x86)\Internet Explorer\iexplor.exe	LSASSMGR.EXE

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\divx32.dll	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1500	1928	WerFault.exe	28

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1972	2020	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe	27
PID 2020 wrote to memory of 1972	2020	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe	27
PID 2020 wrote to memory of 1972	2020	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe	27
PID 2020 wrote to memory of 1972	2020	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe	27
PID 2020 wrote to memory of 1928	2020	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe	28
PID 2020 wrote to memory of 1928	2020	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe	28
PID 2020 wrote to memory of 1928	2020	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe	28
PID 2020 wrote to memory of 1928	2020	59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe	28
PID 1972 wrote to memory of 864	1972	srtsrv32.exe	29
PID 1972 wrote to memory of 864	1972	srtsrv32.exe	29
PID 1972 wrote to memory of 864	1972	srtsrv32.exe	29
PID 1972 wrote to memory of 864	1972	srtsrv32.exe	29
PID 864 wrote to memory of 776	864	LSASSMGR.EXE	30
PID 864 wrote to memory of 776	864	LSASSMGR.EXE	30
PID 864 wrote to memory of 776	864	LSASSMGR.EXE	30
PID 864 wrote to memory of 776	864	LSASSMGR.EXE	30
PID 1928 wrote to memory of 828	1928	lssmon.exe	32
PID 1928 wrote to memory of 828	1928	lssmon.exe	32
PID 1928 wrote to memory of 828	1928	lssmon.exe	32
PID 1928 wrote to memory of 828	1928	lssmon.exe	32
PID 776 wrote to memory of 1816	776	LSASSMGR.EXE	31
PID 776 wrote to memory of 1816	776	LSASSMGR.EXE	31
PID 776 wrote to memory of 1816	776	LSASSMGR.EXE	31
PID 776 wrote to memory of 1816	776	LSASSMGR.EXE	31
PID 828 wrote to memory of 1456	828	srtsrv32.exe	33
PID 828 wrote to memory of 1456	828	srtsrv32.exe	33
PID 828 wrote to memory of 1456	828	srtsrv32.exe	33
PID 828 wrote to memory of 1456	828	srtsrv32.exe	33
PID 1816 wrote to memory of 1884	1816	LSASSMGR.EXE	56
PID 1816 wrote to memory of 1884	1816	LSASSMGR.EXE	56
PID 1816 wrote to memory of 1884	1816	LSASSMGR.EXE	56
PID 1816 wrote to memory of 1884	1816	LSASSMGR.EXE	56
PID 1456 wrote to memory of 1692	1456	LSASSMGR.EXE	35
PID 1456 wrote to memory of 1692	1456	LSASSMGR.EXE	35
PID 1456 wrote to memory of 1692	1456	LSASSMGR.EXE	35
PID 1456 wrote to memory of 1692	1456	LSASSMGR.EXE	35
PID 1884 wrote to memory of 1860	1884	LSASSMGR.EXE	36
PID 1884 wrote to memory of 1860	1884	LSASSMGR.EXE	36
PID 1884 wrote to memory of 1860	1884	LSASSMGR.EXE	36
PID 1884 wrote to memory of 1860	1884	LSASSMGR.EXE	36
PID 1692 wrote to memory of 1828	1692	LSASSMGR.EXE	37
PID 1692 wrote to memory of 1828	1692	LSASSMGR.EXE	37
PID 1692 wrote to memory of 1828	1692	LSASSMGR.EXE	37
PID 1692 wrote to memory of 1828	1692	LSASSMGR.EXE	37
PID 1860 wrote to memory of 1160	1860	LSASSMGR.EXE	38
PID 1860 wrote to memory of 1160	1860	LSASSMGR.EXE	38
PID 1860 wrote to memory of 1160	1860	LSASSMGR.EXE	38
PID 1860 wrote to memory of 1160	1860	LSASSMGR.EXE	38
PID 1828 wrote to memory of 944	1828	LSASSMGR.EXE	40
PID 1828 wrote to memory of 944	1828	LSASSMGR.EXE	40
PID 1828 wrote to memory of 944	1828	LSASSMGR.EXE	40
PID 1828 wrote to memory of 944	1828	LSASSMGR.EXE	40
PID 1160 wrote to memory of 1728	1160	LSASSMGR.EXE	39
PID 1160 wrote to memory of 1728	1160	LSASSMGR.EXE	39
PID 1160 wrote to memory of 1728	1160	LSASSMGR.EXE	39
PID 1160 wrote to memory of 1728	1160	LSASSMGR.EXE	39
PID 944 wrote to memory of 1824	944	LSASSMGR.EXE	41
PID 944 wrote to memory of 1824	944	LSASSMGR.EXE	41
PID 944 wrote to memory of 1824	944	LSASSMGR.EXE	41
PID 944 wrote to memory of 1824	944	LSASSMGR.EXE	41
PID 1728 wrote to memory of 2020	1728	LSASSMGR.EXE	42
PID 1728 wrote to memory of 2020	1728	LSASSMGR.EXE	42
PID 1728 wrote to memory of 2020	1728	LSASSMGR.EXE	42
PID 1728 wrote to memory of 2020	1728	LSASSMGR.EXE	42

C:\Users\Admin\AppData\Local\Temp\59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe
"C:\Users\Admin\AppData\Local\Temp\59cc12b7c5baf54c3ceb6730cfd8a6f3fc45906223c7d85e94e380acd4e28d7e.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\srtsrv32.exe
  "C:\Windows\system32\srtsrv32.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Windows\SysWOW64\LSASSMGR.EXE
    "C:\Windows\system32\LSASSMGR.EXE"
    3⤵
    - Executes dropped EXE
    - Sets file execution options in registry
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:864
  - - C:\Windows\SysWOW64\LSASSMGR.EXE
      "C:\Windows\system32\LSASSMGR.EXE"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      Suspicious use of WriteProcessMemory
      PID:776
    - - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:1816
      - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        6⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:1860
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        8⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1160
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1728
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:2020
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        12⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        
        PID:1872
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        13⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Drops file in Program Files directory
        
        PID:1868
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        14⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Drops file in Program Files directory
        
        PID:1632
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        15⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:428
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        16⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:1132
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        17⤵
        Executes dropped EXE
        Sets file execution options in registry
        Drops file in System32 directory
        
        PID:1300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1076
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        19⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:924
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        20⤵
        Executes dropped EXE
        
        PID:1204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:428
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        22⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        24⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        25⤵
        Sets file execution options in registry
        Drops file in Program Files directory
        
        PID:604
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        26⤵
        
        PID:776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        27⤵
        Sets file execution options in registry
        Adds Run key to start application
        
        PID:1388
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        28⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        29⤵
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        30⤵
        Executes dropped EXE
        
        PID:1680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        31⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        32⤵
        
        PID:1716
- C:\Windows\SysWOW64\lssmon.exe
  "C:\Windows\system32\lssmon.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1928
- - C:\Windows\SysWOW64\srtsrv32.exe
    "C:\Windows\system32\srtsrv32.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:828
  - - C:\Windows\SysWOW64\LSASSMGR.EXE
      "C:\Windows\system32\LSASSMGR.EXE"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      Suspicious use of WriteProcessMemory
      PID:1456
    - - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1692
      - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        6⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Drops file in Program Files directory
        Suspicious use of WriteProcessMemory
        
        PID:1828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:1824
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:764
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        10⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:1496
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1792
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        12⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        
        PID:1804
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        15⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1988
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        16⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:1740
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        17⤵
        Executes dropped EXE
        Sets file execution options in registry
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1716
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        18⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        19⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        20⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        21⤵
        Executes dropped EXE
        
        PID:1868
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        22⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1672
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        23⤵
        
        PID:836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        24⤵
        Executes dropped EXE
        Sets file execution options in registry
        
        PID:2036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        25⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        26⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        27⤵
        Adds Run key to start application
        
        PID:1608
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        28⤵
        Adds Run key to start application
        
        PID:1812
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        29⤵
        Drops file in Program Files directory
        
        PID:1204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        30⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        31⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        32⤵
        Sets file execution options in registry
        
        PID:1968
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        33⤵
        
        PID:904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        34⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        35⤵
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:668
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        36⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        37⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        38⤵
        Sets file execution options in registry
        
        PID:1748
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        39⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        40⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        41⤵
        Sets file execution options in registry
        
        PID:1788
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        42⤵
        Sets file execution options in registry
        
        PID:1636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        43⤵
        Sets file execution options in registry
        Adds Run key to start application
        
        PID:644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        44⤵
        Adds Run key to start application
        
        PID:1308
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        45⤵
        Sets file execution options in registry
        Drops file in System32 directory
        
        PID:428
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        46⤵
        Adds Run key to start application
        
        PID:2028
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        47⤵
        Adds Run key to start application
        
        PID:1556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        48⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        49⤵
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:1260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        50⤵
        Adds Run key to start application
        
        PID:1508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        51⤵
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:888
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        52⤵
        Sets file execution options in registry
        Drops file in Program Files directory
        
        PID:1096
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        53⤵
        Adds Run key to start application
        
        PID:1804
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        54⤵
        Drops file in Program Files directory
        
        PID:1036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        55⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        56⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        57⤵
        Sets file execution options in registry
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1624
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        58⤵
        Drops file in Program Files directory
        
        PID:548
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        59⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        60⤵
        Sets file execution options in registry
        Adds Run key to start application
        
        PID:2020
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        61⤵
        Sets file execution options in registry
        Adds Run key to start application
        
        PID:1836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        62⤵
        Drops file in Program Files directory
        
        PID:1812
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        63⤵
        Sets file execution options in registry
        
        PID:1936
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        64⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        65⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        66⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        67⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        68⤵
        
        PID:904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        69⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        70⤵
        
        PID:644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        71⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        72⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        73⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        74⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        75⤵
        
        PID:976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        76⤵
        
        PID:692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        77⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        78⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        79⤵
        
        PID:428
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        80⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        81⤵
        
        PID:628
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        82⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        83⤵
        
        PID:304
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        84⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        85⤵
        
        PID:828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        86⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        87⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        88⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        89⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        90⤵
        
        PID:864
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        91⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        92⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        93⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        94⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        95⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        96⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        97⤵
        
        PID:644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        98⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        99⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        100⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        101⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        102⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        103⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        104⤵
        
        PID:304
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        105⤵
        
        PID:836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        106⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        107⤵
        
        PID:888
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        108⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        109⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        110⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        111⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        112⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        113⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        114⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        115⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        116⤵
        
        PID:276
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        117⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        118⤵
        
        PID:604
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        119⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        120⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        121⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        122⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        123⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        124⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        125⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        126⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        127⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        128⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        129⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        130⤵
        
        PID:936
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        131⤵
        
        PID:276
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        132⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        133⤵
        
        PID:604
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        134⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        135⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        136⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        137⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        138⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        139⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        43⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        44⤵
        
        PID:864
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        45⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        46⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        47⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        48⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        49⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        50⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        51⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        52⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        53⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        54⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        55⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        56⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        57⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        58⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        59⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        60⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        61⤵
        
        PID:1116
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        62⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        63⤵
        
        PID:692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        64⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        65⤵
        
        PID:892
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        66⤵
        
        PID:776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        67⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        68⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        69⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        70⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        71⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        72⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        73⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        74⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        75⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        76⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        77⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        78⤵
        
        PID:836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        79⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        80⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        81⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        82⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        83⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        84⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        85⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        86⤵
        
        PID:948
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        87⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        88⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        89⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        90⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        91⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        92⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        93⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        94⤵
        
        PID:572
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        95⤵
        
        PID:832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        96⤵
        
        PID:644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        97⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        98⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        99⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        100⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        101⤵
        
        PID:680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        102⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        103⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        104⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        105⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        106⤵
        
        PID:580
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        107⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        108⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        109⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        110⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        111⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        112⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        113⤵
        
        PID:924
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        114⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        115⤵
        
        PID:764
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        116⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        117⤵
        
        PID:864
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        118⤵
        
        PID:732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        119⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        32⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        33⤵
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1164
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        34⤵
        Adds Run key to start application
        
        PID:1076
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        35⤵
        Sets file execution options in registry
        
        PID:1336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        36⤵
        Adds Run key to start application
        
        PID:840
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        37⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        38⤵
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        39⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:956
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        40⤵
        Drops file in System32 directory
        
        PID:548
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        41⤵
        Drops file in System32 directory
        
        PID:1560
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        42⤵
        Drops file in System32 directory
        
        PID:1768
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        43⤵
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        44⤵
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1512
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        45⤵
        Sets file execution options in registry
        
        PID:1944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        46⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1708
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        47⤵
        
        PID:964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        48⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        49⤵
        
        PID:836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        50⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        51⤵
        Sets file execution options in registry
        Drops file in Program Files directory
        
        PID:1508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        52⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:888
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        53⤵
        Adds Run key to start application
        
        PID:1092
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        54⤵
        
        PID:824
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        55⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        56⤵
        Adds Run key to start application
        
        PID:1828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        57⤵
        
        PID:864
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        58⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1620
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        59⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        60⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        61⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        62⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        63⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        64⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        65⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        66⤵
        Adds Run key to start application
        
        PID:824
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        67⤵
        
        PID:680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        68⤵
        
        PID:948
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        69⤵
        
        PID:964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        70⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        71⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        72⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        73⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        74⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        75⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        76⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        77⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        78⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        79⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        80⤵
        
        PID:836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        81⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        82⤵
        
        PID:884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        83⤵
        
        PID:904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        84⤵
        
        PID:776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        85⤵
        
        PID:268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        86⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        87⤵
        
        PID:824
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        88⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        89⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        90⤵
        
        PID:836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        91⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        92⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        93⤵
        
        PID:832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        94⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        95⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        96⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        97⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        98⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        99⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        100⤵
        
        PID:548
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        101⤵
        
        PID:836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        102⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        103⤵
        
        PID:828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        104⤵
        
        PID:904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        105⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        106⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        107⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        108⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        109⤵
        
        PID:864
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        110⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        111⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        112⤵
        
        PID:964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        113⤵
        
        PID:548
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        106⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        107⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        108⤵
        
        PID:428
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        109⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        110⤵
        
        PID:948
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        111⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        112⤵
        
        PID:556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        113⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        114⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        115⤵
        
        PID:884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        116⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        117⤵
        
        PID:572
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        118⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        119⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        120⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        121⤵
        
        PID:268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        122⤵
        
        PID:904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        123⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        124⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        125⤵
        
        PID:764
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        126⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        127⤵
        
        PID:900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        128⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        129⤵
        Drops file in System32 directory
        
        PID:964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        130⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        131⤵
        
        PID:884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        132⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        133⤵
        
        PID:684
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        134⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        135⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        136⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        137⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        138⤵
        
        PID:924
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        139⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        140⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        141⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        142⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        143⤵
        
        PID:556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        144⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        145⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        146⤵
        
        PID:692
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        147⤵
        
        PID:884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        148⤵
        
        PID:828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        149⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        150⤵
        
        PID:336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        151⤵
        
        PID:832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        152⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        153⤵
        
        PID:268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        154⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        155⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        156⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        157⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        158⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        159⤵
        
        PID:1396
- - C:\Windows\SysWOW64\srtsrv32.exe
    "C:\Windows\system32\srtsrv32.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    PID:1660
  - - C:\Windows\SysWOW64\LSASSMGR.EXE
      "C:\Windows\system32\LSASSMGR.EXE"
      4⤵
      Executes dropped EXE
      Sets file execution options in registry
      Loads dropped DLL
      Drops file in System32 directory
      PID:1900
    - - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:1664
      - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        6⤵
        Executes dropped EXE
        Sets file execution options in registry
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        7⤵
        Executes dropped EXE
        
        PID:2036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        8⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1380
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:1000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1092
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        11⤵
        Executes dropped EXE
        Sets file execution options in registry
        Drops file in System32 directory
        
        PID:1036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        12⤵
        Executes dropped EXE
        Sets file execution options in registry
        Drops file in Program Files directory
        
        PID:1664
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        13⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:628
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        14⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:1056
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        15⤵
        Executes dropped EXE
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1380
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        16⤵
        Sets file execution options in registry
        Adds Run key to start application
        
        PID:336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        17⤵
        
        PID:892
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        18⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        19⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        20⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        21⤵
        Sets file execution options in registry
        
        PID:1984
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        22⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        23⤵
        Sets file execution options in registry
        Drops file in System32 directory
        
        PID:1040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        24⤵
        
        PID:828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        25⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        26⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1868
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        27⤵
        Drops file in Program Files directory
        
        PID:1732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        28⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        29⤵
        Sets file execution options in registry
        Adds Run key to start application
        
        PID:1068
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        30⤵
        Sets file execution options in registry
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1504
- - C:\Windows\SysWOW64\srtsrv32.exe
    "C:\Windows\system32\srtsrv32.exe"
    3⤵
    - Executes dropped EXE
    PID:548
  - - C:\Windows\SysWOW64\LSASSMGR.EXE
      "C:\Windows\system32\LSASSMGR.EXE"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Drops file in Program Files directory
      PID:1492
    - - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        5⤵
        Executes dropped EXE
        Sets file execution options in registry
        
        PID:1496
      - C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        6⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:1112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        7⤵
        
        PID:956
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        8⤵
        
        PID:580
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        9⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        10⤵
        Drops file in Program Files directory
        
        PID:1464
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        11⤵
        Sets file execution options in registry
        
        PID:1172
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        12⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        13⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        14⤵
        
        PID:836
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        15⤵
        Sets file execution options in registry
        Drops file in Program Files directory
        
        PID:1008
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        16⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        17⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:2016
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        18⤵
        Drops file in Program Files directory
        
        PID:776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        19⤵
        Sets file execution options in registry
        Adds Run key to start application
        
        PID:1312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        20⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        21⤵
        Sets file execution options in registry
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:952
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        22⤵
        Sets file execution options in registry
        Drops file in System32 directory
        
        PID:2008
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        23⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        24⤵
        Sets file execution options in registry
        
        PID:900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        25⤵
        Sets file execution options in registry
        Drops file in System32 directory
        
        PID:1644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        26⤵
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:1000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        27⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        28⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        29⤵
        
        PID:828
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        30⤵
        Adds Run key to start application
        
        PID:1796
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        31⤵
        Drops file in System32 directory
        
        PID:1444
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        32⤵
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:1448
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        33⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        34⤵
        Adds Run key to start application
        
        PID:276
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        35⤵
        Executes dropped EXE
        Drops file in Program Files directory
        
        PID:580
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        36⤵
        
        PID:976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        37⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        38⤵
        
        PID:904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        39⤵
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:1660
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        40⤵
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:1884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        41⤵
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:684
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        42⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        43⤵
        Sets file execution options in registry
        
        PID:1964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        44⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1748
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        45⤵
        
        PID:556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        46⤵
        Drops file in System32 directory
        
        PID:1132
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        47⤵
        
        PID:336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        48⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        49⤵
        Adds Run key to start application
        
        PID:832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        50⤵
        Sets file execution options in registry
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:924
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        51⤵
        
        PID:840
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        52⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        53⤵
        
        PID:964
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        54⤵
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:1744
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        55⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        56⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        57⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        58⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        59⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:840
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        57⤵
        
        PID:1292
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        58⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        52⤵
        Sets file execution options in registry
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1996
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        53⤵
        
        PID:900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        54⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        55⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        56⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        57⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        58⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        59⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        60⤵
        Drops file in System32 directory
        
        PID:1800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        61⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        62⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        63⤵
        
        PID:276
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        64⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        65⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        66⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        67⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        68⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        69⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        70⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        71⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        72⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        73⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        74⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        75⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        76⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        77⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        78⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        79⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        80⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        81⤵
        
        PID:824
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        82⤵
        
        PID:956
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        83⤵
        
        PID:936
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        84⤵
        
        PID:556
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        85⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        86⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        87⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        88⤵
        
        PID:336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        89⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        90⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        91⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        92⤵
        
        PID:924
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        93⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        94⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        95⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        96⤵
        
        PID:732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        97⤵
        
        PID:580
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        98⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        99⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        100⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        101⤵
        
        PID:336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        102⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        103⤵
        
        PID:644
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        104⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        105⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        106⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        107⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        108⤵
        
        PID:900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        109⤵
        
        PID:956
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        110⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        111⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        112⤵
        
        PID:572
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        113⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        114⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        115⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        116⤵
        
        PID:904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        117⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        118⤵
        
        PID:1660
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        119⤵
        
        PID:840
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        120⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        121⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        122⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        123⤵
        
        PID:552
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        124⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        125⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        126⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        127⤵
        
        PID:572
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        128⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        129⤵
        
        PID:1336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        130⤵
        
        PID:336
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        131⤵
        
        PID:904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        132⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        133⤵
        
        PID:924
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        134⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        135⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        136⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        137⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        138⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        139⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        140⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        141⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        142⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        143⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        144⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        145⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        146⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        147⤵
        
        PID:904
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        148⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        149⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        150⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        151⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        152⤵
        Drops file in System32 directory
        Drops file in Program Files directory
        
        PID:864
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        153⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        154⤵
        
        PID:976
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        155⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        156⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        157⤵
        
        PID:516
        
        C:\Windows\SysWOW64\LSASSMGR.EXE
        
        "C:\Windows\system32\LSASSMGR.EXE"
        158⤵
        
        PID:1260
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 336
    3⤵
    - Program crash
    PID:1500

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Internet Explorer\iexplor.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Program Files (x86)\Internet Explorer\iexplor.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\lssmon.exe

Filesize
724KB

MD5
38e4b4480a3d4b69afbf5b55b384f432

SHA1
1695ecd633825042f22cca1e5ce186cd5d40cf3a

SHA256
2e22a3b7866c4cd6468b59abdc50f6a85f6a6e02e629ca183001ad54c3090ba1

SHA512
9c70afe1e8b3312d6933ff49490ee0e9326fe43638fccf932d2c5a48ce0dcc56c38d9d7d3589ff051d79b7215268a3627a911cc805819f2a6bdb7d3ccf41c1f5

Download Submit
C:\Windows\SysWOW64\lssmon.exe

Filesize
724KB

MD5
38e4b4480a3d4b69afbf5b55b384f432

SHA1
1695ecd633825042f22cca1e5ce186cd5d40cf3a

SHA256
2e22a3b7866c4cd6468b59abdc50f6a85f6a6e02e629ca183001ad54c3090ba1

SHA512
9c70afe1e8b3312d6933ff49490ee0e9326fe43638fccf932d2c5a48ce0dcc56c38d9d7d3589ff051d79b7215268a3627a911cc805819f2a6bdb7d3ccf41c1f5

Download Submit
C:\Windows\SysWOW64\spool.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\spool.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\spool.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\spool.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\spool.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\spool.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\spool.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\spool.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\spool.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\spool.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\srtsrv32.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\srtsrv32.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
C:\Windows\SysWOW64\srtsrv32.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\LSASSMGR.EXE

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\lssmon.exe

Filesize
724KB

MD5
38e4b4480a3d4b69afbf5b55b384f432

SHA1
1695ecd633825042f22cca1e5ce186cd5d40cf3a

SHA256
2e22a3b7866c4cd6468b59abdc50f6a85f6a6e02e629ca183001ad54c3090ba1

SHA512
9c70afe1e8b3312d6933ff49490ee0e9326fe43638fccf932d2c5a48ce0dcc56c38d9d7d3589ff051d79b7215268a3627a911cc805819f2a6bdb7d3ccf41c1f5

Download Submit
\Windows\SysWOW64\srtsrv32.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\srtsrv32.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\srtsrv32.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
\Windows\SysWOW64\srtsrv32.exe

Filesize
17KB

MD5
906a0778864ff82324bc97c9747cdfc5

SHA1
8ced2940d1e3d8d60429d6846b55907034fda66f

SHA256
60b760c030733b7296eaa7117a618040017f153d554d8e150af994d257aa5076

SHA512
3ccf241ebcaff5af7bea1ace602f560db8e4ddeecb0fee7573731425c6f086778c35fd1aca5b91c9d80d727d60b96ace549467f4b54dd51d0d92a4f5d1308b67

Download Submit
memory/2020-54-0x0000000075D61000-0x0000000075D63000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads