Malware Analysis Report

2024-11-30 09:39

Sample ID 231230-gjx62agcbm
Target 10662311001e14aa22fce9968e4723e4
SHA256 03c47dd707459e4c18aa597ce4e9fe456ac2c7afffd11254257872925eb93280
Tags
fakeav spyware fakeav persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

03c47dd707459e4c18aa597ce4e9fe456ac2c7afffd11254257872925eb93280

Threat Level: Known bad

The file 10662311001e14aa22fce9968e4723e4 was found to be: Known bad.

Malicious Activity Summary

fakeav spyware fakeav persistence

FakeAV payload

Fakeav family

FakeAV, RogueAntivirus

FakeAV payload

Sets file execution options in registry

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Program crash

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-30 05:50

Signatures

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A

Fakeav family

fakeav

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-30 05:50

Reported

2023-12-31 02:10

Platform

win7-20231215-en

Max time kernel

5s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe"

Signatures

FakeAV, RogueAntivirus

fakeav spyware fakeav

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe N/A N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\WerFault.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe" C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\srtsrv32.exe N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE N/A N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A
File opened for modification C:\Windows\SysWOW64\spool.exe N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File created C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe N/A N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\divx32.dll C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\lssmon.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2412 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2412 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2412 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2412 wrote to memory of 2680 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2680 wrote to memory of 2844 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2680 wrote to memory of 2844 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2680 wrote to memory of 2844 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2680 wrote to memory of 2844 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2412 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\lssmon.exe
PID 2412 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\lssmon.exe
PID 2412 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\lssmon.exe
PID 2412 wrote to memory of 2840 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\lssmon.exe
PID 2844 wrote to memory of 2940 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2844 wrote to memory of 2940 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2844 wrote to memory of 2940 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2844 wrote to memory of 2940 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2940 wrote to memory of 2628 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2940 wrote to memory of 2628 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2940 wrote to memory of 2628 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2940 wrote to memory of 2628 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 3052 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 3052 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 3052 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 3052 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 2568 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 2568 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 2568 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 2568 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 2888 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 2888 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 2888 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 2888 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2840 wrote to memory of 2928 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2840 wrote to memory of 2928 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2840 wrote to memory of 2928 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2840 wrote to memory of 2928 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\WerFault.exe
PID 2628 wrote to memory of 1624 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2628 wrote to memory of 1624 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2628 wrote to memory of 1624 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2628 wrote to memory of 1624 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3052 wrote to memory of 1648 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3052 wrote to memory of 1648 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3052 wrote to memory of 1648 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3052 wrote to memory of 1648 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2888 wrote to memory of 1112 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2888 wrote to memory of 1112 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2888 wrote to memory of 1112 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2888 wrote to memory of 1112 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2568 wrote to memory of 1916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2568 wrote to memory of 1916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2568 wrote to memory of 1916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2568 wrote to memory of 1916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1624 wrote to memory of 760 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1624 wrote to memory of 760 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1624 wrote to memory of 760 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1624 wrote to memory of 760 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1648 wrote to memory of 1880 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1648 wrote to memory of 1880 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1648 wrote to memory of 1880 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1648 wrote to memory of 1880 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1112 wrote to memory of 1348 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1112 wrote to memory of 1348 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1112 wrote to memory of 1348 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1112 wrote to memory of 1348 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe

"C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\lssmon.exe

"C:\Windows\system32\lssmon.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 540

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

Network

N/A

Files

memory/2412-0-0x0000000000170000-0x0000000000171000-memory.dmp

\Windows\SysWOW64\srtsrv32.exe

MD5 f9843c0b469377706674e511ccdb43cb
SHA1 cef0dd4b62a0dd6bbde7c3dd27899b159ec62c12
SHA256 642f4d675407c465be79acb4743082428aad7de741c977d14dbd0bef1369d237
SHA512 15871324440796ec7d0b684a2c160498d60f64292c56143471aeee4ee66d1f288afc2adf703f2196cc4cb2ead1f30001f0efeda2377cac1355dd1a366a89e470

C:\Windows\SysWOW64\lssmon.exe

MD5 02da66be62c5db50cde8121e9f286675
SHA1 e0625b689ac50f81f546eb82ee40ea58bb4112f5
SHA256 a050088822e80ff6d0ebdc46448dad5ce552e4ccb7103350f5eb8790d681864b
SHA512 b79e759b068cf4c5280b732feb1a35c5227157618a6236b79a2ede88466879f9d212bd3736a778cc07d25dac40d789df546a3c0f48d4291f519e346f71c90393

memory/2412-35-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/2840-37-0x0000000000170000-0x0000000000171000-memory.dmp

memory/2840-1149-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/2440-11042-0x0000000002290000-0x0000000002298000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-30 05:50

Reported

2023-12-31 02:12

Platform

win10v2004-20231215-en

Max time kernel

165s

Max time network

201s

Command Line

"C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe"

Signatures

FakeAV, RogueAntivirus

fakeav spyware fakeav

FakeAV payload

fakeav spyware
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Sets file execution options in registry

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "C:\\Program Files (x86)\\Internet Explorer\\iexplor.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "C:\\Program Files (x86)\\Mozilla Firefox\\firefoxe.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv.exe\Debugger = "C:\\Windows\\system32\\spool.exe" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\srtsrv32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\srtsrv32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\srtsrv32.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Key value queried \REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\lssmon.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\srtsrv32.exe N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A
N/A N/A C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe" C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\lssmon.exe" C:\Windows\SysWOW64\lssmon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\srtsrv32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Layersecurity Servicemonitor = "C:\\Windows\\system32\\LSSMON.EXE" C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\lssmon.exe C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe N/A
File created C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Windows\SysWOW64\spool.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\srtsrv32.exe N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File created C:\Program Files (x86)\Mozilla Firefox\firefoxe.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A
File opened for modification C:\Program Files (x86)\Internet Explorer\iexplor.exe C:\Windows\SysWOW64\LSASSMGR.EXE N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\divx32.dll C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\lssmon.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3008 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 3008 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 3008 wrote to memory of 5000 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 5000 wrote to memory of 456 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5000 wrote to memory of 456 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 5000 wrote to memory of 456 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3008 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\lssmon.exe
PID 3008 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\lssmon.exe
PID 3008 wrote to memory of 2116 N/A C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe C:\Windows\SysWOW64\lssmon.exe
PID 456 wrote to memory of 2360 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 456 wrote to memory of 2360 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 456 wrote to memory of 2360 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2360 wrote to memory of 4948 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2360 wrote to memory of 4948 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2360 wrote to memory of 4948 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2116 wrote to memory of 2820 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2116 wrote to memory of 2820 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2116 wrote to memory of 2820 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 4948 wrote to memory of 2916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4948 wrote to memory of 2916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4948 wrote to memory of 2916 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2116 wrote to memory of 2760 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2116 wrote to memory of 2760 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2116 wrote to memory of 2760 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2916 wrote to memory of 560 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2916 wrote to memory of 560 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2916 wrote to memory of 560 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2820 wrote to memory of 824 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2820 wrote to memory of 824 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2820 wrote to memory of 824 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2116 wrote to memory of 4960 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2116 wrote to memory of 4960 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 2116 wrote to memory of 4960 N/A C:\Windows\SysWOW64\lssmon.exe C:\Windows\SysWOW64\srtsrv32.exe
PID 824 wrote to memory of 3372 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 824 wrote to memory of 3372 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 824 wrote to memory of 3372 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 560 wrote to memory of 4788 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 560 wrote to memory of 4788 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 560 wrote to memory of 4788 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2760 wrote to memory of 976 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2760 wrote to memory of 976 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2760 wrote to memory of 976 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3372 wrote to memory of 3436 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3372 wrote to memory of 3436 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3372 wrote to memory of 3436 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4788 wrote to memory of 2180 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4788 wrote to memory of 2180 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4788 wrote to memory of 2180 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4960 wrote to memory of 3268 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4960 wrote to memory of 3268 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 4960 wrote to memory of 3268 N/A C:\Windows\SysWOW64\srtsrv32.exe C:\Windows\SysWOW64\LSASSMGR.EXE
PID 976 wrote to memory of 1928 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 976 wrote to memory of 1928 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 976 wrote to memory of 1928 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1928 wrote to memory of 4440 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1928 wrote to memory of 4440 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 1928 wrote to memory of 4440 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3436 wrote to memory of 1712 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3436 wrote to memory of 1712 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3436 wrote to memory of 1712 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2180 wrote to memory of 4784 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2180 wrote to memory of 4784 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 2180 wrote to memory of 4784 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE
PID 3268 wrote to memory of 5016 N/A C:\Windows\SysWOW64\LSASSMGR.EXE C:\Windows\SysWOW64\LSASSMGR.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe

"C:\Users\Admin\AppData\Local\Temp\10662311001e14aa22fce9968e4723e4.exe"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\lssmon.exe

"C:\Windows\system32\lssmon.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\srtsrv32.exe

"C:\Windows\system32\srtsrv32.exe"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 1188

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

C:\Windows\SysWOW64\LSASSMGR.EXE

"C:\Windows\system32\LSASSMGR.EXE"

Network

Country Destination Domain Proto
US 20.231.121.79:80 tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 147.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

memory/3008-0-0x0000000002000000-0x0000000002001000-memory.dmp

memory/3008-2-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/3008-5-0x0000000002000000-0x0000000002001000-memory.dmp

C:\Windows\SysWOW64\srtsrv32.exe

MD5 5b11e93fbf4f94b94067a4c6a5a2aa3e
SHA1 a9a4f715ac0dca8230ae6615242a6b24034c8dec
SHA256 80a620e6853bd50facc055a2b426380a573bfacc021084d4f8fe3599f6aedf88
SHA512 3d7bf5b2116a9382b6df93975bb52b08c1c2ad6f6a2f162da10261960b9e7f65141d0a5115546e373b38ec5438e222aad05674dc6defea75af9c0046a031bf9b

memory/3008-25-0x0000000000400000-0x00000000004C1000-memory.dmp

C:\Windows\SysWOW64\lssmon.exe

MD5 0f2e4eb2df8b27f74bb443c1e0a47466
SHA1 0c9c97831954cbd1e5f91f6f04c23acd2238b49d
SHA256 33261b41ff77506dbc774e37124aa6726ed98b74c8e1c3f1e7338b422db88392
SHA512 1d7b5e9ad7d97dae25e7c05f7bfe46ee2a80c69bebe8be4b47061272f625c7edfb3b6328c2b62f1a15caeb438599d413a76e1343ab84210d4341008b734f544d

memory/3008-40-0x0000000000400000-0x00000000004C1000-memory.dmp

memory/2116-41-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

C:\Program Files (x86)\Internet Explorer\iexplor.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e