Malware Analysis Report

2024-11-30 11:08

Sample ID 231225-3qavzahdcq
Target 43f652600dfe6f9898a18c1e38d86baf
SHA256 f2221b03d6eb83f7a047f0883549b8254fe410de50cf2a41bc79dcb9741aaf72
Tags
fakeav spyware fakeav persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

f2221b03d6eb83f7a047f0883549b8254fe410de50cf2a41bc79dcb9741aaf72

Threat Level: Known bad

The file 43f652600dfe6f9898a18c1e38d86baf was found to be: Known bad.

Malicious Activity Summary

fakeav spyware fakeav persistence

Fakeav family

FakeAV, RogueAntivirus

FakeAV payload

FakeAV payload

Sets file execution options in registry

Loads dropped DLL

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-25 23:42

Signatures

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A

Fakeav family

fakeav

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-25 23:42

Reported

2023-12-27 00:14

Platform

win7-20231129-en

Max time kernel

0s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\43f652600dfe6f9898a18c1e38d86baf.exe"

Signatures

FakeAV, RogueAntivirus

fakeav spyware fakeav

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File created C:\Windows\SysWOW64\srtsrv32.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\lssmon.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File created C:\Windows\SysWOW64\lssmon.exe N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File created C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File created C:\Windows\SysWOW64\spool.exe N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File created C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\divx32.dll N/A N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2040 wrote to memory of 2928 N/A N/A
PID 2040 wrote to memory of 2928 N/A N/A
PID 2040 wrote to memory of 2928 N/A N/A
PID 2040 wrote to memory of 2928 N/A N/A
PID 2928 wrote to memory of 2620 N/A N/A
PID 2928 wrote to memory of 2620 N/A N/A
PID 2928 wrote to memory of 2620 N/A N/A
PID 2928 wrote to memory of 2620 N/A N/A
PID 2040 wrote to memory of 2700 N/A N/A
PID 2040 wrote to memory of 2700 N/A N/A
PID 2040 wrote to memory of 2700 N/A N/A
PID 2040 wrote to memory of 2700 N/A N/A
PID 2620 wrote to memory of 2748 N/A N/A
PID 2620 wrote to memory of 2748 N/A N/A
PID 2620 wrote to memory of 2748 N/A N/A
PID 2620 wrote to memory of 2748 N/A N/A
PID 2748 wrote to memory of 2716 N/A N/A
PID 2748 wrote to memory of 2716 N/A N/A
PID 2748 wrote to memory of 2716 N/A N/A
PID 2748 wrote to memory of 2716 N/A N/A
PID 2716 wrote to memory of 2532 N/A N/A
PID 2716 wrote to memory of 2532 N/A N/A
PID 2716 wrote to memory of 2532 N/A N/A
PID 2716 wrote to memory of 2532 N/A N/A
PID 2532 wrote to memory of 2552 N/A N/A
PID 2532 wrote to memory of 2552 N/A N/A
PID 2532 wrote to memory of 2552 N/A N/A
PID 2532 wrote to memory of 2552 N/A N/A
PID 2552 wrote to memory of 2180 N/A N/A
PID 2552 wrote to memory of 2180 N/A N/A
PID 2552 wrote to memory of 2180 N/A N/A
PID 2552 wrote to memory of 2180 N/A N/A
PID 2180 wrote to memory of 2660 N/A N/A
PID 2180 wrote to memory of 2660 N/A N/A
PID 2180 wrote to memory of 2660 N/A N/A
PID 2180 wrote to memory of 2660 N/A N/A
PID 2700 wrote to memory of 2492 N/A N/A
PID 2700 wrote to memory of 2492 N/A N/A
PID 2700 wrote to memory of 2492 N/A N/A
PID 2700 wrote to memory of 2492 N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\43f652600dfe6f9898a18c1e38d86baf.exe

"C:\Users\Admin\AppData\Local\Temp\43f652600dfe6f9898a18c1e38d86baf.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

Network

N/A

Files

memory/2040-0-0x0000000000170000-0x0000000000171000-memory.dmp

\Windows\SysWOW64\srtsrv32.exe

MD5 5e81e79ca366208a37b6ee245a7539f8
SHA1 df2c64e4eb761f98b67c4e03524fb0044f0a3c76
SHA256 9e71a4ea34bbcbfab45b4e2ee276081291084eefd1fbd131de1a3dffdaf921f0
SHA512 3c217f991bde8a04cc7ba54c672afb53bfb4ce23f435a51306b750b427093fa07f5e5d4ea38bbc5d66c6a416c2b703b98ade99a2ef9efdb75cee303d9be2f02f

memory/2324-8215-0x0000000002070000-0x0000000002165000-memory.dmp

memory/2700-1747-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/2700-41-0x0000000000170000-0x0000000000171000-memory.dmp

memory/2040-35-0x0000000000400000-0x00000000004C1000-memory.dmp

C:\Windows\SysWOW64\lssmon.exe

MD5 21a5d28db71eec23edf4fac796872133
SHA1 aeb33010ba161f8a66dea897585b9fd1c035e274
SHA256 4ff573dc117bddbe337d516da793a88d68518059d990868d1ff979e00da27502
SHA512 7dbaaabb2908db911767722eacdbc72276da83b2f8a3e100f75f4defa594bc266ce0a01fe0b5f25005c4ec1bc6a3c58b158edde5d5b9b553dfa3fe98e9ff5ed9

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-25 23:42

Reported

2023-12-27 00:15

Platform

win10v2004-20231215-en

Max time kernel

109s

Max time network

168s

Command Line

"C:\Users\Admin\AppData\Local\Temp\43f652600dfe6f9898a18c1e38d86baf.exe"

Signatures

FakeAV, RogueAntivirus

fakeav spyware fakeav

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\System32\mousocoreworker.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\System32\mousocoreworker.exe N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\divx32.dll C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4744 wrote to memory of 2052 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\srtsrv32.exe
PID 4744 wrote to memory of 2052 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\srtsrv32.exe
PID 4744 wrote to memory of 2052 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\srtsrv32.exe
PID 2052 wrote to memory of 396 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2052 wrote to memory of 396 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2052 wrote to memory of 396 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4744 wrote to memory of 1364 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\lssmon.exe
PID 4744 wrote to memory of 1364 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\lssmon.exe
PID 4744 wrote to memory of 1364 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\lssmon.exe
PID 396 wrote to memory of 2848 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 396 wrote to memory of 2848 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 396 wrote to memory of 2848 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2848 wrote to memory of 2688 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2848 wrote to memory of 2688 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2848 wrote to memory of 2688 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2688 wrote to memory of 4912 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2688 wrote to memory of 4912 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2688 wrote to memory of 4912 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4912 wrote to memory of 1552 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4912 wrote to memory of 1552 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4912 wrote to memory of 1552 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1552 wrote to memory of 4416 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1552 wrote to memory of 4416 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1552 wrote to memory of 4416 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4416 wrote to memory of 2268 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4416 wrote to memory of 2268 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4416 wrote to memory of 2268 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2268 wrote to memory of 3992 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2268 wrote to memory of 3992 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2268 wrote to memory of 3992 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3992 wrote to memory of 4712 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3992 wrote to memory of 4712 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3992 wrote to memory of 4712 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4712 wrote to memory of 4100 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4712 wrote to memory of 4100 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4712 wrote to memory of 4100 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4100 wrote to memory of 3128 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4100 wrote to memory of 3128 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4100 wrote to memory of 3128 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3128 wrote to memory of 3848 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3128 wrote to memory of 3848 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3128 wrote to memory of 3848 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3848 wrote to memory of 1928 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3848 wrote to memory of 1928 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3848 wrote to memory of 1928 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1928 wrote to memory of 4972 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1928 wrote to memory of 4972 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1928 wrote to memory of 4972 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4972 wrote to memory of 4632 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4972 wrote to memory of 4632 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4972 wrote to memory of 4632 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4632 wrote to memory of 3012 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4632 wrote to memory of 3012 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4632 wrote to memory of 3012 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3012 wrote to memory of 1360 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3012 wrote to memory of 1360 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3012 wrote to memory of 1360 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1360 wrote to memory of 3516 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1360 wrote to memory of 3516 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1360 wrote to memory of 3516 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3516 wrote to memory of 2916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3516 wrote to memory of 2916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3516 wrote to memory of 2916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2916 wrote to memory of 1344 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\43f652600dfe6f9898a18c1e38d86baf.exe

"C:\Users\Admin\AppData\Local\Temp\43f652600dfe6f9898a18c1e38d86baf.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\lssmon.exe

"C:\Windows\system32\lssmon.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

Network

Country Destination Domain Proto
US 8.8.8.8:53 16.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 219.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 10.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 40.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
GB 96.16.110.114:80 tcp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 udp

Files

memory/4744-0-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/4744-1-0x0000000000690000-0x0000000000691000-memory.dmp

C:\Windows\SysWOW64\srtsrv32.exe

MD5 858759a3748d8143aebd601562f50c06
SHA1 4aff9bc065f3829ad5107431871498b59f1a71b7
SHA256 3d201f3b2869f6357e1a5edf2f1d6f71b8f4bcf70d00a3542939c1267d627800
SHA512 60f13ce6513fc15be4fbd9d96c8402ebe50909aedf52cc1d4b686db82f415bcca08a0704f8121f9fbe0654a4787b54e35eac66fa4591e3087a382135ae63b569

C:\Windows\SysWOW64\lssmon.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4744-34-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/1364-46-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/1364-41-0x0000000000650000-0x0000000000651000-memory.dmp

C:\Windows\SysWOW64\lssmon.exe

MD5 2336c22c2e0a55fc8e72e6a148b497bd
SHA1 f7ef150f66305e1449603b231b9da126f4b95cce
SHA256 c669bbfb4e8c9bfa737313c2099d6084a8affe86a937ec030bc481b337610e80
SHA512 71c5476567995ae65499dbc4d0b8e1fa8e23c86af76cc136329303fbb50581cefadc8594a8b23ad575ea525e8ed1d990f6142ce3164a8d325e2d0dd0564f8d36