b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

Analysis

max time kernel
157s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe
Size

40KB
MD5

7f1362d711d3d715955cbf7d267f8468
SHA1

91a9e7b972888de0e02d5d0d567774c47e81217d
SHA256

b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b
SHA512

81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714
SSDEEP

768:V6DI8CHd533yujgXDVrQE/fjCjDE3LOWw/PjZoVGKBa:8D0PSuUXJQFDbWw/rZoVGGa

Score

8^/10

persistence

Malware Config

Signatures

Drops file in Drivers directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe
File opened for modification	C:\Windows\system32\drivers\etc\hosts	mancstmgr.exe

Executes dropped EXE 64 IoCs

pid	Process
2740	mancstmgr.exe
4980	mancstmgr.exe
4448	mancstmgr.exe
308	mancstmgr.exe
5064	mancstmgr.exe
4864	mancstmgr.exe
3820	mancstmgr.exe
1200	mancstmgr.exe
3264	mancstmgr.exe
1396	mancstmgr.exe
3612	mancstmgr.exe
4732	mancstmgr.exe
4592	mancstmgr.exe
3220	mancstmgr.exe
3156	mancstmgr.exe
1268	mancstmgr.exe
692	mancstmgr.exe
1844	mancstmgr.exe
2988	mancstmgr.exe
2340	mancstmgr.exe
1016	mancstmgr.exe
512	mancstmgr.exe
4840	mancstmgr.exe
4928	mancstmgr.exe
4408	mancstmgr.exe
1832	mancstmgr.exe
2296	mancstmgr.exe
4548	mancstmgr.exe
800	mancstmgr.exe
1320	mancstmgr.exe
4284	mancstmgr.exe
404	mancstmgr.exe
2388	mancstmgr.exe
4216	mancstmgr.exe
1892	mancstmgr.exe
3232	mancstmgr.exe
3200	mancstmgr.exe
1840	mancstmgr.exe
1488	mancstmgr.exe
1680	mancstmgr.exe
2364	mancstmgr.exe
3576	mancstmgr.exe
4948	mancstmgr.exe
1708	mancstmgr.exe
2660	mancstmgr.exe
4312	mancstmgr.exe
4876	mancstmgr.exe
4364	mancstmgr.exe
4920	mancstmgr.exe
3064	mancstmgr.exe
1064	mancstmgr.exe
4560	mancstmgr.exe
4016	mancstmgr.exe
908	mancstmgr.exe
4308	mancstmgr.exe
4588	mancstmgr.exe
4328	mancstmgr.exe
3744	mancstmgr.exe
1140	mancstmgr.exe
4716	mancstmgr.exe
4636	mancstmgr.exe
5076	mancstmgr.exe
5056	mancstmgr.exe
1904	mancstmgr.exe

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	mancstmgr.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\MSN CST Manager = "mancstmgr.exe"	mancstmgr.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File created	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe
File opened for modification	C:\Windows\SysWOW64\mancstmgr.exe	mancstmgr.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 4492 set thread context of 4912	4492	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	81
PID 2740 set thread context of 4980	2740	mancstmgr.exe	83
PID 4448 set thread context of 308	4448	mancstmgr.exe	88
PID 5064 set thread context of 4864	5064	mancstmgr.exe	91
PID 3820 set thread context of 1200	3820	mancstmgr.exe	96
PID 3264 set thread context of 1396	3264	mancstmgr.exe	100
PID 3612 set thread context of 4732	3612	mancstmgr.exe	104
PID 4592 set thread context of 3220	4592	mancstmgr.exe	107
PID 3156 set thread context of 1268	3156	mancstmgr.exe	112
PID 692 set thread context of 1844	692	mancstmgr.exe	115
PID 2988 set thread context of 2340	2988	mancstmgr.exe	119
PID 1016 set thread context of 512	1016	mancstmgr.exe	124
PID 4840 set thread context of 4928	4840	mancstmgr.exe	127
PID 4408 set thread context of 1832	4408	mancstmgr.exe	131
PID 2296 set thread context of 4548	2296	mancstmgr.exe	136
PID 800 set thread context of 1320	800	mancstmgr.exe	138
PID 4284 set thread context of 404	4284	mancstmgr.exe	144
PID 2388 set thread context of 4216	2388	mancstmgr.exe	149
PID 1892 set thread context of 3232	1892	mancstmgr.exe	154
PID 3200 set thread context of 1840	3200	mancstmgr.exe	158
PID 1488 set thread context of 1680	1488	mancstmgr.exe	161
PID 2364 set thread context of 3576	2364	mancstmgr.exe	166
PID 4948 set thread context of 1708	4948	mancstmgr.exe	169
PID 2660 set thread context of 4312	2660	mancstmgr.exe	174
PID 4876 set thread context of 4364	4876	mancstmgr.exe	178
PID 4920 set thread context of 3064	4920	mancstmgr.exe	182
PID 1064 set thread context of 4560	1064	mancstmgr.exe	185
PID 4016 set thread context of 908	4016	mancstmgr.exe	190
PID 4308 set thread context of 4588	4308	mancstmgr.exe	194
PID 4328 set thread context of 3744	4328	mancstmgr.exe	198
PID 1140 set thread context of 4716	1140	mancstmgr.exe	202
PID 4636 set thread context of 5076	4636	mancstmgr.exe	205
PID 5056 set thread context of 1904	5056	mancstmgr.exe	210
PID 3608 set thread context of 4456	3608	mancstmgr.exe	214
PID 2552 set thread context of 1344	2552	mancstmgr.exe	218
PID 4024 set thread context of 2008	4024	mancstmgr.exe	222
PID 3960 set thread context of 3356	3960	mancstmgr.exe	226
PID 1244 set thread context of 4956	1244	mancstmgr.exe	230
PID 2004 set thread context of 3876	2004	mancstmgr.exe	233
PID 4464 set thread context of 116	4464	mancstmgr.exe	238
PID 5000 set thread context of 620	5000	mancstmgr.exe	242
PID 4276 set thread context of 4028	4276	mancstmgr.exe	247
PID 2332 set thread context of 2816	2332	mancstmgr.exe	252
PID 3016 set thread context of 2608	3016	mancstmgr.exe	257
PID 4672 set thread context of 5056	4672	mancstmgr.exe	261
PID 1480 set thread context of 692	1480	mancstmgr.exe	265
PID 2568 set thread context of 2200	2568	mancstmgr.exe	269
PID 3484 set thread context of 3980	3484	mancstmgr.exe	273
PID 4856 set thread context of 2660	4856	mancstmgr.exe	278
PID 4552 set thread context of 4876	4552	mancstmgr.exe	282
PID 4388 set thread context of 3720	4388	mancstmgr.exe	286
PID 2876 set thread context of 4172	2876	mancstmgr.exe	290
PID 1120 set thread context of 616	1120	mancstmgr.exe	294
PID 3792 set thread context of 1772	3792	mancstmgr.exe	299
PID 3204 set thread context of 4728	3204	mancstmgr.exe	304
PID 5060 set thread context of 4576	5060	mancstmgr.exe	308
PID 5008 set thread context of 4652	5008	mancstmgr.exe	312
PID 2848 set thread context of 4396	2848	mancstmgr.exe	316
PID 3484 set thread context of 4852	3484	mancstmgr.exe	320
PID 4012 set thread context of 4584	4012	mancstmgr.exe	323
PID 5024 set thread context of 4924	5024	mancstmgr.exe	327
PID 4580 set thread context of 2976	4580	mancstmgr.exe	331
PID 3564 set thread context of 800	3564	mancstmgr.exe	336
PID 3600 set thread context of 4988	3600	mancstmgr.exe	340

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	mancstmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	4912	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe
Token: SeIncBasePriorityPrivilege	4980	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	308	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4864	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	1200	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	1396	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4732	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	3220	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	1268	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	1844	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	2340	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	512	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4928	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	1832	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4548	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	1320	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	404	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4216	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	3232	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	1840	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	1680	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	3576	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	1708	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4312	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4364	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	3064	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4560	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	908	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4588	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	3744	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4716	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	5076	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	1904	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4456	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	1344	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	2008	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	3356	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4956	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	3876	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	116	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	620	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4028	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	2816	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	2608	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	5056	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	692	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	2200	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	3980	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	2660	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4876	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	3720	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4172	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	616	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	1772	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4728	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4576	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4652	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4396	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4852	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4584	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4924	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	2976	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	800	mancstmgr.exe
Token: SeIncBasePriorityPrivilege	4988	mancstmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4492 wrote to memory of 4912	4492	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	81
PID 4492 wrote to memory of 4912	4492	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	81
PID 4492 wrote to memory of 4912	4492	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	81
PID 4492 wrote to memory of 4912	4492	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	81
PID 4492 wrote to memory of 4912	4492	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	81
PID 4492 wrote to memory of 4912	4492	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	81
PID 4492 wrote to memory of 4912	4492	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	81
PID 4492 wrote to memory of 4912	4492	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	81
PID 4492 wrote to memory of 4912	4492	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	81
PID 4912 wrote to memory of 2740	4912	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	82
PID 4912 wrote to memory of 2740	4912	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	82
PID 4912 wrote to memory of 2740	4912	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	82
PID 2740 wrote to memory of 4980	2740	mancstmgr.exe	83
PID 2740 wrote to memory of 4980	2740	mancstmgr.exe	83
PID 2740 wrote to memory of 4980	2740	mancstmgr.exe	83
PID 2740 wrote to memory of 4980	2740	mancstmgr.exe	83
PID 2740 wrote to memory of 4980	2740	mancstmgr.exe	83
PID 2740 wrote to memory of 4980	2740	mancstmgr.exe	83
PID 2740 wrote to memory of 4980	2740	mancstmgr.exe	83
PID 2740 wrote to memory of 4980	2740	mancstmgr.exe	83
PID 2740 wrote to memory of 4980	2740	mancstmgr.exe	83
PID 4912 wrote to memory of 4536	4912	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	84
PID 4912 wrote to memory of 4536	4912	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	84
PID 4912 wrote to memory of 4536	4912	b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe	84
PID 4980 wrote to memory of 4448	4980	mancstmgr.exe	86
PID 4980 wrote to memory of 4448	4980	mancstmgr.exe	86
PID 4980 wrote to memory of 4448	4980	mancstmgr.exe	86
PID 4980 wrote to memory of 220	4980	mancstmgr.exe	87
PID 4980 wrote to memory of 220	4980	mancstmgr.exe	87
PID 4980 wrote to memory of 220	4980	mancstmgr.exe	87
PID 4448 wrote to memory of 308	4448	mancstmgr.exe	88
PID 4448 wrote to memory of 308	4448	mancstmgr.exe	88
PID 4448 wrote to memory of 308	4448	mancstmgr.exe	88
PID 4448 wrote to memory of 308	4448	mancstmgr.exe	88
PID 4448 wrote to memory of 308	4448	mancstmgr.exe	88
PID 4448 wrote to memory of 308	4448	mancstmgr.exe	88
PID 4448 wrote to memory of 308	4448	mancstmgr.exe	88
PID 4448 wrote to memory of 308	4448	mancstmgr.exe	88
PID 4448 wrote to memory of 308	4448	mancstmgr.exe	88
PID 308 wrote to memory of 5064	308	mancstmgr.exe	90
PID 308 wrote to memory of 5064	308	mancstmgr.exe	90
PID 308 wrote to memory of 5064	308	mancstmgr.exe	90
PID 308 wrote to memory of 5036	308	mancstmgr.exe	92
PID 308 wrote to memory of 5036	308	mancstmgr.exe	92
PID 308 wrote to memory of 5036	308	mancstmgr.exe	92
PID 5064 wrote to memory of 4864	5064	mancstmgr.exe	91
PID 5064 wrote to memory of 4864	5064	mancstmgr.exe	91
PID 5064 wrote to memory of 4864	5064	mancstmgr.exe	91
PID 5064 wrote to memory of 4864	5064	mancstmgr.exe	91
PID 5064 wrote to memory of 4864	5064	mancstmgr.exe	91
PID 5064 wrote to memory of 4864	5064	mancstmgr.exe	91
PID 5064 wrote to memory of 4864	5064	mancstmgr.exe	91
PID 5064 wrote to memory of 4864	5064	mancstmgr.exe	91
PID 5064 wrote to memory of 4864	5064	mancstmgr.exe	91
PID 4864 wrote to memory of 3820	4864	mancstmgr.exe	94
PID 4864 wrote to memory of 3820	4864	mancstmgr.exe	94
PID 4864 wrote to memory of 3820	4864	mancstmgr.exe	94
PID 4864 wrote to memory of 1256	4864	mancstmgr.exe	95
PID 4864 wrote to memory of 1256	4864	mancstmgr.exe	95
PID 4864 wrote to memory of 1256	4864	mancstmgr.exe	95
PID 3820 wrote to memory of 1200	3820	mancstmgr.exe	96
PID 3820 wrote to memory of 1200	3820	mancstmgr.exe	96
PID 3820 wrote to memory of 1200	3820	mancstmgr.exe	96
PID 3820 wrote to memory of 1200	3820	mancstmgr.exe	96

C:\Users\Admin\AppData\Local\Temp\b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe
"C:\Users\Admin\AppData\Local\Temp\b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Users\Admin\AppData\Local\Temp\b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe
  "C:\Users\Admin\AppData\Local\Temp\b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b.exe"
  2⤵
  - Drops file in Drivers directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4912
- - C:\Windows\SysWOW64\mancstmgr.exe
    "C:\Windows\system32\mancstmgr.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Windows\SysWOW64\mancstmgr.exe
      "C:\Windows\SysWOW64\mancstmgr.exe"
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:4980
    - - C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4448
      - C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:308
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:5064
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        8⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4864
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:3820
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:1200
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3264
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        12⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:1396
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3612
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        14⤵
        Executes dropped EXE
        Checks computer location settings
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:4732
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4592
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        16⤵
        Executes dropped EXE
        Checks computer location settings
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:3220
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3156
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        18⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:1268
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:692
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        20⤵
        Executes dropped EXE
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:1844
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2988
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        22⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:2340
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1016
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        24⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:512
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4840
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        26⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:4928
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4408
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        28⤵
        Executes dropped EXE
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:1832
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2296
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        30⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:4548
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        31⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:800
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        29⤵
        
        PID:228
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        27⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        25⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        23⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        21⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        19⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        17⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        15⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        13⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        11⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        9⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        7⤵
        
        PID:5036
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        5⤵
        
        PID:220
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\B202D0~1.EXE > nul
    3⤵
    PID:4536

C:\Windows\SysWOW64\mancstmgr.exe
"C:\Windows\SysWOW64\mancstmgr.exe"
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1320
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
  2⤵
  PID:2012
- C:\Windows\SysWOW64\mancstmgr.exe
  "C:\Windows\system32\mancstmgr.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:4284
- - C:\Windows\SysWOW64\mancstmgr.exe
    "C:\Windows\SysWOW64\mancstmgr.exe"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:404
  - - C:\Windows\SysWOW64\mancstmgr.exe
      "C:\Windows\system32\mancstmgr.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      PID:2388
    - - C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:4216
      - C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1892
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3232
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3200
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        9⤵
        Executes dropped EXE
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:1840
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1488
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        11⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:1680
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2364
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        13⤵
        Executes dropped EXE
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:3576
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4948
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        15⤵
        Executes dropped EXE
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:1708
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2660
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4312
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4876
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        19⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Checks computer location settings
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4364
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4920
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        21⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:3064
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        22⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1064
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        20⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        18⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        16⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        14⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        12⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        10⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        8⤵
        
        PID:3760
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        6⤵
        
        PID:4736
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
      4⤵
      PID:772

C:\Windows\SysWOW64\mancstmgr.exe
"C:\Windows\SysWOW64\mancstmgr.exe"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4560
- C:\Windows\SysWOW64\mancstmgr.exe
  "C:\Windows\system32\mancstmgr.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:4016
- - C:\Windows\SysWOW64\mancstmgr.exe
    "C:\Windows\SysWOW64\mancstmgr.exe"
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Checks computer location settings
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    PID:908
  - - C:\Windows\SysWOW64\mancstmgr.exe
      "C:\Windows\system32\mancstmgr.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      PID:4308
    - - C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        5⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:4588
      - C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4328
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        7⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:3744
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:1140
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:4716
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        10⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4636
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        8⤵
        
        PID:60
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        6⤵
        
        PID:2816
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
      4⤵
      PID:2496
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
  2⤵
  PID:628

C:\Windows\SysWOW64\mancstmgr.exe
"C:\Windows\SysWOW64\mancstmgr.exe"
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:5076
- C:\Windows\SysWOW64\mancstmgr.exe
  "C:\Windows\system32\mancstmgr.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:5056
- - C:\Windows\SysWOW64\mancstmgr.exe
    "C:\Windows\SysWOW64\mancstmgr.exe"
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in System32 directory
    - Suspicious use of AdjustPrivilegeToken
    PID:1904
  - - C:\Windows\SysWOW64\mancstmgr.exe
      "C:\Windows\system32\mancstmgr.exe"
      4⤵
      Suspicious use of SetThreadContext
      PID:3608
    - - C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        5⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4456
      - C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        6⤵
        Suspicious use of SetThreadContext
        
        PID:2552
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1344
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        8⤵
        Suspicious use of SetThreadContext
        
        PID:4024
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        9⤵
        Drops file in Drivers directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2008
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        10⤵
        Suspicious use of SetThreadContext
        
        PID:3960
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        11⤵
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:3356
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        12⤵
        Suspicious use of SetThreadContext
        
        PID:1244
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        13⤵
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4956
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        14⤵
        Suspicious use of SetThreadContext
        
        PID:2004
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        15⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:3876
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        16⤵
        Suspicious use of SetThreadContext
        
        PID:4464
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        17⤵
        Drops file in Drivers directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:116
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        18⤵
        Suspicious use of SetThreadContext
        
        PID:5000
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        19⤵
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:620
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        20⤵
        Suspicious use of SetThreadContext
        
        PID:4276
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        21⤵
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:4028
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        22⤵
        Suspicious use of SetThreadContext
        
        PID:2332
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        23⤵
        Checks computer location settings
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:2816
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        24⤵
        Suspicious use of SetThreadContext
        
        PID:3016
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        25⤵
        Drops file in Drivers directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:2608
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        26⤵
        Suspicious use of SetThreadContext
        
        PID:4672
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        27⤵
        Drops file in Drivers directory
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:5056
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        28⤵
        Suspicious use of SetThreadContext
        
        PID:1480
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        29⤵
        Checks computer location settings
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:692
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        30⤵
        Suspicious use of SetThreadContext
        
        PID:2568
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        31⤵
        Drops file in Drivers directory
        Checks computer location settings
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:2200
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        32⤵
        Suspicious use of SetThreadContext
        
        PID:3484
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        33⤵
        Drops file in Drivers directory
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:3980
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        34⤵
        Suspicious use of SetThreadContext
        
        PID:4856
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        35⤵
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:2660
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        36⤵
        Suspicious use of SetThreadContext
        
        PID:4552
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        37⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4876
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        38⤵
        Suspicious use of SetThreadContext
        
        PID:4388
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        39⤵
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:3720
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        40⤵
        Suspicious use of SetThreadContext
        
        PID:2876
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        41⤵
        Drops file in Drivers directory
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4172
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        42⤵
        Suspicious use of SetThreadContext
        
        PID:1120
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        43⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:616
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        44⤵
        Suspicious use of SetThreadContext
        
        PID:3792
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        45⤵
        Drops file in Drivers directory
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:1772
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        46⤵
        Suspicious use of SetThreadContext
        
        PID:3204
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        47⤵
        Drops file in Drivers directory
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:4728
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        48⤵
        Suspicious use of SetThreadContext
        
        PID:5060
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        49⤵
        Drops file in Drivers directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4576
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        50⤵
        Suspicious use of SetThreadContext
        
        PID:5008
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        51⤵
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4652
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        52⤵
        Suspicious use of SetThreadContext
        
        PID:2848
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        53⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4396
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        54⤵
        Suspicious use of SetThreadContext
        
        PID:3484
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        55⤵
        Checks computer location settings
        Drops file in System32 directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4852
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        56⤵
        Suspicious use of SetThreadContext
        
        PID:4012
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        57⤵
        Drops file in Drivers directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:4584
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        58⤵
        Suspicious use of SetThreadContext
        
        PID:5024
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        59⤵
        Checks computer location settings
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:4924
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        60⤵
        Suspicious use of SetThreadContext
        
        PID:4580
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        61⤵
        Drops file in Drivers directory
        Checks computer location settings
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:2976
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        62⤵
        Suspicious use of SetThreadContext
        
        PID:3564
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        63⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:800
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        64⤵
        Suspicious use of SetThreadContext
        
        PID:3600
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        65⤵
        Checks computer location settings
        Suspicious use of AdjustPrivilegeToken
        
        PID:4988
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        66⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        67⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        68⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        69⤵
        Modifies registry class
        
        PID:3672
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        70⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        71⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        72⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        73⤵
        Drops file in Drivers directory
        
        PID:4052
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        74⤵
        
        PID:552
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        75⤵
        Drops file in Drivers directory
        Modifies registry class
        
        PID:2200
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        76⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        77⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4488
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        78⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        79⤵
        Drops file in Drivers directory
        Checks computer location settings
        
        PID:4552
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        80⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        81⤵
        Drops file in Drivers directory
        Checks computer location settings
        
        PID:1032
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        82⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        83⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4372
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        84⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        85⤵
        Drops file in Drivers directory
        Modifies registry class
        
        PID:3088
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        86⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        87⤵
        Checks computer location settings
        Modifies registry class
        
        PID:800
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        88⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        89⤵
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        
        PID:1072
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        90⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        91⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        92⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        93⤵
        Drops file in System32 directory
        
        PID:1640
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        94⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        95⤵
        Drops file in Drivers directory
        Checks computer location settings
        Modifies registry class
        
        PID:4772
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        96⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        97⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        98⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        99⤵
        Drops file in Drivers directory
        
        PID:4480
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        100⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        101⤵
        Checks computer location settings
        Modifies registry class
        
        PID:5032
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        102⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        103⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        104⤵
        
        PID:364
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        105⤵
        Checks computer location settings
        Modifies registry class
        
        PID:4468
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        106⤵
        
        PID:964
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        107⤵
        Drops file in Drivers directory
        Checks computer location settings
        Adds Run key to start application
        
        PID:1572
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        108⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        109⤵
        Drops file in Drivers directory
        Modifies registry class
        
        PID:3188
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        110⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        111⤵
        Drops file in Drivers directory
        
        PID:4992
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        112⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        113⤵
        Drops file in System32 directory
        
        PID:1072
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        114⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        115⤵
        Checks computer location settings
        Adds Run key to start application
        
        PID:2420
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        116⤵
        
        PID:636
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        117⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2772
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        118⤵
        
        PID:552
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        119⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:4092
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        120⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        121⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4524
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        122⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        123⤵
        Modifies registry class
        
        PID:5064
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        124⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        125⤵
        
        PID:224
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        126⤵
        
        PID:220
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        127⤵
        Adds Run key to start application
        
        PID:3932
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        128⤵
        
        PID:964
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        129⤵
        Checks computer location settings
        
        PID:1884
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        130⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        131⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        Modifies registry class
        
        PID:5092
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        132⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        133⤵
        Drops file in Drivers directory
        
        PID:1760
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        134⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        135⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2632
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        136⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        137⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:4752
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        138⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        139⤵
        Checks computer location settings
        
        PID:5108
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        140⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        141⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        142⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        143⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        144⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        145⤵
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        
        PID:3848
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        146⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        147⤵
        Checks computer location settings
        
        PID:3604
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        148⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        149⤵
        Drops file in Drivers directory
        Adds Run key to start application
        
        PID:2408
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        150⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        151⤵
        Adds Run key to start application
        
        PID:1180
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        152⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        153⤵
        Drops file in System32 directory
        
        PID:1156
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        154⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        155⤵
        Adds Run key to start application
        
        PID:2156
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        156⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        157⤵
        Drops file in Drivers directory
        
        PID:2220
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        158⤵
        
        PID:692
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        159⤵
        Drops file in Drivers directory
        
        PID:3080
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        160⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        161⤵
        Drops file in Drivers directory
        Checks computer location settings
        
        PID:2172
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        162⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        163⤵
        Checks computer location settings
        Modifies registry class
        
        PID:4156
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        164⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        165⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3996
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        166⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        167⤵
        Checks computer location settings
        
        PID:2876
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        168⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        169⤵
        Drops file in Drivers directory
        
        PID:2884
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        170⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        171⤵
        Adds Run key to start application
        
        PID:2764
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        172⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        173⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4592
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        174⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        175⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        176⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        177⤵
        Checks computer location settings
        Modifies registry class
        
        PID:1976
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        178⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        179⤵
        Modifies registry class
        
        PID:5016
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        180⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        181⤵
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        
        PID:4660
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        182⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        183⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        Modifies registry class
        
        PID:1128
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        184⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        185⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        186⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        187⤵
        Checks computer location settings
        
        PID:1000
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        188⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        189⤵
        Modifies registry class
        
        PID:2296
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        190⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        191⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:752
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        192⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        193⤵
        Checks computer location settings
        Modifies registry class
        
        PID:1644
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        194⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        195⤵
        Drops file in System32 directory
        
        PID:3172
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        196⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        197⤵
        Drops file in Drivers directory
        
        PID:5008
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        198⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        199⤵
        Modifies registry class
        
        PID:2244
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        200⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        201⤵
        Drops file in Drivers directory
        Checks computer location settings
        Modifies registry class
        
        PID:4608
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        202⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        203⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        204⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        205⤵
        Checks computer location settings
        
        PID:4328
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        206⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        207⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4232
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        208⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        209⤵
        Drops file in Drivers directory
        
        PID:4444
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        210⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        211⤵
        Drops file in System32 directory
        
        PID:3616
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        212⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        213⤵
        Checks computer location settings
        Modifies registry class
        
        PID:1240
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        214⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        215⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        216⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        217⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        218⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        219⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        220⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        221⤵
        Adds Run key to start application
        
        PID:2424
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        222⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        223⤵
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:3484
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        224⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        225⤵
        Adds Run key to start application
        
        PID:1492
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        226⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        227⤵
        Checks computer location settings
        Adds Run key to start application
        
        PID:3140
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        228⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        229⤵
        Checks computer location settings
        
        PID:3712
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        230⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        231⤵
        Checks computer location settings
        
        PID:4048
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        232⤵
        
        PID:992
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        233⤵
        Drops file in System32 directory
        
        PID:3488
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        234⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        235⤵
        Drops file in System32 directory
        
        PID:1900
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        236⤵
        
        PID:396
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        237⤵
        Checks computer location settings
        Modifies registry class
        
        PID:5040
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        238⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        239⤵
        Checks computer location settings
        Modifies registry class
        
        PID:4000
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        240⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        241⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        
        PID:4572
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        242⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        243⤵
        Drops file in Drivers directory
        Checks computer location settings
        Adds Run key to start application
        Modifies registry class
        
        PID:1016
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        244⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        245⤵
        Checks computer location settings
        Adds Run key to start application
        
        PID:2836
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        246⤵
        
        PID:344
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        247⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1328
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        248⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        249⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1940
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        250⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        251⤵
        Adds Run key to start application
        
        PID:2716
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        252⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        253⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:1336
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        254⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        255⤵
        Drops file in Drivers directory
        Adds Run key to start application
        
        PID:4888
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        256⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        257⤵
        Checks computer location settings
        Adds Run key to start application
        
        PID:1308
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        258⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        259⤵
        Adds Run key to start application
        Modifies registry class
        
        PID:640
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        260⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        261⤵
        Drops file in Drivers directory
        
        PID:2252
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        262⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        263⤵
        Drops file in System32 directory
        
        PID:4628
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        264⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        265⤵
        Drops file in Drivers directory
        Adds Run key to start application
        
        PID:2736
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        266⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        267⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:1672
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        268⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        269⤵
        Drops file in System32 directory
        
        PID:1540
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        270⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        271⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1056
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        272⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        273⤵
        Drops file in Drivers directory
        Modifies registry class
        
        PID:4976
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        274⤵
        
        PID:628
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        275⤵
        Drops file in Drivers directory
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1324
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        276⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        277⤵
        Drops file in Drivers directory
        Adds Run key to start application
        
        PID:4540
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        278⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        279⤵
        Modifies registry class
        
        PID:2940
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        280⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        281⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        282⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        283⤵
        Checks computer location settings
        Modifies registry class
        
        PID:1880
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        284⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        285⤵
        Drops file in Drivers directory
        Adds Run key to start application
        Modifies registry class
        
        PID:392
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        286⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        287⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        
        PID:1868
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        288⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        289⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:3968
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        290⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        291⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        292⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        293⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        
        PID:4960
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        294⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        295⤵
        Adds Run key to start application
        Drops file in System32 directory
        
        PID:4308
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        296⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        297⤵
        Drops file in Drivers directory
        
        PID:1764
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        298⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        299⤵
        Checks computer location settings
        Drops file in System32 directory
        Modifies registry class
        
        PID:2116
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        300⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        301⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        
        PID:3116
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        302⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        303⤵
        Modifies registry class
        
        PID:2396
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        304⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        305⤵
        Modifies registry class
        
        PID:1424
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        306⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        307⤵
        Drops file in System32 directory
        Modifies registry class
        
        PID:2324
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        308⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        309⤵
        Drops file in Drivers directory
        Checks computer location settings
        
        PID:4484
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        310⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        311⤵
        Checks computer location settings
        Adds Run key to start application
        
        PID:4820
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        312⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        313⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        314⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        315⤵
        Adds Run key to start application
        Drops file in System32 directory
        Modifies registry class
        
        PID:1952
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        316⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        317⤵
        Drops file in System32 directory
        
        PID:4276
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        318⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        319⤵
        Drops file in System32 directory
        
        PID:3444
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        320⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        321⤵
        Drops file in Drivers directory
        Checks computer location settings
        
        PID:1348
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        322⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        323⤵
        Drops file in Drivers directory
        Drops file in System32 directory
        
        PID:5060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        324⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        324⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        325⤵
        Adds Run key to start application
        
        PID:3708
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        326⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        327⤵
        Drops file in Drivers directory
        Adds Run key to start application
        Modifies registry class
        
        PID:3160
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        328⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        329⤵
        Checks computer location settings
        Modifies registry class
        
        PID:4212
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        330⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        331⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        332⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        333⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        334⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        335⤵
        Checks computer location settings
        
        PID:2444
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        336⤵
        
        PID:540
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        337⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        338⤵
        
        PID:772
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        339⤵
        Modifies registry class
        
        PID:3716
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        340⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        341⤵
        Checks computer location settings
        Modifies registry class
        
        PID:3020
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        342⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        343⤵
        Checks computer location settings
        
        PID:1664
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        344⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        345⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3992
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        346⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        347⤵
        Modifies registry class
        
        PID:1932
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\system32\mancstmgr.exe"
        348⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\mancstmgr.exe
        
        "C:\Windows\SysWOW64\mancstmgr.exe"
        349⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        346⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        344⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        342⤵
        
        PID:932
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        340⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        338⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        336⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        334⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        332⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        330⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        328⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        326⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        322⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        320⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        318⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        316⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        314⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        312⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        310⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        308⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        306⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        304⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        302⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        300⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        298⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        296⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        294⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        292⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        290⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        288⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        286⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        284⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        282⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        280⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        278⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        276⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        274⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        272⤵
        
        PID:3628
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        270⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        268⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        266⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        264⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        262⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        260⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        258⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        256⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        254⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        252⤵
        
        PID:624
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        250⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        248⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        246⤵
        
        PID:540
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        244⤵
        
        PID:816
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        242⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        240⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        238⤵
        
        PID:428
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        236⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        234⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        232⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        230⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        228⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        226⤵
        
        PID:3212
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        224⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        222⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        220⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        218⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        216⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        214⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        212⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        210⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        208⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        206⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        204⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        202⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        200⤵
        
        PID:1424
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        198⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        196⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        194⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        192⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        190⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        188⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        186⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        184⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        182⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        180⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        178⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        176⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        174⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        172⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        170⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        168⤵
        
        PID:548
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        166⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        164⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        162⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        160⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        158⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        156⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        154⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        152⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        150⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        148⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        146⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        144⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        142⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        140⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        138⤵
        
        PID:2424
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        136⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        134⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        132⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        130⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        128⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        126⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        124⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        122⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        120⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        118⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        116⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        114⤵
        
        PID:640
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        112⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        110⤵
        
        PID:1384
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        108⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        106⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        104⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        102⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        100⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        98⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        96⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        94⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        92⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        90⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        88⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        86⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        84⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        82⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        80⤵
        
        PID:816
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        78⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        76⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        74⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        72⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        70⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        68⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        66⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        64⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        62⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        60⤵
        
        PID:220
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        58⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        56⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        54⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        52⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        50⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        48⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        46⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        44⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        42⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        40⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        38⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        36⤵
        
        PID:444
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        34⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        32⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        30⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        28⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        26⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        24⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        22⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        20⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        18⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        16⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        14⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        12⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        10⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        8⤵
        
        PID:3980
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
        6⤵
        
        PID:636
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
      4⤵
      PID:2840
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del C:\Windows\SysWOW64\MANCST~1.EXE > nul
  2⤵
  PID:5060

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\SysWOW64\mancstmgr.exe

Filesize
40KB

MD5
7f1362d711d3d715955cbf7d267f8468

SHA1
91a9e7b972888de0e02d5d0d567774c47e81217d

SHA256
b202d0e6a818ed2c71767c8f8e6c9f0f46a7dbd3ced4496a8699af1cc11d943b

SHA512
81649b4de0791ad55f626e6a1968af2f3707e1e38ae1a537188fe3eade4bec299515b5b8c5e00b6cf4b3669f23aa6e98cae916bcf012dee740c1cf596c2f9714

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
e70a6bb213f4e35bc7ba89512fc78396

SHA1
00e76893d4e3b73ec668f4670e2e154bd567ff23

SHA256
80ad1dcfb41f58b21cfbbaa1a35bf0f85034d91e5f886eec44e2a4c3a63b6d85

SHA512
45bc02e515132ab698fd1c52ecf59c7d3b629f87dcd5be214548ea27f3b056f0c4ad77beb385c3491b05bcc6c91cf6020552096108a2d928ea7faab4bf14c7c8

Download Submit
memory/308-166-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/692-256-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/800-335-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1016-283-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1064-437-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1064-431-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1120-622-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1140-466-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1244-515-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1480-574-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1488-390-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1892-370-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2004-522-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2296-322-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2332-551-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2364-400-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2388-360-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2552-494-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2568-580-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2660-411-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2660-415-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2740-151-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2876-615-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2988-270-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2988-262-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3016-558-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3156-243-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3200-381-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3204-636-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3264-204-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3484-587-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3608-487-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3612-217-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3792-630-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3820-191-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3960-508-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4016-445-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4024-501-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4276-544-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4276-538-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4284-348-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4308-451-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4328-459-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4328-453-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4388-608-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4408-309-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4448-165-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4464-529-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4492-132-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4492-139-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4552-601-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4592-230-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4636-473-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4672-566-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4672-560-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4840-296-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4856-594-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4876-422-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4912-140-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4912-137-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4912-136-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4912-134-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4912-135-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4920-429-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4948-407-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5000-536-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5008-650-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5056-480-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5060-643-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5064-178-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download